-
Type:
Improvement
-
Resolution: Works as Designed
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:
-
Security 2020-09-21
In SERVER-8364 we added logging of the OpenSSL version but it seems this is the compile-time version .
In the code it's obvious that it's the current OpenSSL line is about the build version, but it's not clear in the logs since there is a "build environment:" section later. For example:
2019-10-28T14:17:33.088+0000 I CONTROL [main] ***** SERVER RESTARTED *****
2019-10-28T14:17:33.092+0000 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
2019-10-28T14:17:33.139+0000 I CONTROL [initandlisten] MongoDB starting : pid=13682 port=27118 dbpath=/u01/mongod/data/mongod_ukoplog1u 64-bit host=kn-ebs-momv01
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] db version v4.0.13
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] git version: bda366f0b0e432ca143bc41da54d8732bd8d03c0
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] allocator: tcmalloc
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] modules: enterprise
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] build environment:
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] distmod: rhel70
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] distarch: x86_64
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] target_arch: x86_64
2019-10-28T14:17:33.140+0000 I CONTROL [initandlisten] options: { ... }
In appendBuildInfo we output both and I think this goes into FTDC:
opensslInfo << "running" << openSSLVersion() << "compiled" << OPENSSL_VERSION_TEXT;
Let's put both running and compiled version into the startup logs too. If possible, let's also output the path of the .so library file linked in to help diagnose custom libldap_r linking.
Could this be scheduled in PM-1492 alongside SERVER-43761 ?