diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c b/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c
|
index 056f524..27a4029 100644
|
--- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c
|
+++ b/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c
|
@@ -54,7 +54,7 @@ static int importCertStoreToX509_STORE(
|
int status = 1;
|
X509* x509Cert = NULL;
|
HCERTSTORE systemStore =
|
- CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation, storeName);
|
+ CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, (HCRYPTPROV)NULL, storeLocation|CERT_STORE_READONLY_FLAG, storeName);
|
if (systemStore == NULL) {
|
formatError(GetLastError(),"error opening system CA store",err,err_len);
|
status = 0;
|
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
|
index ed70d6b..fd8a231 100644
|
--- a/src/mongo/util/net/ssl_manager.cpp
|
+++ b/src/mongo/util/net/ssl_manager.cpp
|
@@ -900,7 +900,7 @@ Status importCertStoreToX509_STORE(const wchar_t* storeName,
|
DWORD storeLocation,
|
X509_STORE* verifyStore) {
|
HCERTSTORE systemStore = CertOpenStore(
|
- CERT_STORE_PROV_SYSTEM_W, 0, NULL, storeLocation, const_cast<LPWSTR>(storeName));
|
+ CERT_STORE_PROV_SYSTEM_W, 0, NULL, storeLocation|CERT_STORE_READONLY_FLAG, const_cast<LPWSTR>(storeName));
|
if (systemStore == NULL) {
|
return {ErrorCodes::InvalidSSLConfiguration,
|
str::stream() << "error opening system CA store: " << errnoWithDescription()};
|