diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2020-01-13 20:38:27 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-03 17:26:42 +0000 |
commit | 2de3fecd52943c1e0eb554834dd0422cabf958cd (patch) | |
tree | deea52eec191bbbf4d3c82a505edd4f05cc89499 /src/mongo/util/net/ssl_parameters.idl | |
parent | eee29e9ce82913f0713ec11a1246a2d9a9c8e713 (diff) | |
download | mongo-2de3fecd52943c1e0eb554834dd0422cabf958cd.tar.gz |
SERVER-44435 Allow selective whitelisting of X509 based role authorizations
(cherry picked from commit b99fbe5f80f4368e1916e1bfbf3d195276ace5c7)
create mode 100644 jstests/ssl/tlsCATrusts.js
create mode 100644 jstests/ssl/x509/root-and-trusted-ca.pem
create mode 100644 jstests/ssl/x509/trusted-client-testdb-roles.pem
create mode 100644 src/mongo/db/auth/auth_types.idl
create mode 100644 src/mongo/util/net/ssl_parameters.idl
Diffstat (limited to 'src/mongo/util/net/ssl_parameters.idl')
-rw-r--r-- | src/mongo/util/net/ssl_parameters.idl | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_parameters.idl b/src/mongo/util/net/ssl_parameters.idl new file mode 100644 index 00000000000..21d376a7bc2 --- /dev/null +++ b/src/mongo/util/net/ssl_parameters.idl @@ -0,0 +1,44 @@ +# Copyright (C) 2020-present MongoDB, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the Server Side Public License, version 1, +# as published by MongoDB, Inc. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# Server Side Public License for more details. +# +# You should have received a copy of the Server Side Public License +# along with this program. If not, see +# <http://www.mongodb.com/licensing/server-side-public-license>. +# +# As a special exception, the copyright holders give permission to link the +# code of portions of this program with the OpenSSL library under certain +# conditions as described in each individual source file and distribute +# linked combinations including the program with the OpenSSL library. You +# must comply with the Server Side Public License in all respects for +# all of the code used other than as permitted herein. If you modify file(s) +# with this exception, you may extend this exception to your version of the +# file(s), but you are not obligated to do so. If you do not wish to do so, +# delete this exception statement from your version. If you delete this +# exception statement from all source files in the program, then also delete +# it in the license file. +# + +global: + cpp_namespace: "mongo" + cpp_includes: + - "mongo/util/net/ssl_options.h" + +imports: + - "mongo/crypto/sha256_block.idl" + - "mongo/db/auth/auth_types.idl" + +structs: + TLSCATrust: + description: + strict: true + fields: + sha256: sha256BlockHex + roles: array<RoleName> |