diff options
Diffstat (limited to 'src/mongo/util')
-rw-r--r-- | src/mongo/util/net/ssl_manager_apple.cpp | 2 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 5 | ||||
-rw-r--r-- | src/mongo/util/net/ssl_manager_windows.cpp | 4 |
3 files changed, 8 insertions, 3 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index 0bbc2b47429..3d53297aa19 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1479,7 +1479,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerApple::parseAndValidatePeerCe if (!sanMatch && !cnMatch) { const auto msg = certErr.str(); - if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHostName)) { + if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) { warning() << msg; } else { error() << msg; diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index fe86588cd85..4b9ce8e37fe 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -1384,7 +1384,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerOpenSSL::parseAndValidatePeer sanMatch = true; break; } - certificateNames << std::string(dnsName) << " "; + certificateNames << std::string(dnsName) << ", "; } else if (currentName && currentName -> type == GEN_IPADD) { std::string ipAddress (reinterpret_cast<char*>(ASN1_STRING_data(currentName->d.iPAddress))); auto swCIDRIPAddress = CIDR::parse(ipAddress); @@ -1395,6 +1395,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerOpenSSL::parseAndValidatePeer sanMatch = true; break; } + certificateNames << std::string(ipAddress) << ", "; } } sk_GENERAL_NAME_pop_free(sanNames, GENERAL_NAME_free); @@ -1418,7 +1419,7 @@ StatusWith<boost::optional<SSLPeerInfo>> SSLManagerOpenSSL::parseAndValidatePeer msgBuilder << "The server certificate does not match the host name. Hostname: " << remoteHost << " does not match " << certificateNames.str(); std::string msg = msgBuilder.str(); - if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHostName)) { + if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) { warning() << msg; } else { error() << msg; diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp index 7ac11406796..ad026f67dfe 100644 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ b/src/mongo/util/net/ssl_manager_windows.cpp @@ -59,6 +59,7 @@ #include "mongo/util/net/ssl_types.h" #include "mongo/util/text.h" #include "mongo/util/uuid.h" +#include "mongo/base/data_range.h" namespace mongo { @@ -1518,6 +1519,9 @@ StatusWith<std::vector<std::string>> getSubjectAlternativeNames(PCCERT_CONTEXT c for (size_t i = 0; i < altNames->cAltEntry; i++) { if (altNames->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { names.push_back(toUtf8String(altNames->rgAltEntry[i].pwszDNSName)); + } else if (altNames->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { + auto ip_struct = altNames->rgAltEntry[i].IPAddress; + } } |