diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2021-08-02 16:14:21 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-08-11 17:52:52 +0000 |
commit | d5d9bd45185b4ea2a4d7600512559326880290c9 (patch) | |
tree | e285c1c33189fc3a49aa987f4eb5bbe51f1db2db /src/mongo | |
parent | 51463ed9e3fca4667c72d82be539c061e7bed63e (diff) | |
download | mongo-d5d9bd45185b4ea2a4d7600512559326880290c9.tar.gz |
SERVER-57630 Support SSL_OP_NO_REGNEGOTIATION if it's available at runtime
(cherry picked from commit 2d974e867061b13526750f1ff66a9fb577a96354)
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index cc0a75229fb..18f5ac36372 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -2073,8 +2073,19 @@ Status SSLManagerOpenSSL::initSSLContext(SSL_CTX* context, } } -#ifdef SSL_OP_NO_RENEGOTIATION - options |= SSL_OP_NO_RENEGOTIATION; +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + // OpenSSL pre-1.1.0 isn't ABI compatable enough to ever work, so skip it. +#ifndef SSL_OP_NO_RENEGOTIATION +#define SSL_OP_NO_RENEGOTIATION 0x40000000U +#endif + if (OpenSSL_version_num() >= 0x10100080) { + /* SSL_OP_NO_RENEGOTIATION added in 1.1.0h (0x10100080) + * but we might be compiling with 1.1.0(a-g). + * Allow this option to be specified at runtime + * in this specific window. + */ + options |= SSL_OP_NO_RENEGOTIATION; + } #endif ::SSL_CTX_set_options(context, options); |