Merge branch 'develop' into MXS-179

Conflicts:
	CMakeLists.txt

Getting-Started/Building-MaxScale-from-Source-Code.md

@@ -28,7 +28,7 @@ You will need to install all of the following packages for all versions of RHEL,
 
 ```
 gcc gcc-c++ ncurses-devel bison glibc-devel cmake libgcc perl make libtool 
-openssl-devel libaio libaio-devel librabbitmq-devel
+openssl-devel libaio libaio-devel librabbitmq-devel libcurl-devel pcre-devel
 ```
 
 In addition, if you wish to to build an RPM package include:
@@ -68,7 +68,7 @@ These packages are required on all versions of Ubuntu and Debian.
 
 ```
 	build-essential libssl-dev libaio-dev ncurses-dev bison
-	cmake perl libtool librabbitmq-dev     
+	cmake perl libtool librabbitmq-dev libcurl-dev libpcre3-dev
 ```
 
 If you want to build a DEB package, you will also need:

Getting-Started/Configuration-Guide.md

@@ -326,6 +326,63 @@ Example:
 connection_timeout=300
 ```
 
+### Service and SSL
+
+This section describes configuration parameters for services that control the SSL/TLS encrption method and the various certificate files involved in it. To enable SSL, you must configure the `ssl` parameter with either `enabled` or `required` and provide the three files for `ssl_cert`, `ssl_key` and `ssl_ca_cert`. After this, MySQL connections to this service can be encrypted with SSL.
+
+#### `ssl`
+
+This enables SSL connections to the service. If this parameter is set to either `required` or `enabled` and the three certificate files can be found (these are explained afterwards), then client connections will be encrypted with SSL. If the parameter is `enabled` then both SSL and non-SSL connections can connect to this service. If the parameter is set to `required` then only SSL connections can be used for this service and non-SSL connections will get an error when they try to connect to the service.
+
+#### `ssl_key`
+
+The SSL private key the service should use. This will be the private key that is used as the server side private key during a client-server SSL handshake. This is a required parameter for SSL enabled services.
+
+#### `ssl_cert`
+
+The SSL certificate the service should use. This will be the public certificate that is used as the server side certificate during a client-server SSL handshake. This is a required parameter for SSL enabled services.
+
+#### `ssl_ca_cert`
+
+This is the Certificate Authority file. It will be used to verify that both the client and the server certificates are valid. This is a required parameter for SSL enabled services.
+
+### `ssl_version`
+
+This parameter controls the level of encryption used. Accepted values are:
+ * SSLv2
+ * SSLv3
+ * TLSv10
+ * TLSv11
+ * TLSv12
+ * MAX   
+
+### `ssl_cert_verification_depth`
+
+The maximum length of the certificate authority chain that will be accepted. Accepted values are positive integers.
+
+```
+# Example
+ssl_cert_verification_depth=10
+```
+
+Example SSL enabled service configuration:
+
+```
+[ReadWriteSplitService]
+type=service
+router=readwritesplit
+servers=server1,server2,server3
+user=myuser
+passwd=mypasswd
+ssl=required
+ssl_cert=/home/markus/certs/server-cert.pem
+ssl_key=/home/markus/certs/server-key.pem
+ssl_ca_cert=/home/markus/certs/ca.pem
+ssl_version=TLSv12
+```
+
+This configuration requires all connections to be encryped with SSL. It also specifies that TLSv1.2 should be used as the encryption method. The paths to the server certificate files and the Certificate Authority file are also provided.
+
 ### Server
 
 Server sections are used to define the backend database servers that can be formed into a service. A server may be a member of one or more services within MaxScale. Servers are identified by a server name which is the section name in the configuration file. Servers have a type parameter of server, plus address port and protocol parameters.

