summaryrefslogtreecommitdiff
path: root/src/mongo/db/startup_warnings_common.cpp
diff options
context:
space:
mode:
authorRoxane <roxane.fruytier@10gen.com>2019-05-30 16:51:04 -0400
committerRoxane <roxane.fruytier@10gen.com>2019-05-30 16:51:38 -0400
commit0d1a90b60d3a257e729394895fa077fe3f6dafd1 (patch)
treec4d7597ad66ccdff1f8216007d65551b9f0af765 /src/mongo/db/startup_warnings_common.cpp
parentb937ea729a8b2001e2cf8290991977a973896d1c (diff)
downloadmongo-0d1a90b60d3a257e729394895fa077fe3f6dafd1.tar.gz
SERVER-39671: Added warnings for flags sslAllowInvalidCertificates and sslAllowInvalidHostnames
Diffstat (limited to 'src/mongo/db/startup_warnings_common.cpp')
-rw-r--r--src/mongo/db/startup_warnings_common.cpp18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/mongo/db/startup_warnings_common.cpp b/src/mongo/db/startup_warnings_common.cpp
index 0cd52f78199..31a8b6c04b8 100644
--- a/src/mongo/db/startup_warnings_common.cpp
+++ b/src/mongo/db/startup_warnings_common.cpp
@@ -81,6 +81,24 @@ void logCommonStartupWarnings(const ServerGlobalParams& serverParams) {
warned = true;
}
+#ifdef MONGO_CONFIG_SSL
+ if (sslGlobalParams.sslAllowInvalidCertificates) {
+ log() << "** WARNING: While invalid X509 certificates may be used to" << startupWarningsLog;
+ log() << "** connect to this server, they will not be considered"
+ << startupWarningsLog;
+ log() << "** permissible for authentication." << startupWarningsLog;
+ log() << startupWarningsLog;
+ }
+
+ if (sslGlobalParams.sslAllowInvalidHostnames) {
+ log() << "** WARNING: This server will not perform X.509 hostname validation"
+ << startupWarningsLog;
+ log() << "** This may allow your server to make or accept connections to"
+ << startupWarningsLog;
+ log() << "** untrusted parties" << startupWarningsLog;
+ }
+#endif
+
/*
* We did not add the message to startupWarningsLog as the user can not
* specify a sslCAFile parameter from the shell
View Lorry Controller Status