diff options
author | Jonathan Reams <jbreams@mongodb.com> | 2018-12-18 13:27:14 -0500 |
---|---|---|
committer | Jonathan Reams <jbreams@mongodb.com> | 2019-01-03 14:39:15 -0500 |
commit | 68832e1f70fa4571673ab337ae2e529b04b67e6b (patch) | |
tree | 0fadad84ebe14d3da0f42dfdbecccbe97a11b094 /src/mongo/util | |
parent | 006cde883229b348896f0c5935daf560f3ee89a7 (diff) | |
download | mongo-68832e1f70fa4571673ab337ae2e529b04b67e6b.tar.gz |
SERVER-38430 Rename tlsPEMKeyFile options to conform to driver URI spec
Diffstat (limited to 'src/mongo/util')
-rw-r--r-- | src/mongo/util/net/ssl_options.h | 4 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_client.idl | 8 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 12 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_server.idl | 14 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_test.cpp | 12 |
5 files changed, 26 insertions, 24 deletions
diff --git a/src/mongo/util/net/ssl_options.h b/src/mongo/util/net/ssl_options.h index a5f4d936cb6..acfcceea486 100644 --- a/src/mongo/util/net/ssl_options.h +++ b/src/mongo/util/net/ssl_options.h @@ -54,8 +54,8 @@ struct SSLParams { AtomicInt32 sslMode; // --tlsMode - the TLS operation mode, see enum SSLModes std::string sslPEMTempDHParam; // --setParameter OpenSSLDiffieHellmanParameters=file : PEM file // with DH parameters. - std::string sslPEMKeyFile; // --tlsPEMKeyFile - std::string sslPEMKeyPassword; // --tlsPEMKeyPassword + std::string sslPEMKeyFile; // --tlsCertificateKeyFile + std::string sslPEMKeyPassword; // --tlsCertificateKeyFilePassword std::string sslClusterFile; // --tlsInternalKeyFile std::string sslClusterPassword; // --tlsInternalKeyPassword std::string sslCAFile; // --tlsCAFile diff --git a/src/mongo/util/net/ssl_options_client.idl b/src/mongo/util/net/ssl_options_client.idl index 674a72d9d4e..2c6c41f2d60 100644 --- a/src/mongo/util/net/ssl_options_client.idl +++ b/src/mongo/util/net/ssl_options_client.idl @@ -46,17 +46,17 @@ configs: deprecated_short_name: ssl arg_vartype: Switch - "tls.PEMKeyFile": + "tls.certificateKeyFile": description: "PEM certificate/key file for TLS" - short_name: tlsPEMKeyFile + short_name: tlsCertificateKeyFile deprecated_name: "ssl.PEMKeyFile" deprecated_short_name: "sslPEMKeyFile" arg_vartype: String cpp_varname: "sslGlobalParams.sslPEMKeyFile" requires: tls - "tls.PEMKeyPassword": + "tls.tlsCertificateKeyFilePassword": description: "Password for key in PEM file for TLS" - short_name: tlsPEMKeyPassword + short_name: tlsCertificateKeyFilePassword deprecated_name: "ssl.PEMKeyPassword" deprecated_short_name: sslPEMKeyPassword arg_vartype: String diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 335e2daba6c..25111c0550e 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -108,9 +108,10 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { } } - if (params.count("net.tls.PEMKeyFile")) { + if (params.count("net.tls.certificateKeyFile")) { sslGlobalParams.sslPEMKeyFile = - boost::filesystem::absolute(params["net.tls.PEMKeyFile"].as<string>()).generic_string(); + boost::filesystem::absolute(params["net.tls.certificateKeyFile"].as<string>()) + .generic_string(); } if (params.count("net.tls.clusterFile")) { @@ -202,7 +203,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { bool usingCertifiateSelectors = params.count("net.tls.certificateSelector"); if (sslGlobalParams.sslPEMKeyFile.size() == 0 && !usingCertifiateSelectors) { return {ErrorCodes::BadValue, - "need tlsPEMKeyFile or certificateSelector when TLS is enabled"}; + "need tlsCertificateKeyFile or certificateSelector when TLS is enabled"}; } if (!sslGlobalParams.sslCRLFile.empty() && sslGlobalParams.sslCAFile.empty()) { return {ErrorCodes::BadValue, "need tlsCAFile with tlsCRLFile"}; @@ -284,8 +285,9 @@ MONGO_STARTUP_OPTIONS_VALIDATE(SSLServerOptions)(InitializerContext*) { const