diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-02-15 15:30:46 -0500 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-05-03 19:41:54 -0400 |
commit | 56e653fdd204e1ad091e0736454aefc005b5ce3f (patch) | |
tree | 1ec4f279862aeea0061d04619e418b3913de2aa3 /src/mongo/util/net/message_port.cpp | |
parent | fb710fbfcbe9f3479c8ef6bf636f89cc58bfc2be (diff) | |
download | mongo-56e653fdd204e1ad091e0736454aefc005b5ce3f.tar.gz |
SERVER-33329: Make server and shell emit TLS protocol_version alerts
(cherry picked from commit 51af489a86f1862de87b51f26a9e818ec3b5df04)
Diffstat (limited to 'src/mongo/util/net/message_port.cpp')
-rw-r--r-- | src/mongo/util/net/message_port.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/mongo/util/net/message_port.cpp b/src/mongo/util/net/message_port.cpp index 17fb8a30497..e5bc637af4d 100644 --- a/src/mongo/util/net/message_port.cpp +++ b/src/mongo/util/net/message_port.cpp @@ -126,6 +126,18 @@ bool MessagingPort::recv(Message& m) { uassert(17132, "SSL handshake received but server is started without SSL support", sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled); + + auto tlsAlert = checkTLSRequest( + ConstDataRange(reinterpret_cast<const char*>(&header), sizeof(header))); + + if (tlsAlert) { + _psock->send(reinterpret_cast<const char*>(tlsAlert->data()), + tlsAlert->size(), + "tls protocol mismatch"); + log() << "SSL handshake failed, as client requested disabled protocol"; + return false; + } + setX509PeerInfo( _psock->doSSLHandshake(reinterpret_cast<const char*>(&header), sizeof(header))); LOG(1) << "new ssl connection, SNI server name [" << _psock->getSNIServerName() |