diff options
| -rw-r--r-- | src/mongo/db/mongod_options.cpp | 7 | ||||
| -rw-r--r-- | src/mongo/s/mongos_options.cpp | 7 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_options.cpp | 29 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_options.h | 6 |
4 files changed, 38 insertions, 11 deletions
diff --git a/src/mongo/db/mongod_options.cpp b/src/mongo/db/mongod_options.cpp index 80056a3e02b..e173e34729c 100644 --- a/src/mongo/db/mongod_options.cpp +++ b/src/mongo/db/mongod_options.cpp @@ -559,6 +559,13 @@ namespace mongo { return ret; } +#ifdef MONGO_SSL + ret = canonicalizeSSLServerOptions(params); + if (!ret.isOK()) { + return ret; + } +#endif + // "storage.journal.enabled" comes from the config file, so override it if any of "journal", // "nojournal", "dur", and "nodur" are set, since those come from the command line. if (params->count("nodur") || params->count("nojournal")) { diff --git a/src/mongo/s/mongos_options.cpp b/src/mongo/s/mongos_options.cpp index 01a9f18c3e7..8dce0117f94 100644 --- a/src/mongo/s/mongos_options.cpp +++ b/src/mongo/s/mongos_options.cpp @@ -169,6 +169,13 @@ namespace mongo { return ret; } +#ifdef MONGO_SSL + ret = canonicalizeSSLServerOptions(params); + if (!ret.isOK()) { + return ret; + } +#endif + return Status::OK(); } diff --git a/src/mongo/util/net/ssl_options.cpp b/src/mongo/util/net/ssl_options.cpp index 64aa2c2b878..18551b84b85 100644 --- a/src/mongo/util/net/ssl_options.cpp +++ b/src/mongo/util/net/ssl_options.cpp @@ -26,7 +26,8 @@ namespace mongo { Status addSSLServerOptions(moe::OptionSection* options) { options->addOptionChaining("net.ssl.sslOnNormalPorts", "sslOnNormalPorts", moe::Switch, "use ssl on configured ports") - .setSources(moe::SourceAllLegacy); + .setSources(moe::SourceAllLegacy) + .incompatibleWith("net.ssl.mode"); options->addOptionChaining("net.ssl.mode", "sslMode", moe::String, "set the SSL operation mode (disabled|allowSSL|preferSSL|requireSSL)"); @@ -95,6 +96,22 @@ namespace mongo { return Status::OK(); } + Status canonicalizeSSLServerOptions(moe::Environment* params) { + + if (params->count("net.ssl.sslOnNormalPorts")) { + Status ret = params->set("net.ssl.mode", moe::Value(std::string("requireSSL"))); + if (!ret.isOK()) { + return ret; + } + ret = params->remove("net.ssl.sslOnNormalPorts"); + if (!ret.isOK()) { + return ret; + } + } + + return Status::OK(); + } + Status storeSSLServerOptions(const moe::Environment& params) { if (params.count("net.ssl.mode")) { @@ -156,16 +173,6 @@ namespace mongo { sslGlobalParams.sslFIPSMode = true; } - if (params.count("net.ssl.sslOnNormalPorts")) { - if (params.count("net.ssl.mode")) { - return Status(ErrorCodes::BadValue, - "can't have both sslMode and sslOnNormalPorts"); - } - else { - sslGlobalParams.sslMode.store(SSLGlobalParams::SSLMode_requireSSL); - } - } - if (sslGlobalParams.sslMode.load() != SSLGlobalParams::SSLMode_disabled) { if (sslGlobalParams.sslPEMKeyFile.size() == 0) { return Status(ErrorCodes::BadValue, diff --git a/src/mongo/util/net/ssl_options.h b/src/mongo/util/net/ssl_options.h index bbe1b08f875..6cf9ccbbd63 100644 --- a/src/mongo/util/net/ssl_options.h +++ b/src/mongo/util/net/ssl_options.h @@ -76,5 +76,11 @@ namespace mongo { Status storeSSLServerOptions(const moe::Environment& params); + /** + * Canonicalize SSL options for the given environment that have different representations with + * the same logical meaning + */ + Status canonicalizeSSLServerOptions(moe::Environment* params); + Status storeSSLClientOptions(const moe::Environment& params); } |