Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | SERVER-37135: Track and report TLS 1.3 | Spencer Jackson | 2018-10-29 | 1 | -1/+12 |
| | | | | (cherry picked from commit 670963110d9d226824842d22540a79154fce59a1) | ||||
* | SERVER-36250 Add support for optionally logging specific negotiated TLS versions | Mark Benvenuto | 2018-10-29 | 1 | -0/+40 |
| | | | | (cherry picked from commit 0780841a51470b33105ec2b0a7831531b82d0a8d) | ||||
* | SERVER-37651 Update header files with new license | Ramon Fernandez | 2018-10-19 | 1 | -14/+17 |
| | |||||
* | SERVER-36919 Add server setParameter tlsSuppressClientCertificate | Sara Golemon | 2018-09-20 | 1 | -0/+6 |
| | | | | | | (cherry picked from commit 1070aa3880ac73bc1923b44a372c61c209a35f61) Set parameter name mapped from tls* to ssl* | ||||
* | SERVER-34558 Add server status for transport security protocol versions | Mark Benvenuto | 2018-08-07 | 1 | -0/+35 |
| | | | | (cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb) | ||||
* | SERVER-27264 Allow disabling no client certificate warning | Adam Cooper | 2018-07-10 | 1 | -0/+5 |
| | | | | (cherry picked from commit 14eb0afce97b372d0dc4d2a4c41a00318a36b0e2) | ||||
* | SERVER-35412 Namespace SSL_PROVIDER values | Sara Golemon | 2018-06-08 | 1 | -1/+1 |
| | | | | (cherry picked from commit 4448250e1aa4f778af67fc93176b0d07b3762a1f) | ||||
* | SERVER-35272 Remove dependencies on ssl_manager and transport_layer from ↵ | Henrik Edin | 2018-06-07 | 1 | -15/+0 |
| | | | | | | embedded when not dragged in by sharding. (cherry picked from commit 5dd6fcae8bedcf9dcb8a4e2e26b70320b369b48c) | ||||
* | SERVER-35196 Map additional X509 OIDs | Sara Golemon | 2018-06-05 | 1 | -2/+55 |
| | | | | (cherry picked from commit 23cd748c2df0800d908bb6c0e8b29d6f6ef7d0da) | ||||
* | SERVER-35016 Adding commmon log for client/server certificate with LOG(1) | Kashish Garg | 2018-06-05 | 1 | -1/+21 |
| | | | | (cherry picked from commit 38f7aa5ad7aa3b7bf1b9ffa0dc28627083e2f8b8) | ||||
* | SERVER-35406 Fix handling of unknown OIDs in OpenSSL | Sara Golemon | 2018-06-05 | 1 | -2/+8 |
| | | | | (cherry picked from commit 656bd63ca02b37bdd3550b7a24c83085da5d145c) | ||||
* | SERVER-34735 Extract structured data from X509 subject names | Sara Golemon | 2018-05-15 | 1 | -13/+110 |
| | |||||
* | SERVER-34413 Converting Certificate Subject Names to strings need to obey ↵ | Mark Benvenuto | 2018-04-17 | 1 | -0/+49 |
| | | | | RFC 2253 | ||||
* | SERVER-33941 Add SNI support for all ASIO SSL engines | Mark Benvenuto | 2018-03-29 | 1 | -7/+8 |
| | |||||
* | SERVER-22412 Implement a secure transport ASIO backend | Sara Golemon | 2018-03-17 | 1 | -0/+29 |
| | |||||
* | SERVER-33549 Create ASN.1 parser for MongoDBAuthorizationGrants | Mark Benvenuto | 2018-03-08 | 1 | -0/+309 |
| | |||||
* | SERVER-32750 Introduce SSLConnectionInterface for SSLConnection and refactor | Mark Benvenuto | 2018-01-30 | 1 | -0/+2 |
| | |||||
* | SERVER-32748 Split ssl_manager.cpp into openssl specific and general components. | Mark Benvenuto | 2018-01-30 | 1 | -1490/+0 |
| | |||||
* | Revert "SERVER-32748 Split ssl_manager.cpp into openssl specific and general ↵ | Mark Benvenuto | 2018-01-29 | 1 | -0/+1490 |
| | | | | | | components." This reverts commit f627a7ee4e2c864013212d401aa108ad24aa9c4a. | ||||
* | Revert "SERVER-32750 Introduce SSLConnectionInterface for SSLConnection and ↵ | Mark Benvenuto | 2018-01-29 | 1 | -2/+0 |
| | | | | | | refactor" This reverts commit a263ed4f10132b32117c3981cdaec9522e1288a2. | ||||
* | SERVER-32750 Introduce SSLConnectionInterface for SSLConnection and refactor | Mark Benvenuto | 2018-01-29 | 1 | -0/+2 |
| | |||||
* | SERVER-32748 Split ssl_manager.cpp into openssl specific and general components. | Mark Benvenuto | 2018-01-29 | 1 | -1490/+0 |
| | |||||
* | SERVER-32674 Make SocketException not be a special type | Mathias Stearn | 2018-01-19 | 1 | -7/+6 |
| | |||||
* | SERVER-32396 Do not pass FQDNs to OpenSSL | ADAM David Alan Martin | 2017-12-20 | 1 | -8/+10 |
| | | | | | OpenSSL makes requests with the exact string passed as an SNI. This should have the trailing dot elided when present in FQDN form. | ||||
* | SERVER-31965 Correctly handle certificates for SRV URIs | ADAM David Alan Martin | 2017-11-28 | 1 | -24/+36 |
| | | | | | | | | | | The hostname provided by SRV records is a canonicalized FQDN ending in a '.' character. X.509 certificates use a canonical hostname with the trailing '.' removed. The comparison between these two forms needs to strip all trailing '.' characters. This is considered safe in all cases, as a DNS spoofing attack would still require forging or obtaining a certificate with a canonicalized name to make a redirection work. | ||||
