summaryrefslogtreecommitdiff
path: root/src/mongo/util/net/ssl_manager.cpp
Commit message (Collapse)AuthorAgeFilesLines
* SERVER-37135: Track and report TLS 1.3Spencer Jackson2018-10-291-1/+12
| | | | (cherry picked from commit 670963110d9d226824842d22540a79154fce59a1)
* SERVER-36250 Add support for optionally logging specific negotiated TLS versionsMark Benvenuto2018-10-291-0/+40
| | | | (cherry picked from commit 0780841a51470b33105ec2b0a7831531b82d0a8d)
* SERVER-37651 Update header files with new licenseRamon Fernandez2018-10-191-14/+17
|
* SERVER-36919 Add server setParameter tlsSuppressClientCertificateSara Golemon2018-09-201-0/+6
| | | | | | (cherry picked from commit 1070aa3880ac73bc1923b44a372c61c209a35f61) Set parameter name mapped from tls* to ssl*
* SERVER-34558 Add server status for transport security protocol versionsMark Benvenuto2018-08-071-0/+35
| | | | (cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb)
* SERVER-27264 Allow disabling no client certificate warningAdam Cooper2018-07-101-0/+5
| | | | (cherry picked from commit 14eb0afce97b372d0dc4d2a4c41a00318a36b0e2)
* SERVER-35412 Namespace SSL_PROVIDER valuesSara Golemon2018-06-081-1/+1
| | | | (cherry picked from commit 4448250e1aa4f778af67fc93176b0d07b3762a1f)
* SERVER-35272 Remove dependencies on ssl_manager and transport_layer from ↵Henrik Edin2018-06-071-15/+0
| | | | | | embedded when not dragged in by sharding. (cherry picked from commit 5dd6fcae8bedcf9dcb8a4e2e26b70320b369b48c)
* SERVER-35196 Map additional X509 OIDsSara Golemon2018-06-051-2/+55
| | | | (cherry picked from commit 23cd748c2df0800d908bb6c0e8b29d6f6ef7d0da)
* SERVER-35016 Adding commmon log for client/server certificate with LOG(1)Kashish Garg2018-06-051-1/+21
| | | | (cherry picked from commit 38f7aa5ad7aa3b7bf1b9ffa0dc28627083e2f8b8)
* SERVER-35406 Fix handling of unknown OIDs in OpenSSLSara Golemon2018-06-051-2/+8
| | | | (cherry picked from commit 656bd63ca02b37bdd3550b7a24c83085da5d145c)
* SERVER-34735 Extract structured data from X509 subject namesSara Golemon2018-05-151-13/+110
|
* SERVER-34413 Converting Certificate Subject Names to strings need to obey ↵Mark Benvenuto2018-04-171-0/+49
| | | | RFC 2253
* SERVER-33941 Add SNI support for all ASIO SSL enginesMark Benvenuto2018-03-291-7/+8
|
* SERVER-22412 Implement a secure transport ASIO backendSara Golemon2018-03-171-0/+29
|
* SERVER-33549 Create ASN.1 parser for MongoDBAuthorizationGrantsMark Benvenuto2018-03-081-0/+309
|
* SERVER-32750 Introduce SSLConnectionInterface for SSLConnection and refactorMark Benvenuto2018-01-301-0/+2
|
* SERVER-32748 Split ssl_manager.cpp into openssl specific and general components.Mark Benvenuto2018-01-301-1490/+0
|
* Revert "SERVER-32748 Split ssl_manager.cpp into openssl specific and general ↵Mark Benvenuto2018-01-291-0/+1490
| | | | | | components." This reverts commit f627a7ee4e2c864013212d401aa108ad24aa9c4a.
* Revert "SERVER-32750 Introduce SSLConnectionInterface for SSLConnection and ↵Mark Benvenuto2018-01-291-2/+0
| | | | | | refactor" This reverts commit a263ed4f10132b32117c3981cdaec9522e1288a2.
* SERVER-32750 Introduce SSLConnectionInterface for SSLConnection and refactorMark Benvenuto2018-01-291-0/+2
|
* SERVER-32748 Split ssl_manager.cpp into openssl specific and general components.Mark Benvenuto2018-01-291-1490/+0
|
* SERVER-32674 Make SocketException not be a special typeMathias Stearn2018-01-191-7/+6
|
* SERVER-32396 Do not pass FQDNs to OpenSSLADAM David Alan Martin2017-12-201-8/+10
| | | | | OpenSSL makes requests with the exact string passed as an SNI. This should have the trailing dot elided when present in FQDN form.