Reference/MaxScale-and-SSL.md

@@ -0,0 +1,15 @@
+# MaxScale and SSL
+
+MaxScale supports client side SSL connections. Enabling is done on a per service basis and each service has its own set of certificates.
+
+## SSL Options
+
+Here are the options which relate to SSL and certificates.
+Parameter|Values     |Description
+---------|-----------|--------
+ssl         | disabled, enabled, required |`disable` disables SSL, `enabled` enables SSL for client connections but still allows non-SSL connections and `required` requires SSL from all client connections. With the `required` option, client connections that do not use SSL will be rejected.
+ssl_cert    | path to file              |Path to server certificate
+ssl_key     | path to file              |Path to server private key
+ssl_ca_cert | path to file              |Path to Certificate Authority file
+ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level,  defaults to highest available encryption level which is TLSv1.2
+ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100.

maxscale.1

@@ -0,0 +1,69 @@
+.TH maxscale 1
+.SH NAME
+maxscale - The intelligent proxy
+.SH SYNOPSIS
+.B maxscale
+[\fIOPTIONS...\fR]
+.SH DESCRIPTION
+The MariaDB Corporation MaxScale is an intelligent proxy that allows forwarding of
+database statements to one or more database servers using complex rules,
+a semantic understanding of the database statements and the roles of
+the various servers within the backend cluster of databases.
+
+MaxScale is designed to provide load balancing and high availability
+functionality transparently to the applications. In addition it provides
+a highly scalable and flexible architecture, with plugin components to
+support different protocols and routing decisions.
+
+.SH OPTIONS
+.TP
+.BR "-d, --nodaemon"
+Run MaxScale in the terminal process
+.TP
+.BR -f " \fIFILE\fB, --config=\fIFILE\fR"
+Relative or absolute pathname of MaxScale configuration file to load.
+.TP
+.BR -l "[\fIfile|shm\fB], --log=[\fIfile|shm\fB]"
+Log trace and debug logs to file or shared memory. The debug and trace logs are disabled by default and if enabled, will log to shared memory.
+.TP
+.BR -L " \fIPATH\fB, --logdir=\fIPATH\fB"
+Path to log file directory.
+.TP
+.BR -D " \fIPATH\fB, --datadir=\fIPATH\fB"
+Path to data directory. This is where the embedded mysql tables are stored in addition to other MaxScale specific data.
+.TP
+.BR -C " \fIPATH\fB, --configdir=\fIPATH\fB"
+Path to configuration file directory. MaxScale will look for the \fImaxscale.cnf\fR file from this folder.
+.TP
+.BR -B " \fIPATH\fB, --libdir=\fIPATH\fB"
+Path to module directory. Modules are only searched from this folder.
+.TP
+.BR -A " \fIPATH\fB, --cachedir=\fIPATH\fB"
+Path to cache directory. This is where MaxScale stores cached authentication data.
+.TP
+.BR -P " \fIPATH\fB, --piddir=\fIPATH\fB"
+Location of MaxScale's PID file.
+.TP
+.BR -U " \fIUSER\fB, --user=\fIUSER\fB"
+Run MaxScale as another user. The user ID and group ID of this user are used to run MaxScale.
+.TP
+.BR -s " [\fIyes\fB|\fIno\fB], --syslog=[\fIyes\fB|\fIno\fB]"
+Log messages to syslog.
+.TP
+.BR -S " [\fIyes\fB|\fIno\fB], \fB--maxscalelog=[\fIyes\fB|\fIno\fB]"
+Log messages to MaxScale's own log files.
+.TP
+.BR "-v, --version"
+Print version information and exit.
+.TP
+.BR "-?, --help"
+Show the help information for MaxScale and exit.
+
+.SH EXAMPLES
+Tutorials on GitHub:
+.UR https://github.com/mariadb-corporation/MaxScale/blob/master/Documentation/Documentation-Contents.md#tutorials
+.UE
+.SH SEE ALSO
+The MaxScale documentation on GitHub:
+.UR https://github.com/mariadb-corporation/MaxScale/blob/master/Documentation/Documentation-Contents.md
+.UE