diff options
author | Andrew Shuvalov <andrew.shuvalov@mongodb.com> | 2021-06-18 00:58:06 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-06-18 01:36:03 +0000 |
commit | 2cca0d293e35607956f8a84067c563fc3ebfc7cf (patch) | |
tree | 6afb456cff7574b63b334f7e3278e19df9d15096 /src/mongo/transport | |
parent | 5d71a73a7b232faa1c9c982e90f105df38486985 (diff) | |
download | mongo-2cca0d293e35607956f8a84067c563fc3ebfc7cf.tar.gz |
SERVER-57601: OCSPFetcher must verify that the SSLConnectionContext that owns SSLManagerOpenSSL is still valid
Diffstat (limited to 'src/mongo/transport')
-rw-r--r-- | src/mongo/transport/transport_layer_asio.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp index 291d2dc2108..8323948621e 100644 --- a/src/mongo/transport/transport_layer_asio.cpp +++ b/src/mongo/transport/transport_layer_asio.cpp @@ -1233,7 +1233,10 @@ SSLParams::SSLModes TransportLayerASIO::_sslMode() const { Status TransportLayerASIO::rotateCertificates(std::shared_ptr<SSLManagerInterface> manager, bool asyncOCSPStaple) { - + if (manager && manager->isTransient()) { + return Status(ErrorCodes::InternalError, + "Should not rotate transient SSL manager's certificates"); + } auto contextOrStatus = _createSSLContext(manager, _sslMode(), asyncOCSPStaple); if (!contextOrStatus.isOK()) { return contextOrStatus.getStatus(); @@ -1262,6 +1265,8 @@ TransportLayerASIO::_createSSLContext(std::shared_ptr<SSLManagerInterface>& mana return status; } + std::weak_ptr<const SSLConnectionContext> weakContextPtr = newSSLContext; + manager->registerOwnedBySSLContext(weakContextPtr); auto resp = newSSLContext->manager->stapleOCSPResponse( newSSLContext->ingress->native_handle(), asyncOCSPStaple); @@ -1297,9 +1302,7 @@ TransportLayerASIO::createTransientSSLContext(const TransientSSLParams& transien "SSLManagerCoordinator is not initialized"); } auto manager = coordinator->createTransientSSLManager(transientSSLParams); - if (!manager) { - return Status(ErrorCodes::InvalidSSLConfiguration, "TransportLayerASIO has no SSL manager"); - } + invariant(manager); return _createSSLContext(manager, _sslMode(), true /* asyncOCSPStaple */); } |