From 64672e68a25e1c4c53a9e1e974036b02fdda2cc5 Mon Sep 17 00:00:00 2001
From: Sara Golemon <sara.golemon@mongodb.com>
Date: Thu, 20 Sep 2018 14:32:38 +0000
Subject: SERVER-37222 Add ssl* deprecated aliases for tlsClusterCAFile and
 tlsWithholdClientCertificate

---
 jstests/ssl/ssl_withhold_client_cert.js   | 8 ++++++++
 src/mongo/util/net/ssl_manager.cpp        | 6 ++++++
 src/mongo/util/net/ssl_options_server.cpp | 4 +++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/jstests/ssl/ssl_withhold_client_cert.js b/jstests/ssl/ssl_withhold_client_cert.js
index 3839e5d6aef..e8084c98439 100644
--- a/jstests/ssl/ssl_withhold_client_cert.js
+++ b/jstests/ssl/ssl_withhold_client_cert.js
@@ -42,4 +42,12 @@
                                        base_options);
 
     testRS(test_options, true);
+
+    const depr_options = Object.extend({
+        sslAllowConnectionsWithoutCertificates: '',
+        setParameter: 'sslWithholdClientCertificate=true',
+    },
+                                       base_options);
+
+    testRS(depr_options, true);
 }());
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 59601090989..6a4a39c8d2a 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -68,6 +68,12 @@ ExportedServerParameter<bool, ServerParameterType::kStartupOnly> tlsWithholdClie
     "tlsWithholdClientCertificate",
     &sslGlobalParams.tlsWithholdClientCertificate);
 
+// Deprecated alias for tlsWithholdClientCertificate
+ExportedServerParameter<bool, ServerParameterType::kStartupOnly> sslWithholdClientCertificate(
+    ServerParameterSet::getGlobal(),
+    "sslWithholdClientCertificate",
+    &sslGlobalParams.tlsWithholdClientCertificate);
+
 }  // namespace
 
 class OpenSSLCipherConfigParameter
diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp
index fa9fe9108ca..2cc64b4926e 100644
--- a/src/mongo/util/net/ssl_options_server.cpp
+++ b/src/mongo/util/net/ssl_options_server.cpp
@@ -120,7 +120,9 @@ Status addSSLServerOptions(moe::OptionSection* options) {
     options->addOptionChaining("net.tls.clusterCAFile",
                                "tlsClusterCAFile",
                                moe::String,
-                               "CA used for verifying remotes during outbound connections");
+                               "CA used for verifying remotes during outbound connections",
+                               {"net.ssl.clusterCAFile"},
+                               {"sslClusterCAFile"});
 
     options->addOptionChaining("net.tls.CRLFile",
                                "tlsCRLFile",
-- 
cgit v1.2.1