summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jstests/ssl/ssl_cluster_file.js35
-rw-r--r--src/mongo/transport/transport_layer_asio.cpp13
2 files changed, 42 insertions, 6 deletions
diff --git a/jstests/ssl/ssl_cluster_file.js b/jstests/ssl/ssl_cluster_file.js
new file mode 100644
index 00000000000..aa77b875530
--- /dev/null
+++ b/jstests/ssl/ssl_cluster_file.js
@@ -0,0 +1,35 @@
+(function() {
+ "use strict";
+
+ var CA_CERT = "jstests/libs/ca.pem";
+ var SERVER_CERT = "jstests/libs/server.pem";
+ var CLIENT_CERT = "jstests/libs/client.pem";
+ var BAD_SAN_CERT = "jstests/libs/badSAN.pem";
+
+ var mongod = MongoRunner.runMongod({
+ sslMode: "requireSSL",
+ sslPEMKeyFile: SERVER_CERT,
+ sslCAFile: CA_CERT,
+ sslClusterFile: BAD_SAN_CERT
+ });
+
+ var mongo = runMongoProgram("mongo",
+ "--host",
+ "localhost",
+ "--port",
+ mongod.port,
+ "--ssl",
+ "--sslCAFile",
+ CA_CERT,
+ "--sslPEMKeyFile",
+ CLIENT_CERT,
+ "--eval",
+ ";");
+
+ // runMongoProgram returns 0 on success
+ assert.eq(
+ 0,
+ mongo,
+ "Connection attempt failed when an irrelevant sslClusterFile was provided to the server!");
+
+}());
diff --git a/src/mongo/transport/transport_layer_asio.cpp b/src/mongo/transport/transport_layer_asio.cpp
index 48fad3550a0..4d038d0f6bb 100644
--- a/src/mongo/transport/transport_layer_asio.cpp
+++ b/src/mongo/transport/transport_layer_asio.cpp
@@ -229,12 +229,13 @@ Status TransportLayerASIO::setup() {
if (_sslMode() != SSLParams::SSLMode_disabled) {
_sslContext = stdx::make_unique<asio::ssl::context>(asio::ssl::context::sslv23);
- const auto sslManager = getSSLManager();
- sslManager
- ->initSSLContext(_sslContext->native_handle(),
- sslParams,
- SSLManagerInterface::ConnectionDirection::kOutgoing)
- .transitional_ignore();
+ Status status =
+ getSSLManager()->initSSLContext(_sslContext->native_handle(),
+ sslParams,
+ SSLManagerInterface::ConnectionDirection::kIncoming);
+ if (!status.isOK()) {
+ return status;
+ }
}
#endif
View Lorry Controller Status