hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bug in mysql_client.c (over optimisation of protocol setting); various clarifications and improvements re code review.

Browse Source
This commit is contained in:
counterpoint
2016-02-22 11:05:02 +00:00
parent 866e91c088
commit 5077933e41
10 changed files with 75 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/core/config.c
View File

@ -133,14 +133,6 @@ static char *service_params[] =
"version_string",
"filters",
"weightby",
/* These should no longer be required
"ssl_cert",
"ssl_ca_cert",
"ssl",
"ssl_key",
"ssl_version",
"ssl_cert_verify_depth",
* */
"ignore_databases",
"ignore_databases_regex",
"log_auth_warnings",
@ -1094,7 +1086,13 @@ make_ssl_structure (CONFIG_CONTEXT *obj, bool require_cert, int *error_count)
local_errors++;
}
}
else new_ssl->ssl_cert_verify_depth = 9;
else
{
/**
* Default of 9 as per Linux man page
*/
new_ssl->ssl_cert_verify_depth = 9;
}
listener_set_certificates(new_ssl, ssl_cert, ssl_key, ssl_ca_cert);

6
server/core/dcb.c
View File

@ -2957,38 +2957,32 @@ int dcb_connect_SSL(DCB* dcb)
case SSL_ERROR_NONE:
MXS_DEBUG("SSL_connect done for %s", dcb->remote);
return 1;
break;
case SSL_ERROR_WANT_READ:
MXS_DEBUG("SSL_connect ongoing want read for %s", dcb->remote);
return 0;
break;
case SSL_ERROR_WANT_WRITE:
MXS_DEBUG("SSL_connect ongoing want write for %s", dcb->remote);
return 0;
break;
case SSL_ERROR_ZERO_RETURN:
MXS_DEBUG("SSL error, shut down cleanly during SSL connect %s", dcb->remote);
dcb_log_errors_SSL(dcb, __func__, 0);
poll_fake_hangup_event(dcb);
return 0;
break;
case SSL_ERROR_SYSCALL:
MXS_DEBUG("SSL connection shut down with SSL_ERROR_SYSCALL during SSL connect %s", dcb->remote);
dcb_log_errors_SSL(dcb, __func__, ssl_rval);
poll_fake_hangup_event(dcb);
return -1;
break;
default:
MXS_DEBUG("SSL connection shut down with error during SSL connect %s", dcb->remote);
dcb_log_errors_SSL(dcb, __func__, 0);
poll_fake_hangup_event(dcb);
return -1;
break;
}
}

5
server/core/gw_ssl.c
View File

@ -52,9 +52,8 @@
* @param is_capable Indicates if the client can handle SSL
* @return 0 if ok, >0 if a problem - see return codes defined in gw_ssl.h
*/
int ssl_authenticate_client(DCB *dcb, bool is_capable)
int ssl_authenticate_client(DCB *dcb, const char *user, bool is_capable)
{
char *user = dcb->user ? dcb->user : "";
char *remote = dcb->remote ? dcb->remote : "";
char *service = (dcb->service && dcb->service->name) ? dcb->service->name : "";
@ -68,7 +67,7 @@ int ssl_authenticate_client(DCB *dcb, bool is_capable)
{
/* Should be SSL, but client is not SSL capable */
MXS_INFO("User %s@%s connected to service '%s' without SSL when SSL was required.",
user ? user : "", remote ? remote : "", service ? service : "");
user, remote, service);
return SSL_ERROR_CLIENT_NOT_SSL;
}
/* Now we know SSL is required and client is capable */

55
server/core/listener.c
View File

@ -45,6 +45,32 @@ static RSA *rsa_1024 = NULL;
static RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength);
/**
* Create a new listener structure
*
* @param protocol The name of the protocol module
* @param address The address to listen with
* @param port The port to listen on
* @param authenticator Name of the authenticator to be used
* @param ssl SSL configuration
* @return New listener object or NULL if unable to allocate
*/
SERV_LISTENER *
alloc_listener(char *protocol, char *address, unsigned short port, char *authenticator, SSL_LISTENER *ssl)
{
SERV_LISTENER *proto = NULL;
if ((proto = (SERV_LISTENER *)malloc(sizeof(SERV_LISTENER))) != NULL)
{
proto->listener = NULL;
proto->protocol = strdup(protocol);
proto->address = address ? strdup(address) : NULL;
proto->port = port;
proto->authenticator = authenticator ? strdup(authenticator) : NULL;
proto->ssl = ssl;
}
return proto;
}
/**
* Set the maximum SSL/TLS version the listener will support
* @param ssl_listener Listener data to configure
@ -94,31 +120,14 @@ listener_set_ssl_version(SSL_LISTENER *ssl_listener, char* version)
void
listener_set_certificates(SSL_LISTENER *ssl_listener, char* cert, char* key, char* ca_cert)
{
if (NULL != cert)
{
if (ssl_listener->ssl_cert)
{
free(ssl_listener->ssl_cert);
}
ssl_listener->ssl_cert = strdup(cert);
}
else ssl_listener->ssl_cert = NULL;
free(ssl_listener->ssl_cert);
ssl_listener->ssl_cert = cert ? strdup(cert) : NULL;
if (NULL != key)
{
if (ssl_listener->ssl_key)
{
free(ssl_listener->ssl_key);
}
ssl_listener->ssl_key = strdup(key);
}
else ssl_listener->ssl_key = NULL;
free(ssl_listener->ssl_key);
ssl_listener->ssl_key = key ? strdup(key) : NULL;
if (ssl_listener->ssl_ca_cert)
{
free(ssl_listener->ssl_ca_cert);
}
ssl_listener->ssl_ca_cert = strdup(ca_cert);
free(ssl_listener->ssl_ca_cert);
ssl_listener->ssl_ca_cert = ca_cert ? strdup(ca_cert) : NULL;
}
/**

22
server/core/service.c
View File

@ -680,6 +680,8 @@ service_free(SERVICE *service)
* @param protocol The name of the protocol module
* @param address The address to listen with
* @param port The port to listen on
* @param authenticator Name of the authenticator to be used
* @param ssl SSL configuration
* @return TRUE if the protocol/port could be added
*/
int
@ -687,22 +689,16 @@ serviceAddProtocol(SERVICE *service, char *protocol, char *address, unsigned sho
{
SERV_LISTENER *proto;
if ((proto = (SERV_LISTENER *)malloc(sizeof(SERV_LISTENER))) == NULL)
if ((proto = alloc_listener(protocol, address, port, authenticator, ssl)) != NULL)
{
return 0;
spinlock_acquire(&service->spin);
proto->next = service->ports;
service->ports = proto;
spinlock_release(&service->spin);
return 1;
}
proto->listener = NULL;
proto->protocol = strdup(protocol);
proto->address = address ? strdup(address) : NULL;
proto->port = port;
proto->authenticator = authenticator ? strdup(authenticator) : NULL;
proto->ssl = ssl;
spinlock_acquire(&service->spin);
proto->next = service->ports;
service->ports = proto;
spinlock_release(&service->spin);
return 1;
return 0;
}
/**