Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-88446

Migrate TLSVersionCounts to Service

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Server Security

      TLSVersionCounts is a decoration on ServiceContext. This means that it is not possible to record version counts negotiated through different Service roles. We should migrate the object to Service.

       

      This will be complicated by the lifetime and ownership semantics of the objects in question.  SSLManagerOpenSSL records the TLS version of a negotiated protocol in parseAndValidatePeerCertificate by calling recordTLSVersion. This function does not accept a ServiceContext/Client/or OperationContext. Instead, recordTLSVersion acquires TLSVersionCounts off the global service context. SSLManagerOpenSSL is owned by the SSLManagerCoordinator, which is itself a global singleton and not a decoration.

      Somehow, we would need the transport layer to pass a Service to parseAndValidatePeerCertificate, which would be used to acquire the TLSVersionCounts.

       

            Assignee:
            Unassigned Unassigned
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: