diff options
author | Jonathan Reams <jbreams@mongodb.com> | 2018-08-15 13:53:40 -0400 |
---|---|---|
committer | Jonathan Reams <jbreams@mongodb.com> | 2018-08-15 15:26:11 -0400 |
commit | 8de4f3563737eb3b23ae37eeaa9efa1cb40dc350 (patch) | |
tree | 88ef60312186ef1cb020f10e171ce8b527388677 /src/mongo/util | |
parent | 8eb9915c41108289e0aba79f1207a48bdfc784d8 (diff) | |
download | mongo-8de4f3563737eb3b23ae37eeaa9efa1cb40dc350.tar.gz |
SERVER-34621 Log if client attempts unsupported TLS renegotiation on Windows
Diffstat (limited to 'src/mongo/util')
-rw-r--r-- | src/mongo/util/net/ssl/detail/impl/schannel.ipp | 2 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/error.hpp | 6 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/impl/error.ipp | 3 |
3 files changed, 8 insertions, 3 deletions
diff --git a/src/mongo/util/net/ssl/detail/impl/schannel.ipp b/src/mongo/util/net/ssl/detail/impl/schannel.ipp index 3ef6d8bf11b..89b98033822 100644 --- a/src/mongo/util/net/ssl/detail/impl/schannel.ipp +++ b/src/mongo/util/net/ssl/detail/impl/schannel.ipp @@ -606,7 +606,7 @@ ssl_want SSLReadManager::decryptBuffer(asio::error_code& ec, DecryptState* pDecr *pDecryptState = DecryptState::Renegotiate; // Fail the connection on SSL renegotiations - ec = asio::ssl::error::stream_truncated; + ec = asio::ssl::error::no_renegotiation; return ssl_want::want_nothing; } diff --git a/src/mongo/util/net/ssl/error.hpp b/src/mongo/util/net/ssl/error.hpp index 9996b825b12..3bf0ea02510 100644 --- a/src/mongo/util/net/ssl/error.hpp +++ b/src/mongo/util/net/ssl/error.hpp @@ -43,12 +43,14 @@ namespace error { enum stream_errors { #if defined(GENERATING_DOCUMENTATION) /// The underlying stream closed before the ssl stream gracefully shut down. - stream_truncated + stream_truncated, + no_renegotiation #elif (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_IS_BORINGSSL) && \ MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL stream_truncated = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ) #else - stream_truncated = 1 + stream_truncated = 1, + no_renegotiation #endif }; diff --git a/src/mongo/util/net/ssl/impl/error.ipp b/src/mongo/util/net/ssl/impl/error.ipp index b691cb391f7..abe179c33a7 100644 --- a/src/mongo/util/net/ssl/impl/error.ipp +++ b/src/mongo/util/net/ssl/impl/error.ipp @@ -37,6 +37,9 @@ public: #if MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_WINDOWS std::string message(int value) const { + if (value == asio::ssl::error::no_renegotiation) { + return "peer requested renegotiation, which is not supported"; + } return mongo::errnoWithDescription(value); } #elif MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL |