diff options
| -rw-r--r-- | src/mongo/db/server_feature_flags.idl | 8 | ||||
| -rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 8 |
2 files changed, 2 insertions, 14 deletions
diff --git a/src/mongo/db/server_feature_flags.idl b/src/mongo/db/server_feature_flags.idl index f7b0b8f7bb3..d632cae980c 100644 --- a/src/mongo/db/server_feature_flags.idl +++ b/src/mongo/db/server_feature_flags.idl @@ -82,11 +82,3 @@ feature_flags: cpp_varname: feature_flags::gFeatureFlagUseUnreplicatedTruncatesForDeletions default: false shouldBeFCVGated: false - featureFlagConfigurableX509ClusterAuthn: - description: >- - Enable configurable parameters for detection of peer server nodes using X.509 - intracluster authentication. - cpp_varname: gFeatureFlagConfigurableX509ClusterAuthn - default: true - version: 7.0 - shouldBeFCVGated: true diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index b87aa94599c..9e7cd2083d1 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -811,9 +811,7 @@ bool SSLConfiguration::isClusterMember( // If either net.tls.clusterAuthX509.attributes or net.tls.clusterAuthX509.extensionValue have // been specified, use them to determine cluster membership. Otherwise, check whether DC, O, // and/or OU from the server member certificate's subject DN match the client subject DN. - if (_clusterAuthX509Config._configCriteria && - gFeatureFlagConfigurableX509ClusterAuthn.isEnabled( - serverGlobalParams.featureCompatibility)) { + if (_clusterAuthX509Config._configCriteria) { bool matchesClusterAuthX509Config = stdx::visit(visitor, _clusterAuthX509Config._configCriteria.value()); if (matchesClusterAuthX509Config) { @@ -830,9 +828,7 @@ bool SSLConfiguration::isClusterMember( // If the certificate did not meet either of the above criteria, then it can still be a cluster // member if tlsClusterX509AuthOverride is specified and it meets the attribute or extension // policy specified. - if (_clusterAuthX509Config._overrideCriteria && - gFeatureFlagConfigurableX509ClusterAuthn.isEnabled( - serverGlobalParams.featureCompatibility)) { + if (_clusterAuthX509Config._overrideCriteria) { return stdx::visit(visitor, _clusterAuthX509Config._overrideCriteria.value()); } |