diff options
-rw-r--r-- | src/mongo/db/server_options_test.cpp | 7 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 17 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_options_test.cpp | 7 |
3 files changed, 29 insertions, 2 deletions
diff --git a/src/mongo/db/server_options_test.cpp b/src/mongo/db/server_options_test.cpp index a6f9b592e61..03b768a3690 100644 --- a/src/mongo/db/server_options_test.cpp +++ b/src/mongo/db/server_options_test.cpp @@ -48,6 +48,7 @@ #include <boost/filesystem.hpp> +#include "mongo/base/init.h" #include "mongo/bson/util/builder.h" #include "mongo/db/server_options.h" #include "mongo/db/server_options_server_helpers.h" @@ -66,6 +67,12 @@ using mongo::ErrorCodes; using mongo::Status; namespace moe = mongo::optionenvironment; +MONGO_INITIALIZER(ServerLogRedirection)(mongo::InitializerContext*) { + // ssl_options_server.cpp has an initializer which depends on logging. + // We can stub that dependency out for unit testing purposes. + return Status::OK(); +} + class OptionsParserTester : public moe::OptionsParser { public: Status readConfigFile(const std::string& filename, std::string* config) { diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 24d5c2a10da..335e2daba6c 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -83,6 +83,8 @@ Status storeTLSLogVersion(const std::string& loggedProtocols) { namespace { +bool gImplicitDisableTLS10 = false; + // storeSSLServerOptions depends on serverGlobalParams.clusterAuthMode // and IDL based storage actions, and therefore must run later. MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { @@ -161,8 +163,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { * old version of OpenSSL (pre 1.0.0l) * which does not support TLS 1.1 or later. */ - log() << "Automatically disabling TLS 1.0, to force-enable TLS 1.0 " - "specify --sslDisabledProtocols 'none'"; + gImplicitDisableTLS10 = true; sslGlobalParams.sslDisabledProtocols.push_back(SSLParams::Protocols::TLS1_0); #endif } @@ -312,5 +313,17 @@ MONGO_STARTUP_OPTIONS_VALIDATE(SSLServerOptions)(InitializerContext*) { return Status::OK(); } +// This warning must be deferred until after +// ServerLogRedirection has started up so that +// it goes to the right place. +MONGO_INITIALIZER_WITH_PREREQUISITES(ImplicitDisableTLS10Warning, ("ServerLogRedirection")) +(InitializerContext*) { + if (gImplicitDisableTLS10) { + log() << "Automatically disabling TLS 1.0, to force-enable TLS 1.0 " + "specify --sslDisabledProtocols 'none'"; + } + return Status::OK(); +} + } // namespace } // namespace mongo diff --git a/src/mongo/util/net/ssl_options_test.cpp b/src/mongo/util/net/ssl_options_test.cpp index c352f5d39c1..19b1b414d10 100644 --- a/src/mongo/util/net/ssl_options_test.cpp +++ b/src/mongo/util/net/ssl_options_test.cpp @@ -37,6 +37,7 @@ #include <ostream> #include "mongo/base/global_initializer.h" +#include "mongo/base/init.h" #include "mongo/base/initializer.h" #include "mongo/db/server_options_server_helpers.h" #include "mongo/unittest/unittest.h" @@ -51,6 +52,12 @@ namespace moe = mongo::optionenvironment; namespace mongo { namespace { +MONGO_INITIALIZER(ServerLogRedirection)(InitializerContext*) { + // ssl_options_server.cpp has an initializer which depends on logging. + // We can stub that dependency out for unit testing purposes. + return Status::OK(); +} + Status executeInitializer(const std::string& name) try { const auto* node = getGlobalInitializer().getInitializerDependencyGraph().getInitializerNode(name); |