[SERVER-71910] Minimize SSL Interface in Session Created: 06/Dec/22  Updated: 29/Oct/23  Resolved: 13/Feb/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Improvement Priority: Major - P3
Reporter: Matt Diener (Inactive) Assignee: Matt Diener (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Minor Change
Sprint: Service Arch 2022-12-26, Service Arch 2023-01-09, Service Arch 2023-01-23, Service Arch 2023-02-06, Service Arch 2023-02-20
Participants:

 Description   

See design

The SSL code cannot be completely sandboxed from Session without its own large design which would likely inflate the scope of this project. We are opting for a short-term alternative that minimizes the impact that SSL has on the Session API, while allowing for a future project to clean up the ASIOSession to have better separation of responsibilities. 

The SSL-specific code is easily identifiable by searching for #ifdef MONGO_CONFIG_SSL throughout the code base. The three functions in the API and what we should do with them follows:

  • getSSLManager
    • Remove from the public interface. The only caller is a uassert checking whether SSL is enabled for the session. 
    • Worst case: this part of the public API is replaced by a simpler function: isSSLEnabled.
    • Best case: the SSLManagerCoordinator is given the ability to lookup an SSL manager from a Session.
  • getSSLConfiguration
    • Remove this. It can be acquired through the SSLManager, which in the best case described above will be found through the SSLManagerCoordinator.
  • getSniName
    • Remove. Its only caller is Client::getSniNameForSession, which can be rewritten to get this information through other means. 


 Comments   
Comment by Githook User [ 10/Feb/23 ]

Author:

{'name': 'Matt Diener', 'email': 'matt.diener@mongodb.com', 'username': 'mattdiener'}

Message: SERVER-71910 shrink Session's SSL interface
Branch: master
https://github.com/mongodb/mongo/commit/e93a4b101d43b2a5b10446e79995f9ad278c13f7

Comment by Githook User [ 30/Jan/23 ]

Author:

{'name': 'Matt Diener', 'email': 'matt.diener@mongodb.com', 'username': 'mattdiener'}

Message: SERVER-71910 ensure SSLPeerInfo is not mutated after construction
Branch: master
https://github.com/mongodb/mongo/commit/8a04125c89dd61b50e97471f7ecd15e29a5e97e0

Generated at Thu Feb 08 06:20:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.