diff options
| author | Adrian Gonzalez <adriangonzalezmontemayor@gmail.com> | 2023-05-15 20:10:04 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-05-15 21:45:59 +0000 |
| commit | b11e9309abfe245d6ce6349b6b0c863fa432c78b (patch) | |
| tree | 4e51e4dc848cb2ad151b6c32ad51f821b71e011d | |
| parent | bd8d75aefc976bd126cd4a03e2a30943ee1e5cdc (diff) | |
| download | mongo-b11e9309abfe245d6ce6349b6b0c863fa432c78b.tar.gz | |
SERVER-77028 tlsClusterCAFile is not being used to validate client certificates on macOS
| -rw-r--r-- | src/mongo/util/net/ssl_manager_apple.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp index aba7cbb39ce..5d71d9c517b 100644 --- a/src/mongo/util/net/ssl_manager_apple.cpp +++ b/src/mongo/util/net/ssl_manager_apple.cpp @@ -1391,6 +1391,7 @@ SSLManagerApple::SSLManagerApple(const SSLParams& params, bool isServer) if (!params.sslClusterCAFile.empty()) { auto ca = uassertStatusOK(loadPEM(params.sslClusterCAFile, "", kLoadPEMStripKeys)); _serverCA = std::move(ca); + _sslConfiguration.hasCA = true; } else { // No inbound CA specified, share a reference with outbound CA. auto ca = _clientCA.get(); @@ -1592,7 +1593,7 @@ Future<SSLPeerInfo> SSLManagerApple::parseAndValidatePeerCertificate( return SSLPeerInfo(sniName); } else { if (status == ::errSecSuccess) { - return badCert(str::stream() << "no SSL certificate provided by peer: " + return badCert(str::stream() << "No SSL certificate provided by peer: " << stringFromOSStatus(status), _weakValidation); } else { |