From 19ed9c958b369bd7e1776a57bd406ebe84cf2bec Mon Sep 17 00:00:00 2001
From: Mark Benvenuto <mark.benvenuto@mongodb.com>
Date: Thu, 10 Dec 2020 19:59:08 -0500
Subject: SERVER-52945 Make mongod use x509 auth on egress connections if
 NetworkInterface has SSLConnectionContext override even if other egress
 connections use keyFile auth

---
 src/mongo/util/net/ssl_manager.cpp | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'src/mongo/util/net/ssl_manager.cpp')

diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 39228cdfb8c..d80d882fe87 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -372,11 +372,8 @@ void SSLManagerCoordinator::rotate() {
     int clusterAuthMode = serverGlobalParams.clusterAuthMode.load();
     if (clusterAuthMode == ServerGlobalParams::ClusterAuthMode_x509 ||
         clusterAuthMode == ServerGlobalParams::ClusterAuthMode_sendX509) {
-        auth::setInternalUserAuthParams(
-            BSON(saslCommandMechanismFieldName
-                 << "MONGODB-X509" << saslCommandUserDBFieldName << "$external"
-                 << saslCommandUserFieldName
-                 << manager->getSSLConfiguration().clientSubjectName.toString()));
+        auth::setInternalUserAuthParams(auth::createInternalX509AuthDocument(
+            StringData(manager->getSSLConfiguration().clientSubjectName.toString())));
     }
 
     auto tl = getGlobalServiceContext()->getTransportLayer();
-- 
cgit v1.2.1