diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-08-30 16:02:21 +0000 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-08-30 19:57:56 +0000 |
commit | 52ddf6e1c9218d6e4eb418106383b35bf7bbe992 (patch) | |
tree | 4c0c80e43238ed0288477f6bec1d4ab6ea193a7a /src/mongo/util/net/ssl_manager_apple.cpp | |
parent | a651f84ad5c9d91b2b8b6c5704d07efe9c97c94a (diff) | |
download | mongo-52ddf6e1c9218d6e4eb418106383b35bf7bbe992.tar.gz |
SERVER-36942 Differentiate invalid hostname from invalid certificate
Diffstat (limited to 'src/mongo/util/net/ssl_manager_apple.cpp')
-rw-r--r-- | src/mongo/util/net/ssl_manager_apple.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index 6191b201cf6..885052d8537 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1197,6 +1197,9 @@ StatusWith<std::pair<::SSLProtocol, ::SSLProtocol>> parseProtocolRange(const SSL Status SSLManagerApple::initSSLContext(asio::ssl::apple::Context* context, const SSLParams& params, ConnectionDirection direction) { + // Options. + context->allowInvalidHostnames = _allowInvalidHostnames; + // Protocol Version. const auto swProto = parseProtocolRange(params); if (!swProto.isOK()) { @@ -1367,9 +1370,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerApple::parseAndValidatePeerCe auto result = ::kSecTrustResultInvalid; uassertOSStatusOK(::SecTrustEvaluate(cftrust.get(), &result), ErrorCodes::SSLHandshakeFailed); if ((result != ::kSecTrustResultProceed) && (result != ::kSecTrustResultUnspecified)) { - const bool proceed = _allowInvalidCertificates || - (_allowInvalidHostnames && (result == ::kSecTrustResultRecoverableTrustFailure)); - return badCert(explainTrustFailure(cftrust.get(), result), proceed); + return badCert(explainTrustFailure(cftrust.get(), result), _allowInvalidCertificates); } auto cert = ::SecTrustGetCertificateAtIndex(cftrust.get(), 0); |