SERVER-25151 Honor ssl=true/false in URIs in the shell

src/mongo/client/connection_pool.cpp

@@ -31,6 +31,7 @@
 #include "mongo/client/connection_pool.h"
 
 #include "mongo/client/connpool.h"
+#include "mongo/client/mongo_uri.h"
 #include "mongo/db/auth/authorization_manager_global.h"
 #include "mongo/db/auth/internal_user_auth.h"
 #include "mongo/executor/network_connection_hook.h"
@@ -172,6 +173,7 @@ ConnectionPool::ConnectionList::iterator ConnectionPool::acquireConnection(
         conn.reset(new DBClientConnection(
             false,  // auto reconnect
             0,      // socket timeout
+            {},     // MongoURI
             [this, target](const executor::RemoteCommandResponse& isMasterReply) {
                 return _hook->validateHost(target, isMasterReply);
             }));

src/mongo/client/connection_string.h

@@ -40,6 +40,7 @@
 namespace mongo {
 
 class DBClientBase;
+class MongoURI;
 
 /**
  * ConnectionString handles parsing different ways to connect to mongo and determining method
@@ -118,7 +119,8 @@ class ConnectionString {
 
     DBClientBase* connect(StringData applicationName,
                           std::string& errmsg,
-                          double socketTimeout = 0) const;
+                          double socketTimeout = 0,
+                          const MongoURI* uri = nullptr) const;
 
     static StatusWith<ConnectionString> parse(const std::string& url);
 

src/mongo/client/connection_string_connect.cpp

@@ -36,6 +36,7 @@
 
 #include "mongo/client/dbclient_rs.h"
 #include "mongo/client/dbclientinterface.h"
+#include "mongo/client/mongo_uri.h"
 #include "mongo/stdx/memory.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/log.h"
@@ -47,10 +48,17 @@ ConnectionString::ConnectionHook* ConnectionString::_connectHook = NULL;
 
 DBClientBase* ConnectionString::connect(StringData applicationName,
                                         std::string& errmsg,
-                                        double socketTimeout) const {
+                                        double socketTimeout,
+                                        const MongoURI* uri) const {
+    MongoURI newURI{};
+    if (uri) {
+        newURI = *uri;
+    }
+
     switch (_type) {
         case MASTER: {
-            auto c = stdx::make_unique<DBClientConnection>(true);
+            auto c = stdx::make_unique<DBClientConnection>(true, 0, std::move(newURI));
+
             c->setSoTimeout(socketTimeout);
             LOG(1) << "creating new connection to:" << _servers[0];
             if (!c->connect(_servers[0], applicationName, errmsg)) {
@@ -62,7 +70,7 @@ DBClientBase* ConnectionString::connect(StringData applicationName,
 
         case SET: {
             auto set = stdx::make_unique<DBClientReplicaSet>(
-                _setName, _servers, applicationName, socketTimeout);
+                _setName, _servers, applicationName, socketTimeout, std::move(newURI));
             if (!set->connect()) {
                 errmsg = "connect failed to replica set ";
                 errmsg += toString();

src/mongo/client/dbclient.cpp

@@ -897,8 +897,24 @@ Status DBClientConnection::connectSocketOnly(const HostAndPort& serverAddress) {
     }
 
 #ifdef MONGO_CONFIG_SSL
-    int sslModeVal = sslGlobalParams.sslMode.load();
-    if (sslModeVal == SSLParams::SSLMode_preferSSL || sslModeVal == SSLParams::SSLMode_requireSSL) {
+    // Prefer to get SSL mode directly from our URI, but if it is not set, fall back to
+    // checking global SSL params. DBClientConnections create through the shell will have a
+    // meaningful URI set, but DBClientConnections created from within the server may not.
+    int sslMode;
+    auto options = _uri.getOptions();
+    auto iter = options.find("ssl");
+    if (iter != options.end()) {
+        if (iter->second == "true") {
+            sslMode = SSLParams::SSLMode_requireSSL;
+        } else {
+            sslMode = SSLParams::SSLMode_disabled;
+        }
+    } else {
+        sslMode = sslGlobalParams.sslMode.load();
+    }
+
+    if (sslMode == SSLParams::SSLMode_preferSSL || sslMode == SSLParams::SSLMode_requireSSL) {
+        uassert(40312, "SSL is not enabled; cannot create an SSL connection", sslManager());
         if (!_port->secure(sslManager(), serverAddress.host())) {
             return Status(ErrorCodes::SSLHandshakeFailed, "Failed to initialize SSL on connection");
         }
@@ -1296,12 +1312,14 @@ void DBClientWithCommands::createIndex(StringData ns, const IndexSpec& descripto
 