auto& params = moe::startupOptionsParsed; if (params.count("install") || params.count("reinstall")) { - if (params.count("net.tls.PEMKeyFile") && - !boost::filesystem::path(params["net.tls.PEMKeyFile"].as<string>()).is_absolute()) { + if (params.count("net.tls.certificateKeyFile") && + !boost::filesystem::path(params["net.tls.certificateKeyFile"].as<string>()) + .is_absolute()) { return {ErrorCodes::BadValue, "PEMKeyFile requires an absolute file path with Windows services"}; } diff --git a/src/mongo/util/net/ssl_options_server.idl b/src/mongo/util/net/ssl_options_server.idl index 011c4d3ec82..6045db806fe 100644 --- a/src/mongo/util/net/ssl_options_server.idl +++ b/src/mongo/util/net/ssl_options_server.idl @@ -62,15 +62,15 @@ configs: conflicts: "net.tls.mode" hidden: true - "net.tls.PEMKeyFile": - description: "PEM file for TLS" - short_name: tlsPEMKeyFile + "net.tls.certificateKeyFile": + description: "Certificate and key file for TLS" + short_name: tlsCertificateKeyFile deprecated_name: "net.ssl.PEMKeyFile" deprecated_short_name: sslPEMKeyFile arg_vartype: String - "net.tls.PEMKeyPassword": - description: "PEM file password" - short_name: tlsPEMKeyPassword + "net.tls.certificateKeyFilePassword": + description: "Password to unlock key in the TLS certificate key file" + short_name: tlsCertificateKeyFilePassword deprecated_name: "net.ssl.PEMKeyPassword" deprecated_short_name: sslPEMKeyPassword arg_vartype: String @@ -169,7 +169,7 @@ configs: deprecated_name: "net.ssl.certificateSelector" deprecated_short_name: sslCertificateSelector arg_vartype: String - conflicts: [ "net.tls.PEMKeyFile", "net.tls.PEMKeyPassword" ] + conflicts: [ "net.tls.certificateKeyFile", "net.tls.certificateKeyFilePassword" ] condition: preprocessor: "defined(MONGO_CONFIG_SSL_CERTIFICATE_SELECTORS)" "net.tls.clusterCertificateSelector": diff --git a/src/mongo/util/net/ssl_options_test.cpp b/src/mongo/util/net/ssl_options_test.cpp index 2af33cb4fc2..6a701c58fbc 100644 --- a/src/mongo/util/net/ssl_options_test.cpp +++ b/src/mongo/util/net/ssl_options_test.cpp @@ -212,7 +212,7 @@ TEST(SetupOptions, tlsModeRequired) { argv.push_back("binaryname"); argv.push_back("--tlsMode"); argv.push_back("requireTLS"); - argv.push_back("--tlsPEMKeyFile"); + argv.push_back("--tlsCertificateKeyFile"); argv.push_back(sslPEMKeyFile); argv.push_back("--tlsCAFile"); argv.push_back(sslCAFFile); @@ -224,7 +224,7 @@ TEST(SetupOptions, tlsModeRequired) { argv.push_back("--tlsAllowInvalidCertificates"); argv.push_back("--tlsWeakCertificateValidation"); argv.push_back("--tlsFIPSMode"); - argv.push_back("--tlsPEMKeyPassword"); + argv.push_back("--tlsCertificateKeyFilePassword"); argv.push_back("pw1"); argv.push_back("--tlsClusterPassword"); argv.push_back("pw2"); @@ -486,7 +486,7 @@ TEST(SetupOptions, RedactionSingleName) { const std::vector<std::string> argv({"mongod", "--tlsMode", "requireTLS", - "--tlsPEMKeyPassword=qwerty", + "--tlsCertificateKeyFilePassword=qwerty", "--tlsClusterPassword", "Lose Me.", "--sslPEMKeyPassword=qwerty", @@ -495,7 +495,7 @@ TEST(SetupOptions, RedactionSingleName) { const std::vector<std::string> expected({"mongod", "--tlsMode", "requireTLS", - "--tlsPEMKeyPassword=<password>", + "--tlsCertificateKeyFilePassword=<password>", "--tlsClusterPassword", "<password>", "--sslPEMKeyPassword=<password>", @@ -508,7 +508,7 @@ TEST(SetupOptions, RedactionSingleName) { TEST(SetupOptions, RedactionDottedName) { auto obj = BSON("net" << BSON("tls" << BSON("mode" << "requireTLS" - << "PEMKeyPassword" + << "certificateKeyFilePassword" << "qwerty" << "ClusterPassword" << "qwerty") @@ -522,7 +522,7 @@ TEST(SetupOptions, RedactionDottedName) { auto res = BSON("net" << BSON("tls" << BSON("mode" << "requireTLS" - << "PEMKeyPassword" + << "certificateKeyFilePassword" << "<password>" << "ClusterPassword" << "<password>") |