* | SERVER-30914: Repair basic builds on OpenBSD | Andrew Aldridge | 2017-09-20 | 1 | -1/+1 |
| | | | | | | Closes #1172 Signed-off-by: Mark Benvenuto <mark.benvenuto@mongodb.com> | ||||
* | SERVER-23645 Unix socket certificate name mismatch is now a warning | ADAM David Alan Martin | 2017-08-30 | 1 | -1/+13 |
| | | | | | | Because Unix Domain Sockets are indicated by path, we can easily distinguish when we are likely to create them. Certificate mismatches on name for such sockets become warnings, instead of connection failures. | ||||
* | SERVER-30643: Ensure thread IDs observed by OpenSSL are uniformly distributed | Spencer Jackson | 2017-08-22 | 1 | -18/+47 |
| | |||||
* | Revert "SERVER-23645 Unix socket certificate name mismatch is now a warning" | ADAM David Alan Martin | 2017-08-18 | 1 | -13/+1 |
| | | | | This reverts commit c5b7415b7d1a314dd7f4f1143bc5b354894183c0. | ||||
* | SERVER-23645 Unix socket certificate name mismatch is now a warning | ADAM David Alan Martin | 2017-08-18 | 1 | -1/+13 |
| | | | | | | Because Unix Domain Sockets are indicated by path, we can easily distinguish when we are likely to create them. Certificate mismatches on name for such sockets become warnings, instead of connection failures. | ||||
* | SERVER-24897 Configuration of DHE parameters. | ADAM David Alan Martin | 2017-08-14 | 1 | -30/+116 |
| | | | | | | | Added an option to permit specifying a Diffie Hellman parameters file in PEM format which will be passed to OpenSSL. We also now indicate to OpenSSL that we'd like Elliptic Curve Diffie Hellman Exchange, if the client supports it. | ||||
* | SERVER-26538 SERVER-26539 Detach from boost::thread | Andrew Morrow | 2017-08-02 | 1 | -13/+14 |
| | | | | | Also, use thread_local everywhere for our thread specific data needs and remove the legacy support. | ||||
* | SERVER-27592 open windows certificate store read only | Ted Tuckman | 2017-07-10 | 1 | -2/+5 |
| | |||||
* | SERVER-30065 Do libdeps dependency types by section, not tuple | Andrew Morrow | 2017-07-08 | 1 | -1/+1 |
| | |||||
* | SERVER-29568: Create opensslCipherConfig setParameter | Spencer Jackson | 2017-06-28 | 1 | -0/+25 |
| | |||||
* | SERVER-28530 Prevent SSLThreadInfo destruction construction cycle | Spencer Jackson | 2017-04-10 | 1 | -50/+34 |
| | |||||
* | SERVER-28014 Add logging to expose non-SSL connections when SSL is preferred ↵ | samantharitter | 2017-03-21 | 1 | -0/+12 |
| | | | | but not required | ||||
* | SERVER-26781 Building with openssl 1.1.0 | Marek Skalický | 2017-02-08 | 1 | -3/+12 |
| | | | | | | Closes #1133 Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com> | ||||
* | SERVER-26699 Enable MSVC flags for C++ standards alignment | Mark Benvenuto | 2016-12-22 | 1 | -3/+5 |
| | |||||
* | SERVER-26944 Make Session decorable and move subsystem info into decorations | Jonathan Reams | 2016-12-14 | 1 | -0/+13 |
| | |||||
* | SERVER-27210 Allow shell to connect to replicasets with ssl=true in URI | Jonathan Reams | 2016-12-08 | 1 | -1/+1 |
| | |||||
* | SERVER-26369: Fix shard server crash with encrypted PEMKeyFiles | Spencer Jackson | 2016-11-08 | 1 | -12/+44 |
| | |||||
* | Revert "SERVER-25151 Honor 'ssl' option in URIs passed to the shell" | samantharitter | 2016-09-13 | 1 | -13/+9 |
| | | | | This reverts commit 7c3878adaf73736c33c7f65b718d8b5705c36142. | ||||
* | SERVER-25151 Honor 'ssl' option in URIs passed to the shell | samantharitter | 2016-09-13 | 1 | -9/+13 |
| | |||||
* | SERVER-25865 stdx::unordered_map and stdx::unordered_set | David Storch | 2016-09-08 | 1 | -5/+5 |
| | | | | | On Windows, these are aliases for boost containers. On other platforms they are aliases for std containers. | ||||
* | SERVER-25801 Only log x.509 roles when OID extension is present | Andreas Nilsson | 2016-08-29 | 1 | -9/+9 |
| | |||||
* | SERVER-25684 Support SNI server names in mongo shell | Jonathan Reams | 2016-08-23 | 1 | -1/+4 |
| | |||||
* | SERVER-22826 Support X509 Authorization | Spencer Jackson | 2016-08-11 | 1 | -7/+165 |
| | |||||
* | Revert "SERVER-22826 Support X509 Authorization" | Spencer Jackson | 2016-08-10 | 1 | -141/+7 |
| | | | | This reverts commit d930f4832631eca7092ada4328d780f2b8d19d31. | ||||
* | SERVER-22826 Support X509 Authorization | Spencer Jackson | 2016-08-09 | 1 | -7/+141 |
| |