From 441b7b13cbf3a8d8e8388709195d10f1c99793f9 Mon Sep 17 00:00:00 2001 From: Dan Aprahamian Date: Mon, 4 Dec 2017 17:42:44 -0500 Subject: [PATCH] feat(ssl): adds missing ssl options ssl options for `ciphers` and `ecdhCurve` Adds missingssl options that are required for mongodb-core to establish ssl handshake with mongo server which is used certificate with ECDH curve Ports #1579 to 3.0.0 --- lib/topologies/mongos.js | 4 ++++ lib/topologies/replset.js | 6 +++++- lib/topologies/server.js | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/topologies/mongos.js b/lib/topologies/mongos.js index c4bc98bfc0..1ad0ed5b3c 100644 --- a/lib/topologies/mongos.js +++ b/lib/topologies/mongos.js @@ -47,6 +47,8 @@ var legalOptionNames = [ 'sslCA', 'sslCRL', 'sslCert', + 'ciphers', + 'ecdhCurve', 'sslKey', 'sslPass', 'socketOptions', @@ -86,6 +88,8 @@ var legalOptionNames = [ * @param {object} [options.sslValidate=true] Validate mongod server certificate against ca (needs to have a mongod server with ssl support, 2.4 or higher) * @param {array} [options.sslCA=null] Array of valid certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher) * @param {array} [options.sslCRL=null] Array of revocation certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher) + * @param {string} [options.ciphers=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info. + * @param {string} [options.ecdhCurve=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info. * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher) * @param {(Buffer|string)} [options.sslKey=null] String or buffer containing the certificate private key we wish to present (needs to have a mongod server with ssl support, 2.4 or higher) * @param {(Buffer|string)} [options.sslPass=null] String or buffer containing the certificate password (needs to have a mongod server with ssl support, 2.4 or higher) diff --git a/lib/topologies/replset.js b/lib/topologies/replset.js index b6e67242c2..1edbae56bd 100644 --- a/lib/topologies/replset.js +++ b/lib/topologies/replset.js @@ -49,6 +49,8 @@ var legalOptionNames = [ 'sslValidate', 'sslCA', 'sslCert', + 'ciphers', + 'ecdhCurve', 'sslCRL', 'sslKey', 'sslPass', @@ -96,7 +98,9 @@ var legalOptionNames = [ * @param {object} [options.sslValidate=true] Validate mongod server certificate against ca (needs to have a mongod server with ssl support, 2.4 or higher) * @param {array} [options.sslCA=null] Array of valid certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher) * @param {array} [options.sslCRL=null] Array of revocation certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher) - * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher) + * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher. + * @param {string} [options.ciphers=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info. + * @param {string} [options.ecdhCurve=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info. * @param {(Buffer|string)} [options.sslKey=null] String or buffer containing the certificate private key we wish to present (needs to have a mongod server with ssl support, 2.4 or higher) * @param {(Buffer|string)} [options.sslPass=null] String or buffer containing the certificate password (needs to have a mongod server with ssl support, 2.4 or higher) * @param {string} [options.servername=null] String containing the server name requested via TLS SNI. diff --git a/lib/topologies/server.js b/lib/topologies/server.js index 93ee6099de..69d8ae30b1 100644 --- a/lib/topologies/server.js +++ b/lib/topologies/server.js @@ -44,6 +44,8 @@ var legalOptionNames = [ 'sslCA', 'sslCRL', 'sslCert', + 'ciphers', + 'ecdhCurve', 'sslKey', 'sslPass', 'socketOptions', @@ -86,6 +88,8 @@ var legalOptionNames = [ * @param {array} [options.sslCA=null] Array of valid certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher) * @param {array} [options.sslCRL=null] Array of revocation certificates either as Buffers or Strings (needs to have a mongod server with ssl support, 2.4 or higher) * @param {(Buffer|string)} [options.sslCert=null] String or buffer containing the certificate we wish to present (needs to have a mongod server with ssl support, 2.4 or higher) + * @param {string} [options.ciphers=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info. + * @param {string} [options.ecdhCurve=null] Passed directly through to tls.createSecureContext. See https://nodejs.org/dist/latest-v9.x/docs/api/tls.html#tls_tls_createsecurecontext_options for more info. * @param {(Buffer|string)} [options.sslKey=null] String or buffer containing the certificate private key we wish to present (needs to have a mongod server with ssl support, 2.4 or higher) * @param {(Buffer|string)} [options.sslPass=null] String or buffer containing the certificate password (needs to have a mongod server with ssl support, 2.4 or higher) * @param {string} [options.servername=null] String containing the server name requested via TLS SNI.