Migrate SSL functionality out of service and into listener. Develop config handling accordingly, including making provision for SSL parameters in servers for future use in implementing SSL to backend servers. Some elements still to be tidied mainly in mysql_client.c - but that will be part of detaching the SSL authentication from the MySQL protocol.

2016-01-27 15:46:19 +00:00
parent e58148356d
commit 8367d93746
12 changed files with 77 additions and 246 deletions
--- a/server/include/dcb.h
+++ b/server/include/dcb.h
@ -20,6 +20,7 @@
 #include <spinlock.h>
 #include <buffer.h>
 #include <gw_protocol.h>
+#include <gw_ssl.h>
 #include <modinfo.h>
 #include <gwbitmask.h>
 #include <skygw_utils.h>
@ -201,6 +202,7 @@ typedef struct dcb
    char            *protoname;     /**< Name of the protocol */
    void            *protocol;      /**< The protocol specific state */
    struct session  *session;       /**< The owning session */
+    SSL_LISTENER    *listen_ssl;    /**< For a client DCB, the SSL descriptor, if any */
    GWPROTOCOL      func;           /**< The functions for this descriptor */

    int             writeqlen;      /**< Current number of byes in the write queue */
--- a/server/include/listener.h
+++ b/server/include/listener.h
@ -33,38 +33,9 @@
 */

 #include <gw_protocol.h>
+#include <gw_ssl.h>
 #include <dcb.h>

-enum
-{
-    SERVICE_SSLV3,
-    SERVICE_TLS10,
-#ifdef OPENSSL_1_0
-    SERVICE_TLS11,
-    SERVICE_TLS12,
-#endif
-    SERVICE_SSL_MAX,
-    SERVICE_TLS_MAX,
-    SERVICE_SSL_TLS_MAX
-};
-
-/**
- * The ssl_listener structure is used to aggregate the SSL configuration items
- * and data for a particular listener
- */
-typedef struct ssl_listener
-{
-    SSL_CTX *ctx;
-    SSL_METHOD *method;                 /*<  SSLv3 or TLS1.0/1.1/1.2 methods
-                                         * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
-    int ssl_cert_verify_depth;          /*< SSL certificate verification depth */
-    int ssl_method_type;                /*< Which of the SSLv3 or TLS1.0/1.1/1.2 methods to use */
-    char *ssl_cert;                     /*< SSL certificate */
-    char *ssl_key;                      /*< SSL private key */
-    char *ssl_ca_cert;                  /*< SSL CA certificate */
-    bool ssl_init_done;                 /*< If SSL has already been initialized for this service */
-} SSL_LISTENER;
-
 /**
 * The servlistener structure is used to link a service to the protocols that
 * are used to support that service. It defines the name of the protocol module
--- a/server/include/server.h
+++ b/server/include/server.h
@ -89,6 +89,7 @@ typedef struct server {
    char           *name;          /**< Server name/IP address*/
    unsigned short port;           /**< Port to listen on */
    char           *protocol;      /**< Protocol module to use */
+    SSL_LISTENER   *server_ssl;    /**< SSL data structure for server, if any */
    unsigned int   status;         /**< Status flag bitmap for the server */
    char           *monuser;       /**< User name to use to monitor the db */
    char           *monpw;         /**< Password to use to monitor the db */
--- a/server/include/service.h
+++ b/server/include/service.h
@ -207,7 +207,6 @@ extern int serviceSetUser(SERVICE *, char *, char *);
 extern int serviceGetUser(SERVICE *, char **, char **);
 extern bool serviceSetFilters(SERVICE *, char *);
 extern int serviceSetSSL(SERVICE *service, char* action);
-extern int serviceInitSSL(SERVICE* service);
 extern int serviceSetSSLVersion(SERVICE *service, char* version);
 extern int serviceSetSSLVerifyDepth(SERVICE* service, int depth);
 extern void serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert);