Migrate SSL functionality out of service and into listener. Develop config handling accordingly, including making provision for SSL parameters in servers for future use in implementing SSL to backend servers. Some elements still to be tidied mainly in mysql_client.c - but that will be part of detaching the SSL authentication from the MySQL protocol.

2016-01-27 15:46:19 +00:00
parent e58148356d
commit 8367d93746
12 changed files with 77 additions and 246 deletions
--- a/server/include/listener.h
+++ b/server/include/listener.h
@ -33,38 +33,9 @@
 */

 #include <gw_protocol.h>
+#include <gw_ssl.h>
 #include <dcb.h>

-enum
-{
-    SERVICE_SSLV3,
-    SERVICE_TLS10,
-#ifdef OPENSSL_1_0
-    SERVICE_TLS11,
-    SERVICE_TLS12,
-#endif
-    SERVICE_SSL_MAX,
-    SERVICE_TLS_MAX,
-    SERVICE_SSL_TLS_MAX
-};
-
-/**
- * The ssl_listener structure is used to aggregate the SSL configuration items
- * and data for a particular listener
- */
-typedef struct ssl_listener
-{
-    SSL_CTX *ctx;
-    SSL_METHOD *method;                 /*<  SSLv3 or TLS1.0/1.1/1.2 methods
-                                         * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
-    int ssl_cert_verify_depth;          /*< SSL certificate verification depth */
-    int ssl_method_type;                /*< Which of the SSLv3 or TLS1.0/1.1/1.2 methods to use */
-    char *ssl_cert;                     /*< SSL certificate */
-    char *ssl_key;                      /*< SSL private key */
-    char *ssl_ca_cert;                  /*< SSL CA certificate */
-    bool ssl_init_done;                 /*< If SSL has already been initialized for this service */
-} SSL_LISTENER;
-
 /**
 * The servlistener structure is used to link a service to the protocols that
 * are used to support that service. It defines the name of the protocol module