From b11e9309abfe245d6ce6349b6b0c863fa432c78b Mon Sep 17 00:00:00 2001
From: Adrian Gonzalez <adriangonzalezmontemayor@gmail.com>
Date: Mon, 15 May 2023 20:10:04 +0000
Subject: SERVER-77028 tlsClusterCAFile is not being used to validate client
 certificates on macOS

---
 src/mongo/util/net/ssl_manager_apple.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mongo/util/net/ssl_manager_apple.cpp b/src/mongo/util/net/ssl_manager_apple.cpp
index aba7cbb39ce..5d71d9c517b 100644
--- a/src/mongo/util/net/ssl_manager_apple.cpp
+++ b/src/mongo/util/net/ssl_manager_apple.cpp
@@ -1391,6 +1391,7 @@ SSLManagerApple::SSLManagerApple(const SSLParams& params, bool isServer)
     if (!params.sslClusterCAFile.empty()) {
         auto ca = uassertStatusOK(loadPEM(params.sslClusterCAFile, "", kLoadPEMStripKeys));
         _serverCA = std::move(ca);
+        _sslConfiguration.hasCA = true;
     } else {
         // No inbound CA specified, share a reference with outbound CA.
         auto ca = _clientCA.get();
@@ -1592,7 +1593,7 @@ Future<SSLPeerInfo> SSLManagerApple::parseAndValidatePeerCertificate(
             return SSLPeerInfo(sniName);
         } else {
             if (status == ::errSecSuccess) {
-                return badCert(str::stream() << "no SSL certificate provided by peer: "
+                return badCert(str::stream() << "No SSL certificate provided by peer: "
                                              << stringFromOSStatus(status),
                                _weakValidation);
             } else {
-- 
cgit v1.2.1