diff options
Diffstat (limited to 'src/mongo/util/net')
-rw-r--r-- | src/mongo/util/net/ssl_manager_apple.cpp | 11 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 14 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_windows.cpp | 10 |
3 files changed, 22 insertions, 13 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index 832e0b54262..98024421e5a 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1675,11 +1675,12 @@ Future<SSLPeerInfo> SSLManagerApple::parseAndValidatePeerCertificate( // The cipher will be presented as a number. ::SSLCipherSuite cipher; uassertOSStatusOK(::SSLGetNegotiatedCipher(ssl, &cipher)); - - LOGV2_INFO(6723803, - "Accepted TLS connection from peer", - "peerSubjectName"_attr = peerSubjectName, - "cipher"_attr = cipher); + if (!serverGlobalParams.quiet.load()) { + LOGV2_INFO(6723803, + "Accepted TLS connection from peer", + "peerSubjectName"_attr = peerSubjectName, + "cipher"_attr = cipher); + } // Server side. if (remoteHost.empty()) { diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index a8418eed3fa..606dd1e8868 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -771,6 +771,10 @@ Future<UniqueOCSPResponse> retrieveOCSPResponse(const std::string& host, return getSSLFailure("Could not convert type OCSP Response to DER encoded object."); } + if (!OCSPManager::get(getGlobalServiceContext())) { + return getSSLFailure("OCSP fetch could not complete, server is in shutdown mode."); + } + // Query the OCSP responder return OCSPManager::get(getGlobalServiceContext()) ->requestStatus(buffer, host, purpose) @@ -3309,10 +3313,12 @@ Future<SSLPeerInfo> SSLManagerOpenSSL::parseAndValidatePeerCertificate( // TODO: check optional cipher restriction, using cert. auto peerSubject = getCertificateSubjectX509Name(peerCert.get()); const auto cipher = SSL_get_current_cipher(conn); - LOGV2_INFO(6723801, - "Accepted TLS connection from peer", - "peerSubject"_attr = peerSubject, - "cipher"_attr = SSL_CIPHER_get_name(cipher)); + if (!serverGlobalParams.quiet.load()) { + LOGV2_INFO(6723801, + "Accepted TLS connection from peer", + "peerSubject"_attr = peerSubject, + "cipher"_attr = SSL_CIPHER_get_name(cipher)); + } StatusWith<stdx::unordered_set<RoleName>> swPeerCertificateRoles = _parsePeerRoles(peerCert.get()); diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp index 782ff15d417..760b81b4e07 100644 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ b/src/mongo/util/net/ssl_manager_windows.cpp @@ -2067,10 +2067,12 @@ Future<SSLPeerInfo> SSLManagerWindows::parseAndValidatePeerCertificate( } const auto cipher = std::wstring(cipherInfo.szCipherSuite); - LOGV2_INFO(6723802, - "Accepted TLS connection from peer", - "peerSubjectName"_attr = peerSubjectName, - "cipher"_attr = toUtf8String(cipher)); + if (!serverGlobalParams.quiet.load()) { + LOGV2_INFO(6723802, + "Accepted TLS connection from peer", + "peerSubjectName"_attr = peerSubjectName, + "cipher"_attr = toUtf8String(cipher)); + } // If this is a server and client and server certificate are the same, log a warning. if (remoteHost.empty() && _sslConfiguration.serverSubjectName() == peerSubjectName) { |