diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-05-08 12:58:01 -0400 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-05-21 17:05:42 -0400 |
commit | a03273a49638734768c4d1dd2ce26e741f2549ad (patch) | |
tree | 6265875cc3286edd3bd0ded2e45f417560e9377d /src/mongo/db/db.cpp | |
parent | a963bde1111745f869054a6635009a3346e07861 (diff) | |
download | mongo-a03273a49638734768c4d1dd2ce26e741f2549ad.tar.gz |
SERVER-34888 Do not store subject name without validation
(cherry picked from commit 500e0e69ed7799f5a147c786e6622486920cd68c)
Diffstat (limited to 'src/mongo/db/db.cpp')
-rw-r--r-- | src/mongo/db/db.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index ec05dcf5233..948686e12a8 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -50,6 +50,7 @@ #include "mongo/db/audit.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_manager_global.h" +#include "mongo/db/auth/sasl_options.h" #include "mongo/db/catalog/collection.h" #include "mongo/db/catalog/create_collection.h" #include "mongo/db/catalog/database.h" @@ -163,6 +164,7 @@ #include "mongo/util/quick_exit.h" #include "mongo/util/ramlog.h" #include "mongo/util/scopeguard.h" +#include "mongo/util/sequence_util.h" #include "mongo/util/signal_handlers.h" #include "mongo/util/stacktrace.h" #include "mongo/util/startup_test.h" @@ -170,6 +172,10 @@ #include "mongo/util/time_support.h" #include "mongo/util/version.h" +#ifdef MONGO_CONFIG_SSL +#include "mongo/util/net/ssl_options.h" +#endif + #if !defined(_WIN32) #include <sys/file.h> #endif @@ -772,6 +778,18 @@ ExitCode _initAndListen(int listenPort) { logMongodStartupWarnings(storageGlobalParams, serverGlobalParams, serviceContext); +#if MONGO_CONFIG_SSL + if (sslGlobalParams.sslAllowInvalidCertificates && + ((serverGlobalParams.clusterAuthMode.load() == ServerGlobalParams::ClusterAuthMode_x509) || + sequenceContains(saslGlobalParams.authenticationMechanisms, "MONGODB-X509"))) { + log() << "** WARNING: While invalid X509 certificates may be used to" << startupWarningsLog; + log() << "** connect to this server, they will not be considered" + << startupWarningsLog; + log() << "** permissible for authentication." << startupWarningsLog; + log() << startupWarningsLog; + } +#endif + { std::stringstream ss; ss << endl; |