diff options
Diffstat (limited to 'src/mongo/util/net/ssl_options.h')
-rw-r--r-- | src/mongo/util/net/ssl_options.h | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/src/mongo/util/net/ssl_options.h b/src/mongo/util/net/ssl_options.h index e7ba7656fe4..724a272c952 100644 --- a/src/mongo/util/net/ssl_options.h +++ b/src/mongo/util/net/ssl_options.h @@ -111,28 +111,29 @@ struct SSLParams { extern SSLParams sslGlobalParams; /** + * Older versions of mongod/mongos accepted --sslDisabledProtocols values + * in the form 'noTLS1_0,noTLS1_1'. kAcceptNegativePrefix allows us to + * continue accepting this format on mongod/mongos while only supporting + * the "standard" TLS1_X format in the shell. + */ +enum class SSLDisabledProtocolsMode { + kStandardFormat, + kAcceptNegativePrefix, +}; + +Status storeSSLDisabledProtocols( + const std::string& disabledProtocols, + SSLDisabledProtocolsMode mode = SSLDisabledProtocolsMode::kStandardFormat); + +/** * The global SSL configuration. This should be accessed only after global initialization has * completed. If it must be accessed in an initializer, the initializer should have * "EndStartupOptionStorage" as a prerequisite. */ const SSLParams& getSSLGlobalParams(); -Status addSSLServerOptions(mongo::optionenvironment::OptionSection* options); - -Status addSSLClientOptions(mongo::optionenvironment::OptionSection* options); - -Status storeSSLServerOptions(const mongo::optionenvironment::Environment& params); - Status parseCertificateSelector(SSLParams::CertificateSelector* selector, StringData name, StringData value); -/** - * Canonicalize SSL options for the given environment that have different representations with - * the same logical meaning. - */ -Status canonicalizeSSLServerOptions(mongo::optionenvironment::Environment* params); - -Status validateSSLServerOptions(const mongo::optionenvironment::Environment& params); -Status storeSSLClientOptions(const mongo::optionenvironment::Environment& params); } // namespace mongo |