diff options
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/db/db.cpp | 12 | ||||
-rw-r--r-- | src/mongo/db/startup_warnings_common.cpp | 18 |
2 files changed, 18 insertions, 12 deletions
diff --git a/src/mongo/db/db.cpp b/src/mongo/db/db.cpp index 8892928177d..107de1fd660 100644 --- a/src/mongo/db/db.cpp +++ b/src/mongo/db/db.cpp @@ -378,18 +378,6 @@ ExitCode _initAndListen(int listenPort) { logMongodStartupWarnings(storageGlobalParams, serverGlobalParams, serviceContext); -#ifdef MONGO_CONFIG_SSL - if (sslGlobalParams.sslAllowInvalidCertificates && - ((serverGlobalParams.clusterAuthMode.load() == ServerGlobalParams::ClusterAuthMode_x509) || - sequenceContains(saslGlobalParams.authenticationMechanisms, "MONGODB-X509"))) { - log() << "** WARNING: While invalid X509 certificates may be used to" << startupWarningsLog; - log() << "** connect to this server, they will not be considered" - << startupWarningsLog; - log() << "** permissible for authentication." << startupWarningsLog; - log() << startupWarningsLog; - } -#endif - { std::stringstream ss; ss << endl; diff --git a/src/mongo/db/startup_warnings_common.cpp b/src/mongo/db/startup_warnings_common.cpp index 0cd52f78199..31a8b6c04b8 100644 --- a/src/mongo/db/startup_warnings_common.cpp +++ b/src/mongo/db/startup_warnings_common.cpp @@ -81,6 +81,24 @@ void logCommonStartupWarnings(const ServerGlobalParams& serverParams) { warned = true; } +#ifdef MONGO_CONFIG_SSL + if (sslGlobalParams.sslAllowInvalidCertificates) { + log() << "** WARNING: While invalid X509 certificates may be used to" << startupWarningsLog; + log() << "** connect to this server, they will not be considered" + << startupWarningsLog; + log() << "** permissible for authentication." << startupWarningsLog; + log() << startupWarningsLog; + } + + if (sslGlobalParams.sslAllowInvalidHostnames) { + log() << "** WARNING: This server will not perform X.509 hostname validation" + << startupWarningsLog; + log() << "** This may allow your server to make or accept connections to" + << startupWarningsLog; + log() << "** untrusted parties" << startupWarningsLog; + } +#endif + /* * We did not add the message to startupWarningsLog as the user can not * specify a sslCAFile parameter from the shell |