diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2018-03-12 13:16:37 -0400 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2018-03-12 13:16:37 -0400 |
commit | d3dcbd8a7c07f8c60b2b1e4da935fdcab53b9267 (patch) | |
tree | 18db1042321a87b95f568ccfbd79b69ba1e86c59 /src/mongo/util/net/ssl_manager_windows.cpp | |
parent | a3e22bbb8b32ef750fd7c45a6243ba8d0093b6a2 (diff) | |
download | mongo-d3dcbd8a7c07f8c60b2b1e4da935fdcab53b9267.tar.gz |
SERVER-22411 Schannel FIPS support
Diffstat (limited to 'src/mongo/util/net/ssl_manager_windows.cpp')
-rw-r--r-- | src/mongo/util/net/ssl_manager_windows.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp index 1f123cef0c7..649fa979b5d 100644 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ b/src/mongo/util/net/ssl_manager_windows.cpp @@ -280,6 +280,15 @@ SSLManagerWindows::SSLManagerWindows(const SSLParams& params, bool isServer) _allowInvalidCertificates(params.sslAllowInvalidCertificates), _allowInvalidHostnames(params.sslAllowInvalidHostnames) { + if (params.sslFIPSMode) { + BOOLEAN enabled = FALSE; + BCryptGetFipsAlgorithmMode(&enabled); + if (!enabled) { + severe() << "FIPS modes is not enabled on the operating system."; + fassertFailedNoTrace(50744); + } + } + uassertStatusOK(_loadCertificates(params)); uassertStatusOK(initSSLContext(&_clientCred, params, ConnectionDirection::kOutgoing)); |