diff options
author | Roxane <roxane.fruytier@10gen.com> | 2019-05-30 16:51:04 -0400 |
---|---|---|
committer | Roxane <roxane.fruytier@10gen.com> | 2019-05-30 16:51:38 -0400 |
commit | 0d1a90b60d3a257e729394895fa077fe3f6dafd1 (patch) | |
tree | c4d7597ad66ccdff1f8216007d65551b9f0af765 /src/mongo/db/startup_warnings_common.cpp | |
parent | b937ea729a8b2001e2cf8290991977a973896d1c (diff) | |
download | mongo-0d1a90b60d3a257e729394895fa077fe3f6dafd1.tar.gz |
SERVER-39671: Added warnings for flags sslAllowInvalidCertificates and sslAllowInvalidHostnames
Diffstat (limited to 'src/mongo/db/startup_warnings_common.cpp')
-rw-r--r-- | src/mongo/db/startup_warnings_common.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/mongo/db/startup_warnings_common.cpp b/src/mongo/db/startup_warnings_common.cpp index 0cd52f78199..31a8b6c04b8 100644 --- a/src/mongo/db/startup_warnings_common.cpp +++ b/src/mongo/db/startup_warnings_common.cpp @@ -81,6 +81,24 @@ void logCommonStartupWarnings(const ServerGlobalParams& serverParams) { warned = true; } +#ifdef MONGO_CONFIG_SSL + if (sslGlobalParams.sslAllowInvalidCertificates) { + log() << "** WARNING: While invalid X509 certificates may be used to" << startupWarningsLog; + log() << "** connect to this server, they will not be considered" + << startupWarningsLog; + log() << "** permissible for authentication." << startupWarningsLog; + log() << startupWarningsLog; + } + + if (sslGlobalParams.sslAllowInvalidHostnames) { + log() << "** WARNING: This server will not perform X.509 hostname validation" + << startupWarningsLog; + log() << "** This may allow your server to make or accept connections to" + << startupWarningsLog; + log() << "** untrusted parties" << startupWarningsLog; + } +#endif + /* * We did not add the message to startupWarningsLog as the user can not * specify a sslCAFile parameter from the shell |