# Copyright (C) 2018-present MongoDB, Inc. # # This program is free software: you can redistribute it and/or modify # it under the terms of the Server Side Public License, version 1, # as published by MongoDB, Inc. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # Server Side Public License for more details. # # You should have received a copy of the Server Side Public License # along with this program. If not, see # . # # As a special exception, the copyright holders give permission to link the # code of portions of this program with the OpenSSL library under certain # conditions as described in each individual source file and distribute # linked combinations including the program with the OpenSSL library. You # must comply with the Server Side Public License in all respects for # all of the code used other than as permitted herein. If you modify file(s) # with this exception, you may extend this exception to your version of the # file(s), but you are not obligated to do so. If you do not wish to do so, # delete this exception statement from your version. If you delete this # exception statement from all source files in the program, then also delete # it in the license file. # global: cpp_namespace: "mongo" cpp_includes: - "mongo/config.h" - "mongo/util/net/ssl_options.h" configs: section: "TLS Options" source: [ yaml, cli, ini ] imports: - "mongo/db/basic_types.idl" configs: tls: description: "use TLS for all connections" short_name: tls deprecated_name: ssl deprecated_short_name: ssl arg_vartype: Switch "tls.certificateKeyFile": description: "PEM certificate/key file for TLS" short_name: tlsCertificateKeyFile deprecated_name: "ssl.PEMKeyFile" deprecated_short_name: "sslPEMKeyFile" arg_vartype: String cpp_varname: "sslGlobalParams.sslPEMKeyFile" requires: tls "tls.tlsCertificateKeyFilePassword": description: "Password for key in PEM file for TLS" short_name: tlsCertificateKeyFilePassword deprecated_name: "ssl.PEMKeyPassword" deprecated_short_name: sslPEMKeyPassword arg_vartype: String cpp_varname: "sslGlobalParams.sslPEMKeyPassword" requires: tls redact: true "tls.CAFile": description: "Certificate Authority file for TLS" short_name: tlsCAFile deprecated_name: "ssl.CAFile" deprecated_short_name: sslCAFile arg_vartype: String cpp_varname: "sslGlobalParams.sslCAFile" requires: tls "tls.CRLFile": description: "Certificate Revocation List file for TLS" short_name: tlsCRLFile deprecated_name: "ssl.CRLFile" deprecated_short_name: sslCRLFile arg_vartype: String cpp_varname: "sslGlobalParams.sslCRLFile" requires: [ tls, "tls.CAFile" ] "tls.allowInvalidHostnames": description: "Allow connections to servers with non-matching hostnames" short_name: tlsAllowInvalidHostnames deprecated_name: "ssl.allowInvalidHostnames" deprecated_short_name: sslAllowInvalidHostnames arg_vartype: Switch cpp_varname: "sslGlobalParams.sslAllowInvalidHostnames" requires: tls "tls.allowInvalidCertificates": description: "Allow connections to servers with invalid certificates" short_name: tlsAllowInvalidCertificates deprecated_name: sslAllowInvalidCertificates deprecated_short_name: sslAllowInvalidCertificates arg_vartype: Switch cpp_varname: "sslGlobalParams.sslAllowInvalidCertificates" requires: tls "tls.certificateSelector": description: "TLS Certificate in system store" short_name: tlsCertificateSelector deprecated_name: "ssl.certificateSelector" deprecated_short_name: sslCertificateSelector arg_vartype: String requires: tls condition: preprocessor: "defined(MONGO_CONFIG_SSL_CERTIFICATE_SELECTORS)" "tls.disabledProtocols": description: "Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2,TLS1_3]" short_name: tlsDisabledProtocols deprecated_name: "ssl.disabledProtocols" deprecated_short_name: sslDisabledProtocols arg_vartype: String requires: tls