SERVER-22411 Schannel FIPS support

author: Mark Benvenuto <mark.benvenuto@mongodb.com> 2018-03-12 13:16:37 -0400
committer: Mark Benvenuto <mark.benvenuto@mongodb.com> 2018-03-12 13:16:37 -0400
commit: d3dcbd8a7c07f8c60b2b1e4da935fdcab53b9267 (patch)
tree: 18db1042321a87b95f568ccfbd79b69ba1e86c59 /src/mongo/util/net/ssl_manager_windows.cpp
parent: a3e22bbb8b32ef750fd7c45a6243ba8d0093b6a2 (diff)
download: mongo-d3dcbd8a7c07f8c60b2b1e4da935fdcab53b9267.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp
index 1f123cef0c7..649fa979b5d 100644
--- a/src/mongo/util/net/ssl_manager_windows.cpp
+++ b/src/mongo/util/net/ssl_manager_windows.cpp
@@ -280,6 +280,15 @@ SSLManagerWindows::SSLManagerWindows(const SSLParams& params, bool isServer)
       _allowInvalidCertificates(params.sslAllowInvalidCertificates),
       _allowInvalidHostnames(params.sslAllowInvalidHostnames) {
 
+    if (params.sslFIPSMode) {
+        BOOLEAN enabled = FALSE;
+        BCryptGetFipsAlgorithmMode(&enabled);
+        if (!enabled) {
+            severe() << "FIPS modes is not enabled on the operating system.";
+            fassertFailedNoTrace(50744);
+        }
+    }
+
     uassertStatusOK(_loadCertificates(params));
 
     uassertStatusOK(initSSLContext(&_clientCred, params, ConnectionDirection::kOutgoing));
author	Mark Benvenuto <mark.benvenuto@mongodb.com>	2018-03-12 13:16:37 -0400
committer	Mark Benvenuto <mark.benvenuto@mongodb.com>	2018-03-12 13:16:37 -0400
commit	d3dcbd8a7c07f8c60b2b1e4da935fdcab53b9267 (patch)
tree	18db1042321a87b95f568ccfbd79b69ba1e86c59 /src/mongo/util/net/ssl_manager_windows.cpp
parent	a3e22bbb8b32ef750fd7c45a6243ba8d0093b6a2 (diff)
download	mongo-d3dcbd8a7c07f8c60b2b1e4da935fdcab53b9267.tar.gz