Changes to improve robustness of SSL processing, separate it so far as possible from protocols. Separate the detailed mechanism of authentication from the MySQL protocol with a view to making it into a module later.

server/include/dcb.h

@@ -322,11 +322,8 @@ void dcb_hangup_foreach (struct server* server);
 size_t dcb_get_session_id(DCB* dcb);
 bool dcb_get_ses_log_info(DCB* dcb, size_t* sesid, int* enabled_logs);
 char *dcb_role_name(DCB *);                  /* Return the name of a role */
-int dcb_create_SSL(DCB* dcb);
 int dcb_accept_SSL(DCB* dcb);
 int dcb_connect_SSL(DCB* dcb);
-int dcb_read_SSL(DCB   *dcb,GWBUF **head);
-
 
 /**
  * DCB flags values

server/include/gw_ssl.h

@@ -34,6 +34,8 @@
 
 #include <gw_protocol.h>
 
+struct dcb;
+
 enum
 {
     SERVICE_SSLV3,
@@ -47,6 +49,13 @@ enum
     SERVICE_SSL_TLS_MAX
 };
 
+/**
+ * Return codes for SSL authentication checks
+ */
+#define SSL_AUTH_CHECKS_OK 0
+#define SSL_ERROR_CLIENT_NOT_SSL 1
+#define SSL_ERROR_ACCEPT_FAILED 2
+
 /**
  * The ssl_listener structure is used to aggregate the SSL configuration items
  * and data for a particular listener
@@ -64,4 +73,10 @@ typedef struct ssl_listener
     bool ssl_init_done;                 /*< If SSL has already been initialized for this service */
 } SSL_LISTENER;
 
-#endif
+int ssl_authenticate_client(struct dcb *dcb, bool is_capable);
+bool ssl_is_connection_healthy(struct dcb *dcb);
+bool ssl_check_data_to_process(struct dcb *dcb);
+bool ssl_required_by_dcb(struct dcb *dcb);
+bool ssl_required_but_not_negotiated(struct dcb *dcb);
+
+#endif /* _GW_SSL_H */