diff options
author | Gregory Wlodarek <gregory.wlodarek@mongodb.com> | 2021-02-11 19:07:03 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-02-11 19:42:32 +0000 |
commit | 3b4f12abc5d118ea461c4613b7d2475f6c4284cf (patch) | |
tree | 56d5231f0657a0a854d7e183d8b3754e4d64179b /src/mongo/transport | |
parent | 330a7b661f2d2f49b638f63508af1b4a2974534a (diff) | |
download | mongo-3b4f12abc5d118ea461c4613b7d2475f6c4284cf.tar.gz |
Revert "SERVER-54328: Refactor creation of transient SSLConnectionContext to own its own instance of SSLManagerInterface"
This reverts commit 8e1cd3402cc0c27d1332ac78a93919bd17d3d556.
Diffstat (limited to 'src/mongo/transport')
-rw-r--r-- | src/mongo/transport/transport_layer_asio.cpp | 31 | ||||
-rw-r--r-- | src/mongo/transport/transport_layer_asio.h | 9 |
2 files changed, 29 insertions, 11 deletions
diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp index 205a3066949..60d66c0c04b 100644 --- a/src/mongo/transport/transport_layer_asio.cpp +++ b/src/mongo/transport/transport_layer_asio.cpp @@ -1229,7 +1229,8 @@ SSLParams::SSLModes TransportLayerASIO::_sslMode() const { Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterface> manager, bool asyncOCSPStaple) { - auto contextOrStatus = _createSSLContext(manager, _sslMode(), asyncOCSPStaple); + auto contextOrStatus = + _createSSLContext(manager, _sslMode(), TransientSSLParams(), asyncOCSPStaple); if (!contextOrStatus.isOK()) { return contextOrStatus.getStatus(); } @@ -1240,6 +1241,7 @@ Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterfac StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& manager, SSLParams::SSLModes sslMode, + TransientSSLParams transientEgressSSLParams, bool asyncOCSPStaple) const { std::shared_ptr<SSLConnectionContext> newSSLContext = std::make_shared<SSLConnectionContext>(); @@ -1252,6 +1254,7 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana Status status = newSSLContext->manager->initSSLContext( newSSLContext->ingress->native_handle(), sslParams, + TransientSSLParams(), // Ingress is not using transient params, they are egress. SSLManagerInterface::ConnectionDirection::kIncoming); if (!status.isOK()) { return status; @@ -1268,17 +1271,28 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana } if (_listenerOptions.isEgress() && newSSLContext->manager) { + if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) { + LOGV2_DEBUG(5270602, + 2, + "Initializing transient egress SSL context", + "targetClusterConnectionString"_attr = + transientEgressSSLParams.targetedClusterConnectionString); + } + newSSLContext->egress = std::make_unique<asio::ssl::context>(asio::ssl::context::sslv23); Status status = newSSLContext->manager->initSSLContext( newSSLContext->egress->native_handle(), sslParams, + transientEgressSSLParams, SSLManagerInterface::ConnectionDirection::kOutgoing); if (!status.isOK()) { return status; } - if (newSSLContext->manager->isTransient()) { - newSSLContext->targetClusterURI = - newSSLContext->manager->getTargetedClusterConnectionString(); + if (!transientEgressSSLParams.sslClusterPEMPayload.empty()) { + if (transientEgressSSLParams.targetedClusterConnectionString) { + newSSLContext->targetClusterURI = + transientEgressSSLParams.targetedClusterConnectionString.toString(); + } } } return newSSLContext; @@ -1286,17 +1300,12 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> TransportLayerASIO::createTransientSSLContext(const TransientSSLParams& transientSSLParams) { - auto coordinator = SSLManagerCoordinator::get(); - if (!coordinator) { - return Status(ErrorCodes::InvalidSSLConfiguration, - "SSLManagerCoordinator is not initialized"); - } - auto manager = coordinator->createTransientSSLManager(transientSSLParams); + auto manager = getSSLManager(); if (!manager) { return Status(ErrorCodes::InvalidSSLConfiguration, "TransportLayerASIO has no SSL manager"); } - return _createSSLContext(manager, _sslMode(), true /* asyncOCSPStaple */); + return _createSSLContext(manager, _sslMode(), transientSSLParams, true /* asyncOCSPStaple */); } #endif diff --git a/src/mongo/transport/transport_layer_asio.h b/src/mongo/transport/transport_layer_asio.h index 3ed909f1801..04d2d136427 100644 --- a/src/mongo/transport/transport_layer_asio.h +++ b/src/mongo/transport/transport_layer_asio.h @@ -152,6 +152,14 @@ public: Status rotateCertificates(std::shared_ptr<SSLManagerInterface> manager, bool asyncOCSPStaple) override; + std::shared_ptr<SSLManagerInterface> getSSLManager() { + auto sslContext = _sslContext.get(); + if (!sslContext) { + return std::shared_ptr<SSLManagerInterface>{}; + } + return sslContext->manager; + } + /** * Creates a transient SSL context using targeted (non default) SSL params. * @param transientSSLParams overrides any value in stored SSLConnectionContext. @@ -183,6 +191,7 @@ private: StatusWith<std::shared_ptr<const transport::SSLConnectionContext>> _createSSLContext( std::shared_ptr<SSLManagerInterface>& manager, SSLParams::SSLModes sslMode, + TransientSSLParams transientEgressSSLParams, bool asyncOCSPStaple) const; void _runListener() noexcept; |