Added configuration options for different SSL modes.

2015-05-28 16:33:51 +03:00
parent 16d6bd6d2c
commit 3d6259cb00
4 changed files with 37 additions and 5 deletions
--- a/server/core/config.c
+++ b/server/core/config.c
@ -345,6 +345,7 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
 				char *weightby;
 				char *version_string;
 				char *subservices;
+				char* ssl;
 				bool  is_rwsplit = false;
 				bool  is_schemarouter = false;
 				char *allow_localhost_match_wildcard_host;
@ -353,6 +354,8 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
 				user = config_get_value(obj->parameters, "user");
 				auth = config_get_value(obj->parameters, "passwd");
 				subservices = config_get_value(obj->parameters, "subservices");
+				ssl = config_get_value(obj->parameters, "ssl");
+
 				enable_root_user = config_get_value(
 							obj->parameters, 
 							"enable_root_user");
@ -443,7 +446,11 @@ hashtable_memory_fns(monitorhash,strdup,NULL,free,NULL);
                                max_slave_rlag_str = 
                                        config_get_value(obj->parameters, 
                                                         "max_slave_replication_lag");
-                                        
+
+				if(ssl)
+				    if(serviceSetSSL(obj->element,ssl) != 0)
+					skygw_log_write(LE,"Error: Unknown parameter for service '%s': %s",obj->object,ssl);
+
 				if (enable_root_user)
 					serviceEnableRootUser(
                                                obj->element, 
--- a/server/core/service.c
+++ b/server/core/service.c
@ -136,7 +136,7 @@ SERVICE 	*service;
 	service->routerModule = strdup(router);
 	service->users_from_all = false;
 	service->resources = NULL;
-	service->ssl_mode = SSL_REQUIRED;
+	service->ssl_mode = SSL_DISABLED;

 	if (service->name == NULL || service->routerModule == NULL)
 	{
@ -858,12 +858,20 @@ serviceOptimizeWildcard(SERVICE *service, int action)

 /** Enable or disable the service SSL capability*/
 int
-serviceSetSSL(SERVICE *service, int action)
+serviceSetSSL(SERVICE *service, char* action)
 {
-    if(action)
+    int rval = 0;
+
+    if(strcasecmp(action,"required") == 0)
 	service->ssl_mode = SSL_REQUIRED;
-    else
+    else if(strcasecmp(action,"enabled") == 0)
+	service->ssl_mode = SSL_ENABLED;
+    else if(strcasecmp(action,"disabled") == 0)
 	service->ssl_mode = SSL_DISABLED;
+    else
+	rval = -1;
+
+    return rval;
 }

 /**
@ -1029,6 +1037,8 @@ int		i;
 	printf("\tUsers data:        	%p\n", (void *)service->users);
 	printf("\tTotal connections:	%d\n", service->stats.n_sessions);
 	printf("\tCurrently connected:	%d\n", service->stats.n_current);
+	printf("\tSSL:	%s\n", service->ssl_mode == SSL_DISABLED ? "Disabled":
+	    (service->ssl_mode == SSL_ENABLED ? "Enabled":"Required"));
 }

 /**
@ -1138,6 +1148,8 @@ int		i;
 						service->stats.n_sessions);
 	dcb_printf(dcb, "\tCurrently connected:			%d\n",
 						service->stats.n_current);
+		dcb_printf(dcb,"\tSSL:	%s\n", service->ssl_mode == SSL_DISABLED ? "Disabled":
+	    (service->ssl_mode == SSL_ENABLED ? "Enabled":"Required"));
 }

 /**