diff options
author | sviatlana_zuiko <sviatlana.zuiko@mongodb.com> | 2020-11-13 10:20:02 +0300 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-11-13 10:39:59 +0000 |
commit | 796ee2ee8b8a7bb146bfa7a45eafb4b075a55372 (patch) | |
tree | 7b4337f39b4b8eb7186ef2bb2be645313fc9430b /src/mongo/util/net/ssl_manager.h | |
parent | 6675536b77436eccddc54d6b3513ecb862cf381c (diff) | |
download | mongo-796ee2ee8b8a7bb146bfa7a45eafb4b075a55372.tar.gz |
Revert "SERVER-51599: Allow creating an SSLConnectionContext from in-memory certificates"
This reverts commit 8b195f11cbb144685baa20486b497528c8dde667.
Diffstat (limited to 'src/mongo/util/net/ssl_manager.h')
-rw-r--r-- | src/mongo/util/net/ssl_manager.h | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/src/mongo/util/net/ssl_manager.h b/src/mongo/util/net/ssl_manager.h index 7004ad4892c..ab8447c439f 100644 --- a/src/mongo/util/net/ssl_manager.h +++ b/src/mongo/util/net/ssl_manager.h @@ -40,7 +40,6 @@ #include "mongo/base/string_data.h" #include "mongo/bson/bsonobj.h" #include "mongo/db/service_context.h" -#include "mongo/logv2/attribute_storage.h" #include "mongo/platform/atomic_word.h" #include "mongo/util/decorable.h" #include "mongo/util/net/sock.h" @@ -78,7 +77,6 @@ Status validateDisableNonTLSConnectionLogging(const bool&); #ifdef MONGO_CONFIG_SSL namespace mongo { struct SSLParams; -struct TransientSSLParams; #if MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL typedef SSL_CTX* SSLContextType; @@ -166,28 +164,6 @@ struct CertInformationToLog { std::vector<char> thumbprint; Date_t validityNotBefore; Date_t validityNotAfter; - // If the certificate was loaded from file, this is the file name. If empty, - // it means the certificate came from memory payload. - std::optional<std::string> keyFile; - // If the certificate targets a particular cluster, this is cluster URI. If empty, - // it means the certificate is the default one for the local cluster. - std::optional<std::string> targetClusterURI; - - logv2::DynamicAttributes getDynamicAttributes() const { - logv2::DynamicAttributes attrs; - attrs.add("subject", subject); - attrs.add("issuer", issuer); - attrs.add("thumbprint", StringData(hexblob::encode(thumbprint.data(), thumbprint.size()))); - attrs.add("notValidBefore", validityNotBefore); - attrs.add("notValidAfter", validityNotAfter); - if (keyFile) { - attrs.add("keyFile", StringData(*keyFile)); - } - if (targetClusterURI) { - attrs.add("targetClusterURI", StringData(*targetClusterURI)); - } - return attrs; - } }; struct CRLInformationToLog { @@ -204,10 +180,6 @@ struct SSLInformationToLog { class SSLManagerInterface : public Decorable<SSLManagerInterface> { public: - /** - * Creates an instance of SSLManagerInterface. - * Note: as we normally have one instance of the manager, it cannot take TransientSSLParams. - */ static std::shared_ptr<SSLManagerInterface> create(const SSLParams& params, bool isServer); virtual ~SSLManagerInterface(); @@ -260,17 +232,6 @@ public: ERR_error_string_n(code, msg, msglen); return msg; } - - /** - * Utility class to capture a temporary string with SSL error message in DynamicAttributes. - */ - struct CaptureSSLErrorInAttrs { - CaptureSSLErrorInAttrs(logv2::DynamicAttributes& attrs) - : _captured(getSSLErrorMessage(ERR_get_error())) { - attrs.add("error", _captured); - } - std::string _captured; - }; #endif /** @@ -291,7 +252,6 @@ public: */ virtual Status initSSLContext(SSLContextType context, const SSLParams& params, - const TransientSSLParams& transientParams, ConnectionDirection direction) = 0; /** @@ -430,20 +390,5 @@ void recordTLSVersion(TLSVersion version, const HostAndPort& hostForLogging); void tlsEmitWarningExpiringClientCertificate(const SSLX509Name& peer); void tlsEmitWarningExpiringClientCertificate(const SSLX509Name& peer, Days days); -/** - * Logs the SSL information by dispatching to either logCert() or logCRL(). - */ -void logSSLInfo(const SSLInformationToLog& info, - const int logNumPEM = 4913010, - const int logNumCluster = 4913011, - const int logNumCrl = 4913012); - -/** - * Logs the certificate. - * @param certType human-readable description of the certificate type. - */ -void logCert(const CertInformationToLog& cert, StringData certType, const int logNum); -void logCRL(const CRLInformationToLog& crl, const int logNum); - } // namespace mongo #endif // #ifdef MONGO_CONFIG_SSL |