From 5bc4d3a0dcf8b0f0a6da7b1ca6c9fb02a3daba5d Mon Sep 17 00:00:00 2001 From: Shreyas Kalyan Date: Mon, 17 Sep 2018 14:13:48 -0400 Subject: updates to some code --- jstests/ssl/ssl_x509_SAN.js | 3 +-- src/mongo/util/net/ssl_manager_apple.cpp | 2 +- src/mongo/util/net/ssl_manager_openssl.cpp | 5 +++-- src/mongo/util/net/ssl_manager_windows.cpp | 4 ++++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/jstests/ssl/ssl_x509_SAN.js b/jstests/ssl/ssl_x509_SAN.js index 3d0a9886193..0896d5caf0c 100644 --- a/jstests/ssl/ssl_x509_SAN.js +++ b/jstests/ssl/ssl_x509_SAN.js @@ -4,7 +4,7 @@ load('jstests/ssl/libs/ssl_helpers.js'); "use strict"; const SERVER1_CERT = "jstests/libs/server_SAN.pem"; - const SERVER2_CERT = "jstests/libs/server_SAN2.pem" + const SERVER2_CERT = "jstests/libs/server_SAN2.pem"; const CA_CERT = "jstests/libs/ca.pem"; const CLIENT_CERT = "jstests/libs/client_SAN.pem"; @@ -62,7 +62,6 @@ load('jstests/ssl/libs/ssl_helpers.js'); print("1. Testing x.509 auth to mongod"); { let mongo = MongoRunner.runMongod(x509_options); - print("MMONGONSDOJNFOSNDF") authAndTest(mongo.port); MongoRunner.stopMongod(mongo); } diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index 0bbc2b47429..3d53297aa19 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1479,7 +1479,7 @@ StatusWith> SSLManagerApple::parseAndValidatePeerCe if (!sanMatch && !cnMatch) { const auto msg = certErr.str(); - if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHostName)) { + if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) { warning() << msg; } else { error() << msg; diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index fe86588cd85..4b9ce8e37fe 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -1384,7 +1384,7 @@ StatusWith> SSLManagerOpenSSL::parseAndValidatePeer sanMatch = true; break; } - certificateNames << std::string(dnsName) << " "; + certificateNames << std::string(dnsName) << ", "; } else if (currentName && currentName -> type == GEN_IPADD) { std::string ipAddress (reinterpret_cast(ASN1_STRING_data(currentName->d.iPAddress))); auto swCIDRIPAddress = CIDR::parse(ipAddress); @@ -1395,6 +1395,7 @@ StatusWith> SSLManagerOpenSSL::parseAndValidatePeer sanMatch = true; break; } + certificateNames << std::string(ipAddress) << ", "; } } sk_GENERAL_NAME_pop_free(sanNames, GENERAL_NAME_free); @@ -1418,7 +1419,7 @@ StatusWith> SSLManagerOpenSSL::parseAndValidatePeer msgBuilder << "The server certificate does not match the host name. Hostname: " << remoteHost << " does not match " << certificateNames.str(); std::string msg = msgBuilder.str(); - if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHostName)) { + if (_allowInvalidCertificates || _allowInvalidHostnames || isUnixDomainSocket(remoteHost)) { warning() << msg; } else { error() << msg; diff --git a/src/mongo/util/net/ssl_manager_windows.cpp b/src/mongo/util/net/ssl_manager_windows.cpp index 7ac11406796..ad026f67dfe 100644 --- a/src/mongo/util/net/ssl_manager_windows.cpp +++ b/src/mongo/util/net/ssl_manager_windows.cpp @@ -59,6 +59,7 @@ #include "mongo/util/net/ssl_types.h" #include "mongo/util/text.h" #include "mongo/util/uuid.h" +#include "mongo/base/data_range.h" namespace mongo { @@ -1518,6 +1519,9 @@ StatusWith> getSubjectAlternativeNames(PCCERT_CONTEXT c for (size_t i = 0; i < altNames->cAltEntry; i++) { if (altNames->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { names.push_back(toUtf8String(altNames->rgAltEntry[i].pwszDNSName)); + } else if (altNames->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { + auto ip_struct = altNames->rgAltEntry[i].IPAddress; + } } -- cgit v1.2.1