MXS-1910: Only require ssl_ca_cert for servers

Servers in MaxScale can encrypt the connections without client keys and certificates. As keys and certificates are no longer required, the CA certificate must always be initialized.
2018-06-09 00:15:48 +03:00
parent c850336199
commit 1e1734f42e
4 changed files with 59 additions and 67 deletions
--- a/server/core/config_runtime.c
+++ b/server/core/config_runtime.c
@ -215,8 +215,8 @@ static SSL_LISTENER* create_ssl(const char *name, const char *key, const char *c
    if (obj)
    {
        if (config_add_param(obj, "ssl", "required") &&
-            config_add_param(obj, "ssl_key", key) &&
-            config_add_param(obj, "ssl_cert", cert) &&
+            (!key || config_add_param(obj, "ssl_key", key)) &&
+            (!cert || config_add_param(obj, "ssl_cert", cert)) &&
            config_add_param(obj, "ssl_ca_cert", ca) &&
            (!version || config_add_param(obj, "ssl_version", version)) &&
            (!depth || config_add_param(obj, "ssl_cert_verify_depth", depth)) &&