summaryrefslogtreecommitdiff
path: root/src/mongo/util/net/ssl_options_server.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/util/net/ssl_options_server.cpp')
-rw-r--r--src/mongo/util/net/ssl_options_server.cpp12
1 files changed, 4 insertions, 8 deletions
diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp
index 809befe82d8..4612993df07 100644
--- a/src/mongo/util/net/ssl_options_server.cpp
+++ b/src/mongo/util/net/ssl_options_server.cpp
@@ -190,7 +190,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) {
}
#endif
- const int clusterAuthMode = serverGlobalParams.clusterAuthMode.load();
+ const auto clusterAuthMode = serverGlobalParams.startupClusterAuthMode;
if (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled) {
bool usingCertifiateSelectors = params.count("net.tls.certificateSelector");
if (sslGlobalParams.sslPEMKeyFile.size() == 0 && !usingCertifiateSelectors) {
@@ -209,7 +209,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) {
// When using cetificate selectors, we use the local system certificate store for verifying
// X.509 certificates for auth instead of relying on a CA file.
if (sslGlobalParams.sslCAFile.empty() && !usingCertifiateSelectors &&
- clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509) {
+ clusterAuthMode.allowsX509()) {
uasserted(ErrorCodes::BadValue, sslCANotFoundError);
}
} else if (sslGlobalParams.sslPEMKeyFile.size() || sslGlobalParams.sslPEMKeyPassword.size() ||
@@ -227,9 +227,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) {
"using TLS configuration parameters");
}
- if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendKeyFile ||
- clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendX509 ||
- clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509) {
+ if (clusterAuthMode.allowsX509()) {
if (sslGlobalParams.sslMode.load() == SSLParams::SSLMode_disabled) {
uasserted(ErrorCodes::BadValue, "need to enable TLS via the tlsMode flag");
}
@@ -243,9 +241,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) {
if (sslGlobalParams.sslMode.load() == SSLParams::SSLMode_allowSSL) {
// allowSSL and x509 is valid only when we are transitioning to auth.
- if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendX509 ||
- (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509 &&
- !serverGlobalParams.transitionToAuth)) {
+ if (clusterAuthMode.sendsX509() && !serverGlobalParams.transitionToAuth) {
uasserted(ErrorCodes::BadValue,
"cannot have x.509 cluster authentication in allowTLS mode");
}
View Lorry Controller Status