summaryrefslogtreecommitdiff
path: root/src/mongo/util/net/ssl_manager_apple.cpp
diff options
context:
space:
mode:
authorSara Golemon <sara.golemon@mongodb.com>2019-04-16 16:44:35 +0000
committerSara Golemon <sara.golemon@mongodb.com>2019-04-17 14:18:17 +0000
commited0939a343ac78527e2633301b68f52721f93d0a (patch)
tree3bb7a37157e32442abe83e0c0792a0d2d7bb6946 /src/mongo/util/net/ssl_manager_apple.cpp
parent82b9d4fd30cff3a19484325157b5e3d44211080f (diff)
downloadmongo-ed0939a343ac78527e2633301b68f52721f93d0a.tar.gz
SERVER-37370 Improve CN/SAN mismatch error message
Diffstat (limited to 'src/mongo/util/net/ssl_manager_apple.cpp')
-rw-r--r--src/mongo/util/net/ssl_manager_apple.cpp12
1 files changed, 9 insertions, 3 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp
index fd90601440d..c8ad459d88a 100644
--- a/src/mongo/util/net/ssl_manager_apple.cpp
+++ b/src/mongo/util/net/ssl_manager_apple.cpp
@@ -1598,8 +1598,9 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerApple::parseAndValidatePeerCe
}
certErr << san << " ";
}
+ }
- } else {
+ if (!sanMatch) {
auto swCN = peerSubjectName.getOID(kOID_CommonName);
if (swCN.isOK()) {
auto commonName = std::move(swCN.getValue());
@@ -1611,8 +1612,13 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerApple::parseAndValidatePeerCe
} else if (hostNameMatchForX509Certificates(remoteHost, commonName)) {
cnMatch = true;
}
- certErr << "CN: " << commonName;
- } else {
+
+ if (cnMatch && !sans.empty()) {
+ // SANs override CN for matching purposes.
+ cnMatch = false;
+ certErr << "CN: " << commonName << " would have matched, but was overridden by SAN";
+ }
+ } else if (sans.empty()) {
certErr << "No Common Name (CN) or Subject Alternate Names (SAN) found";
}
}
View Lorry Controller Status