diff options
author | samantharitter <samantha.ritter@10gen.com> | 2017-03-21 14:28:42 -0400 |
---|---|---|
committer | samantharitter <samantha.ritter@10gen.com> | 2017-03-21 14:29:55 -0400 |
commit | 0d7ae60a0fafe11d61def67493c26809443e1987 (patch) | |
tree | 5488b2e207c441c5601d00736cdc3975f6bd2116 /src/mongo/util/net/ssl_manager.cpp | |
parent | 21628d6b2311eb726c01244f6c5dba1edb1f6256 (diff) | |
download | mongo-0d7ae60a0fafe11d61def67493c26809443e1987.tar.gz |
SERVER-28014 Add logging to expose non-SSL connections when SSL is preferred but not required
Diffstat (limited to 'src/mongo/util/net/ssl_manager.cpp')
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 75aaba0394d..4b80ad3cfab 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -43,6 +43,7 @@ #include "mongo/base/init.h" #include "mongo/bson/bsonobjbuilder.h" #include "mongo/config.h" +#include "mongo/db/server_parameters.h" #include "mongo/platform/atomic_word.h" #include "mongo/stdx/memory.h" #include "mongo/transport/session.h" @@ -73,6 +74,7 @@ #endif namespace mongo { + namespace { const transport::Session::Decoration<SSLPeerInfo> peerInfoForSession = @@ -90,6 +92,16 @@ const SSLParams& getSSLGlobalParams() { return sslGlobalParams; } +/** + * Configurable via --setParameter disableNonSSLConnectionLogging=true. If false (default) + * if the sslMode is set to preferSSL, we will log connections that are not using SSL. + * If true, such log messages will be suppressed. + */ +ExportedServerParameter<bool, ServerParameterType::kStartupOnly> + disableNonSSLConnectionLoggingParameter(ServerParameterSet::getGlobal(), + "disableNonSSLConnectionLogging", + &sslGlobalParams.disableNonSSLConnectionLogging); + #ifdef MONGO_CONFIG_SSL // Old copies of OpenSSL will not have constants to disable protocols they don't support. // Define them to values we can OR together safely to generically disable these protocols across |