SERVER-38281 Defer TLS-1.0 auto disable warning till log startup

mongodb · Dec 6, 2018 · dfa007f · dfa007f
1 parent ce305db
commit dfa007f
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/src/mongo/db/server_options_test.cpp b/src/mongo/db/server_options_test.cpp
@@ -48,6 +48,7 @@
 
 #include <boost/filesystem.hpp>
 
+#include "mongo/base/init.h"
 #include "mongo/bson/util/builder.h"
 #include "mongo/db/server_options.h"
 #include "mongo/db/server_options_server_helpers.h"
@@ -66,6 +67,12 @@ using mongo::ErrorCodes;
 using mongo::Status;
 namespace moe = mongo::optionenvironment;
 
+MONGO_INITIALIZER(ServerLogRedirection)(mongo::InitializerContext*) {
+    // ssl_options_server.cpp has an initializer which depends on logging.
+    // We can stub that dependency out for unit testing purposes.
+    return Status::OK();
+}
+
 class OptionsParserTester : public moe::OptionsParser {
 public:
     Status readConfigFile(const std::string& filename, std::string* config) {

diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp
@@ -83,6 +83,8 @@ Status storeTLSLogVersion(const std::string& loggedProtocols) {
 
 namespace {
 
+bool gImplicitDisableTLS10 = false;
+
 // storeSSLServerOptions depends on serverGlobalParams.clusterAuthMode
 // and IDL based storage actions, and therefore must run later.
 MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) {
@@ -161,8 +163,7 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) {
          * old version of OpenSSL (pre 1.0.0l)
          * which does not support TLS 1.1 or later.
          */
-        log() << "Automatically disabling TLS 1.0, to force-enable TLS 1.0 "
-                 "specify --sslDisabledProtocols 'none'";
+        gImplicitDisableTLS10 = true;
         sslGlobalParams.sslDisabledProtocols.push_back(SSLParams::Protocols::TLS1_0);
 #endif
     }
@@ -312,5 +313,17 @@ MONGO_STARTUP_OPTIONS_VALIDATE(SSLServerOptions)(InitializerContext*) {
     return Status::OK();
 }
 
+// This warning must be deferred until after
+// ServerLogRedirection has started up so that
+// it goes to the right place.
+MONGO_INITIALIZER_WITH_PREREQUISITES(ImplicitDisableTLS10Warning, ("ServerLogRedirection"))
+(InitializerContext*) {
+    if (gImplicitDisableTLS10) {
+        log() << "Automatically disabling TLS 1.0, to force-enable TLS 1.0 "
+                 "specify --sslDisabledProtocols 'none'";
+    }
+    return Status::OK();
+}
+
 }  // namespace
 }  // namespace mongo
diff --git a/src/mongo/util/net/ssl_options_test.cpp b/src/mongo/util/net/ssl_options_test.cpp
@@ -37,6 +37,7 @@
 #include <ostream>
 
 #include "mongo/base/global_initializer.h"
+#include "mongo/base/init.h"
 #include "mongo/base/initializer.h"
 #include "mongo/db/server_options_server_helpers.h"
 #include "mongo/unittest/unittest.h"
@@ -51,6 +52,12 @@ namespace moe = mongo::optionenvironment;
 namespace mongo {
 namespace {
 
+MONGO_INITIALIZER(ServerLogRedirection)(InitializerContext*) {
+    // ssl_options_server.cpp has an initializer which depends on logging.
+    // We can stub that dependency out for unit testing purposes.
+    return Status::OK();
+}
+
 Status executeInitializer(const std::string& name) try {
     const auto* node =
         getGlobalInitializer().getInitializerDependencyGraph().getInitializerNode(name);