diff options
Diffstat (limited to 'src/mongo/util/net/ssl_options_server.cpp')
| -rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 8ccc3f30cc1..fa9fe9108ca 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -40,6 +40,7 @@ #include "mongo/util/log.h" #include "mongo/util/options_parser/startup_option_init.h" #include "mongo/util/options_parser/startup_options.h" +#include "mongo/util/text.h" #if MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL #include <openssl/ssl.h> @@ -145,6 +146,13 @@ Status addSSLServerOptions(moe::OptionSection* options) { {"net.ssl.disabledProtocols"}, {"sslDisabledProtocols"}); + + options->addOptionChaining( + "net.tls.logVersions", + "tlsLogVersions", + moe::String, + "Comma separated list of TLS protocols to log on connect [TLS1_0,TLS1_1,TLS1_2]"); + options->addOptionChaining("net.tls.weakCertificateValidation", "tlsWeakCertificateValidation", moe::Switch, @@ -206,6 +214,32 @@ Status addSSLServerOptions(moe::OptionSection* options) { return Status::OK(); } +Status storeTLSLogVersion(const std::string& loggedProtocols) { + // The tlsLogVersion field is composed of a comma separated list of protocols to + // log. First, tokenize the field. + const auto tokens = StringSplitter::split(loggedProtocols, ","); + + // All universally accepted tokens, and their corresponding enum representation. + const std::map<std::string, SSLParams::Protocols> validConfigs{ + {"TLS1_0", SSLParams::Protocols::TLS1_0}, + {"TLS1_1", SSLParams::Protocols::TLS1_1}, + {"TLS1_2", SSLParams::Protocols::TLS1_2}, + }; + + // Map the tokens to their enum values, and push them onto the list of logged protocols. + for (const std::string& token : tokens) { + auto mappedToken = validConfigs.find(token); + if (mappedToken != validConfigs.end()) { + sslGlobalParams.tlsLogVersions.push_back(mappedToken->second); + continue; + } + + return Status(ErrorCodes::BadValue, "Unrecognized tlsLogVersions '" + token + "'"); + } + + return Status::OK(); +} + Status storeSSLServerOptions(const moe::Environment& params) { if (params.count("net.tls.mode")) { std::string sslModeParam = params["net.tls.mode"].as<string>(); @@ -304,6 +338,13 @@ Status storeSSLServerOptions(const moe::Environment& params) { #endif } + if (params.count("net.tls.logVersions")) { + const auto status = storeTLSLogVersion(params["net.tls.logVersions"].as<string>()); + if (!status.isOK()) { + return status; + } + } + if (params.count("net.tls.weakCertificateValidation")) { sslGlobalParams.sslWeakCertificateValidation = params["net.tls.weakCertificateValidation"].as<bool>(); |