* SERVER-31965 Correctly handle certificates for SRV URIsADAM David Alan Martin2017-11-281-24/+36
| | | | | | | | | | The hostname provided by SRV records is a canonicalized FQDN ending in a '.' character. X.509 certificates use a canonical hostname with the trailing '.' removed. The comparison between these two forms needs to strip all trailing '.' characters. This is considered safe in all cases, as a DNS spoofing attack would still require forging or obtaining a certificate with a canonicalized name to make a redirection work.
* SERVER-30914: Repair basic builds on OpenBSDAndrew Aldridge2017-09-201-1/+1
| | | | | | Closes #1172 Signed-off-by: Mark Benvenuto <mark.benvenuto@mongodb.com>
* SERVER-23645 Unix socket certificate name mismatch is now a warningADAM David Alan Martin2017-08-301-1/+13
| | | | | | Because Unix Domain Sockets are indicated by path, we can easily distinguish when we are likely to create them. Certificate mismatches on name for such sockets become warnings, instead of connection failures.
* SERVER-30643: Ensure thread IDs observed by OpenSSL are uniformly distributedSpencer Jackson2017-08-221-18/+47
|
* Revert "SERVER-23645 Unix socket certificate name mismatch is now a warning"ADAM David Alan Martin2017-08-181-13/+1
| | | | This reverts commit c5b7415b7d1a314dd7f4f1143bc5b354894183c0.
* SERVER-23645 Unix socket certificate name mismatch is now a warningADAM David Alan Martin2017-08-181-1/+13
| | | | | | Because Unix Domain Sockets are indicated by path, we can easily distinguish when we are likely to create them. Certificate mismatches on name for such sockets become warnings, instead of connection failures.
* SERVER-24897 Configuration of DHE parameters.ADAM David Alan Martin2017-08-141-30/+116
| | | | | | | Added an option to permit specifying a Diffie Hellman parameters file in PEM format which will be passed to OpenSSL. We also now indicate to OpenSSL that we'd like Elliptic Curve Diffie Hellman Exchange, if the client supports it.
* SERVER-26538 SERVER-26539 Detach from boost::threadAndrew Morrow2017-08-021-13/+14
| | | | | Also, use thread_local everywhere for our thread specific data needs and remove the legacy support.
* SERVER-27592 open windows certificate store read onlyTed Tuckman2017-07-101-2/+5
|
* SERVER-30065 Do libdeps dependency types by section, not tupleAndrew Morrow2017-07-081-1/+1
|
* SERVER-29568: Create opensslCipherConfig setParameterSpencer Jackson2017-06-281-0/+25
|
* SERVER-28530 Prevent SSLThreadInfo destruction construction cycleSpencer Jackson2017-04-101-50/+34
|
* SERVER-28014 Add logging to expose non-SSL connections when SSL is preferred ↵samantharitter2017-03-211-0/+12
| | | | but not required
* SERVER-26781 Building with openssl 1.1.0Marek Skalický2017-02-081-3/+12
| | | | | | Closes #1133 Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
* SERVER-26699 Enable MSVC flags for C++ standards alignmentMark Benvenuto2016-12-221-3/+5
|
* SERVER-26944 Make Session decorable and move subsystem info into decorationsJonathan Reams2016-12-141-0/+13
|
* SERVER-27210 Allow shell to connect to replicasets with ssl=true in URIJonathan Reams2016-12-081-1/+1
|
* SERVER-26369: Fix shard server crash with encrypted PEMKeyFilesSpencer Jackson2016-11-081-12/+44
|
* Revert "SERVER-25151 Honor 'ssl' option in URIs passed to the shell"samantharitter2016-09-131-13/+9
| | | | This reverts commit 7c3878adaf73736c33c7f65b718d8b5705c36142.
* SERVER-25151 Honor 'ssl' option in URIs passed to the shellsamantharitter2016-09-131-9/+13
|
* SERVER-25865 stdx::unordered_map and stdx::unordered_setDavid Storch2016-09-081-5/+5
| | | | | On Windows, these are aliases for boost containers. On other platforms they are aliases for std containers.
* SERVER-25801 Only log x.509 roles when OID extension is presentAndreas Nilsson2016-08-291-9/+9
|
* SERVER-25684 Support SNI server names in mongo shellJonathan Reams2016-08-231-1/+4
|
* SERVER-22826 Support X509 AuthorizationSpencer Jackson2016-08-111-7/+165
|
* Revert "SERVER-22826 Support X509 Authorization"Spencer Jackson2016-08-101-141/+7
| | | | This reverts commit d930f4832631eca7092ada4328d780f2b8d19d31.
* SERVER-22826 Support X509 AuthorizationSpencer Jackson2016-08-091-7/+141
|
View Lorry Controller Status