diff options
author | Adrian Gonzalez <adriangonzalezmontemayor@gmail.com> | 2023-05-12 13:54:44 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-05-12 14:55:50 +0000 |
commit | ba2d20d1dc6493dd7930b13e7275dbb095952b3b (patch) | |
tree | 0c3b23e99ccc07af2e50f53891bbd9ae22bd5a3e | |
parent | fee9558a17655618a19798cfece5315e03715d58 (diff) | |
download | mongo-ba2d20d1dc6493dd7930b13e7275dbb095952b3b.tar.gz |
SERVER-77028 tlsClusterCAFile is not being used to validate client certificates on macOS
-rw-r--r-- | src/mongo/util/net/ssl_manager_apple.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index 680cbe62367..fdfc4df4454 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1391,6 +1391,7 @@ SSLManagerApple::SSLManagerApple(const SSLParams& params, bool isServer) if (!params.sslClusterCAFile.empty()) { auto ca = uassertStatusOK(loadPEM(params.sslClusterCAFile, "", kLoadPEMStripKeys)); _serverCA = std::move(ca); + _sslConfiguration.hasCA = true; } else { // No inbound CA specified, share a reference with outbound CA. auto ca = _clientCA.get(); @@ -1592,7 +1593,7 @@ Future<SSLPeerInfo> SSLManagerApple::parseAndValidatePeerCertificate( return SSLPeerInfo(sniName); } else { if (status == ::errSecSuccess) { - return badCert(str::stream() << "no SSL certificate provided by peer: " + return badCert(str::stream() << "No SSL certificate provided by peer: " << stringFromOSStatus(status), _weakValidation); } else { |