diff options
Diffstat (limited to 'src/mongo/util/net/ssl_options_server.cpp')
-rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 0b0f0b4e955..809befe82d8 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -37,6 +37,7 @@ #include "mongo/base/status.h" #include "mongo/config.h" +#include "mongo/db/auth/auth_options_gen.h" #include "mongo/db/server_options.h" #include "mongo/logv2/log.h" #include "mongo/util/options_parser/startup_option_init.h" @@ -232,6 +233,12 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { if (sslGlobalParams.sslMode.load() == SSLParams::SSLMode_disabled) { uasserted(ErrorCodes::BadValue, "need to enable TLS via the tlsMode flag"); } + + if (!gEnforceUserClusterSeparation) { + uasserted(ErrorCodes::BadValue, + "cannot have have x.509 cluster authentication while not enforcing user " + "cluster separation"); + } } if (sslGlobalParams.sslMode.load() == SSLParams::SSLMode_allowSSL) { |