hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.3' of github.com:mariadb-corporation/MaxScale into 2.3

Browse Source
This commit is contained in:
Timofey Turenko
2019-11-30 22:35:47 +02:00
parent 99d1ecd472 cd9b82ba09
commit 5ae2d02215
4 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -1852,10 +1852,14 @@ This parameter controls the level of encryption used. Accepted values are:
* TLSv10 * TLSv10
* TLSv11 * TLSv11
* TLSv12 * TLSv12
* TLSv13
* MAX * MAX
The default is to use the highest level of encryption available. For OpenSSL 1.0 The default is to use the highest level of encryption available that both the
and newer this is TLSv1.2. client and server support. MaxScale supports TLSv1.0, TLSv1.1, TLSv1.2 and
TLSv1.3 depending on the OpenSSL library version.
The `TLSv13` value was added in MaxScale 2.3.15 ([MXS-2762](https://jira.mariadb.org/browse/MXS-2762)).
### `ssl_cert_verify_depth` ### `ssl_cert_verify_depth`

6
server/core/listener.cc
View File

@ -288,7 +288,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
case SERVICE_TLS11: case SERVICE_TLS11:
#ifdef OPENSSL_1_0 #if defined (OPENSSL_1_0) || defined (OPENSSL_1_1)
ssl->method = (SSL_METHOD*)TLSv1_1_method(); ssl->method = (SSL_METHOD*)TLSv1_1_method();
#else #else
MXS_ERROR("TLSv1.1 is not supported on this system."); MXS_ERROR("TLSv1.1 is not supported on this system.");
@ -297,7 +297,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
break; break;
case SERVICE_TLS12: case SERVICE_TLS12:
#ifdef OPENSSL_1_0 #if defined (OPENSSL_1_0) || defined (OPENSSL_1_1)
ssl->method = (SSL_METHOD*)TLSv1_2_method(); ssl->method = (SSL_METHOD*)TLSv1_2_method();
#else #else
MXS_ERROR("TLSv1.2 is not supported on this system."); MXS_ERROR("TLSv1.2 is not supported on this system.");
@ -383,7 +383,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
/* Load the CA certificate into the SSL_CTX structure */ /* Load the CA certificate into the SSL_CTX structure */
if (!SSL_CTX_load_verify_locations(ctx, ssl->ssl_ca_cert, NULL)) if (!SSL_CTX_load_verify_locations(ctx, ssl->ssl_ca_cert, NULL))
{ {
MXS_ERROR("Failed to set Certificate Authority file"); MXS_ERROR("Failed to set Certificate Authority file: %s", get_ssl_errors());
rval = false; rval = false;
} }

4
server/core/routingworker.cc
View File

@ -453,9 +453,9 @@ RoutingWorker* RoutingWorker::get(int worker_id)
worker_id = this_unit.id_main_worker; worker_id = this_unit.id_main_worker;
} }
mxb_assert((worker_id >= this_unit.id_min_worker) && (worker_id <= this_unit.id_max_worker)); bool valid = (worker_id >= this_unit.id_min_worker && worker_id <= this_unit.id_max_worker);
return this_unit.ppWorkers[worker_id]; return valid ? this_unit.ppWorkers[worker_id] : nullptr;
} }
RoutingWorker* RoutingWorker::get_current() RoutingWorker* RoutingWorker::get_current()

3
server/modules/authenticator/MySQLAuth/dbusers.cc
View File

@ -77,7 +77,7 @@ const char* mariadb_102_users_query =
"), users AS (" "), users AS ("
// Select the root row, the actual user // Select the root row, the actual user
" SELECT t.user, t.host, t.db, t.select_priv, t.password, t.default_role AS role FROM t" " SELECT t.user, t.host, t.db, t.select_priv, t.password, t.default_role AS role FROM t"
" WHERE t.is_role <> 'Y'" " WHERE t.is_role = 'N'"
" UNION" " UNION"
// Recursively select all roles for the users // Recursively select all roles for the users
" SELECT u.user, u.host, t.db, t.select_priv, u.password, r.role FROM t" " SELECT u.user, u.host, t.db, t.select_priv, u.password, r.role FROM t"
@ -85,6 +85,7 @@ const char* mariadb_102_users_query =
" ON (t.user = u.role)" " ON (t.user = u.role)"
" LEFT JOIN mysql.roles_mapping AS r" " LEFT JOIN mysql.roles_mapping AS r"
" ON (t.user = r.user)" " ON (t.user = r.user)"
" WHERE t.is_role = 'Y'"
")" ")"
"SELECT DISTINCT t.user, t.host, t.db, t.select_priv, t.password FROM users AS t %s"; "SELECT DISTINCT t.user, t.host, t.db, t.select_priv, t.password FROM users AS t %s";