diff options
| author | Eric Milkie <milkie@10gen.com> | 2012-12-11 09:59:53 -0500 |
|---|---|---|
| committer | Eric Milkie <milkie@10gen.com> | 2012-12-11 10:10:00 -0500 |
| commit | 4c3f61e55a81c98da1692d79ee6e27876cc209d2 (patch) | |
| tree | b827b82d615b381efa301dc848851658915c1123 /src/mongo/client/dbclientinterface.h | |
| parent | c7e34a15541a4cc371e4b818f078f2f5e890ac6e (diff) | |
| download | mongo-4c3f61e55a81c98da1692d79ee6e27876cc209d2.tar.gz | |
SERVER-7202 SSL certificate validation in both directions
New command line flag --sslCAFile specifies a file containing certificates
for the certificate authority. This flag is supported on mongod, mongos, and mongo
shell.
mongo shell now supports --sslPEMKeyFile and --sslPEMKeyPassword to specify the
client certificate presented as part of the SSL handshake when connecting to a server.
Note that certificate validation is not forced; validation only currently occurs
if the client presents a certificate. Note that CRL or OSCP remains unimplemented,
and there is not yet a way to restrict the cipher used.
Note that all of these features require --ssl parameter passed to scons at build time.
Diffstat (limited to 'src/mongo/client/dbclientinterface.h')
| -rw-r--r-- | src/mongo/client/dbclientinterface.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/mongo/client/dbclientinterface.h b/src/mongo/client/dbclientinterface.h index b561805c00c..861e395bc5d 100644 --- a/src/mongo/client/dbclientinterface.h +++ b/src/mongo/client/dbclientinterface.h @@ -1227,8 +1227,8 @@ namespace mongo { static bool _lazyKillCursor; // lazy means we piggy back kill cursors on next op #ifdef MONGO_SSL - static SSLManager* sslManager(); - static SSLManager* _sslManager; + SSLManager* sslManager(); + static SimpleMutex _mtx; #endif }; |