summaryrefslogtreecommitdiff
path: root/src/mongo/util/net/message_port.cpp
diff options
context:
space:
mode:
authorSpencer Jackson <spencer.jackson@mongodb.com>2018-02-15 15:30:46 -0500
committerSpencer Jackson <spencer.jackson@mongodb.com>2018-05-03 19:41:54 -0400
commit56e653fdd204e1ad091e0736454aefc005b5ce3f (patch)
tree1ec4f279862aeea0061d04619e418b3913de2aa3 /src/mongo/util/net/message_port.cpp
parentfb710fbfcbe9f3479c8ef6bf636f89cc58bfc2be (diff)
downloadmongo-56e653fdd204e1ad091e0736454aefc005b5ce3f.tar.gz
SERVER-33329: Make server and shell emit TLS protocol_version alerts
(cherry picked from commit 51af489a86f1862de87b51f26a9e818ec3b5df04)
Diffstat (limited to 'src/mongo/util/net/message_port.cpp')
-rw-r--r--src/mongo/util/net/message_port.cpp12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/mongo/util/net/message_port.cpp b/src/mongo/util/net/message_port.cpp
index 17fb8a30497..e5bc637af4d 100644
--- a/src/mongo/util/net/message_port.cpp
+++ b/src/mongo/util/net/message_port.cpp
@@ -126,6 +126,18 @@ bool MessagingPort::recv(Message& m) {
uassert(17132,
"SSL handshake received but server is started without SSL support",
sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled);
+
+ auto tlsAlert = checkTLSRequest(
+ ConstDataRange(reinterpret_cast<const char*>(&header), sizeof(header)));
+
+ if (tlsAlert) {
+ _psock->send(reinterpret_cast<const char*>(tlsAlert->data()),
+ tlsAlert->size(),
+ "tls protocol mismatch");
+ log() << "SSL handshake failed, as client requested disabled protocol";
+ return false;
+ }
+
setX509PeerInfo(
_psock->doSSLHandshake(reinterpret_cast<const char*>(&header), sizeof(header)));
LOG(1) << "new ssl connection, SNI server name [" << _psock->getSNIServerName()
View Lorry Controller Status