 DBClientConnection::DBClientConnection(bool _autoReconnect,
                                        double so_timeout,
+                                       MongoURI uri,
                                        const HandshakeValidationHook& hook)
     : _failed(false),
       autoReconnect(_autoReconnect),
       autoReconnectBackoff(1000, 2000),
       _so_timeout(so_timeout),
-      _hook(hook) {
+      _hook(hook),
+      _uri(std::move(uri)) {
     _numConnections.fetchAndAdd(1);
 }
 

src/mongo/client/dbclient_rs.cpp

@@ -136,8 +136,12 @@ bool DBClientReplicaSet::_authPooledSecondaryConn = true;
 DBClientReplicaSet::DBClientReplicaSet(const string& name,
                                        const vector<HostAndPort>& servers,
                                        StringData applicationName,
-                                       double so_timeout)
-    : _setName(name), _applicationName(applicationName.toString()), _so_timeout(so_timeout) {
+                                       double so_timeout,
+                                       MongoURI uri)
+    : _setName(name),
+      _applicationName(applicationName.toString()),
+      _so_timeout(so_timeout),
+      _uri(std::move(uri)) {
     _rsm =
         ReplicaSetMonitor::createIfNeeded(name, set<HostAndPort>(servers.begin(), servers.end()));
 }

src/mongo/client/dbclient_rs.h

@@ -32,6 +32,7 @@
 #include <utility>
 
 #include "mongo/client/dbclientinterface.h"
+#include "mongo/client/mongo_uri.h"
 #include "mongo/util/net/hostandport.h"
 
 namespace mongo {
@@ -60,7 +61,8 @@ class DBClientReplicaSet : public DBClientBase {
     DBClientReplicaSet(const std::string& name,
                        const std::vector<HostAndPort>& servers,
                        StringData applicationName,
-                       double so_timeout = 0);
+                       double so_timeout = 0,
+                       MongoURI uri = {});
     virtual ~DBClientReplicaSet();
 
     /**
@@ -325,6 +327,8 @@ class DBClientReplicaSet : public DBClientBase {
     // not sure if/how we should handle
     std::map<std::string, BSONObj> _auths;  // dbName -> auth parameters
 
+    MongoURI _uri;
+
 protected:
     /**
      * for storing (non-threadsafe) information between lazy calls

src/mongo/client/dbclientinterface.h

@@ -33,6 +33,7 @@
 #include "mongo/base/string_data.h"
 #include "mongo/client/connection_string.h"
 #include "mongo/client/index_spec.h"
+#include "mongo/client/mongo_uri.h"
 #include "mongo/client/query.h"
 #include "mongo/client/read_preference.h"
 #include "mongo/db/jsobj.h"
@@ -979,6 +980,7 @@ class DBClientConnection : public DBClientBase {
      */
     DBClientConnection(bool _autoReconnect = false,
                        double so_timeout = 0,
+                       MongoURI uri = {},
                        const HandshakeValidationHook& hook = HandshakeValidationHook());
 
     virtual ~DBClientConnection() {
@@ -1188,6 +1190,8 @@ class DBClientConnection : public DBClientBase {
     HandshakeValidationHook _hook;
 
     MessageCompressorManager _compressorManager;
+
+    MongoURI _uri;
 };
 
 BSONElement getErrField(const BSONObj& result);

src/mongo/client/mongo_uri_connect.cpp

@@ -177,7 +177,7 @@ DBClientBase* MongoURI::connect(StringData applicationName, std::string& errmsg)
         }
     }
 
-    auto ret = _connectString.connect(applicationName, errmsg, socketTimeout);
+    auto ret = _connectString.connect(applicationName, errmsg, socketTimeout, this);
     if (!ret) {
         return ret;
     }