diff options
author | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-02-15 15:30:46 -0500 |
---|---|---|
committer | Spencer Jackson <spencer.jackson@mongodb.com> | 2018-05-03 19:41:54 -0400 |
commit | 56e653fdd204e1ad091e0736454aefc005b5ce3f (patch) | |
tree | 1ec4f279862aeea0061d04619e418b3913de2aa3 /src/mongo/util/net/ssl_manager.h | |
parent | fb710fbfcbe9f3479c8ef6bf636f89cc58bfc2be (diff) | |
download | mongo-56e653fdd204e1ad091e0736454aefc005b5ce3f.tar.gz |
SERVER-33329: Make server and shell emit TLS protocol_version alerts
(cherry picked from commit 51af489a86f1862de87b51f26a9e818ec3b5df04)
Diffstat (limited to 'src/mongo/util/net/ssl_manager.h')
-rw-r--r-- | src/mongo/util/net/ssl_manager.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_manager.h b/src/mongo/util/net/ssl_manager.h index 002a0dd6be7..943651a64c6 100644 --- a/src/mongo/util/net/ssl_manager.h +++ b/src/mongo/util/net/ssl_manager.h @@ -206,5 +206,12 @@ const SSLParams& getSSLGlobalParams(); * x.509 certificate. Matches a remote host name to an x.509 host name, including wildcards. */ bool hostNameMatchForX509Certificates(std::string nameToMatch, std::string certHostName); + +/** + * Peeks at a fragment of a client issued TLS handshake packet. Returns a TLS alert + * packet if the client has selected a protocol which has been disabled by the server. + */ +boost::optional<std::array<std::uint8_t, 7>> checkTLSRequest(ConstDataRange cdr); + } // namespace mongo #endif // #ifdef MONGO_CONFIG_SSL |