MXS-2483: Move SSL configuration into SSLConfig

This way the configuration information can be accessed without the SSLContext.
2019-05-21 10:03:40 +03:00
parent 075ad1cfb3
commit 8a4b58d52c
7 changed files with 89 additions and 83 deletions
--- a/include/maxscale/server.hh
+++ b/include/maxscale/server.hh
@ -517,6 +517,11 @@ public:
     */
    void response_time_add(double ave, int num_samples);

+    const mxs::SSLConfig& ssl_config() const
+    {
+        return m_ssl_config;
+    }
+
    mxs::SSLContext* ssl_context() const
    {
        return m_ssl_context.get();
@ -525,6 +530,7 @@ public:
    void set_ssl_context(std::unique_ptr<mxs::SSLContext> ssl)
    {
        m_ssl_context.swap(ssl);
+        m_ssl_config = m_ssl_context->config();
    }

 protected:
@ -540,4 +546,5 @@ private:
    std::mutex         m_average_write_mutex;       /**< Protects response time from concurrent writing */

    std::unique_ptr<mxs::SSLContext> m_ssl_context;     /**< SSL context */
+    mxs::SSLConfig                   m_ssl_config;      /**< SSL configuration */
 };
--- a/include/maxscale/ssl.hh
+++ b/include/maxscale/ssl.hh
@ -61,6 +61,26 @@ extern const MXS_ENUM_VALUE ssl_version_values[];
 namespace maxscale
 {

+// SSL configuration
+struct SSLConfig
+{
+    SSLConfig() = default;
+    SSLConfig(const MXS_CONFIG_PARAMETER& params);
+
+    // CA must always be defined for non-empty configurations
+    bool empty() const
+    {
+        return ca.empty();
+    }
+
+    std::string       key;                              /**< SSL private key */
+    std::string       cert;                             /**< SSL certificate */
+    std::string       ca;                               /**< SSL CA certificate */
+    ssl_method_type_t version = SERVICE_SSL_TLS_MAX;    /**< Which TLS version to use */
+    int               verify_depth = 9;                 /**< SSL certificate verification depth */
+    bool              verify_peer = true;               /**< Enable peer certificate verification */
+};
+
 /**
 * The SSLContext is used to aggregate the SSL configuration and data for a particular object.
 */
@ -91,22 +111,10 @@ public:
        return SSL_new(m_ctx);
    }

-    // Private key
-    const std::string& ssl_key() const
+    // SSL configuration
+    const SSLConfig& config() const
    {
-        return m_key;
-    }
-
-    // Public cert
-    const std::string& ssl_cert() const
-    {
-        return m_cert;
-    }
-
-    // Certificate authority
-    const std::string& ssl_ca() const
-    {
-        return m_ca;
+        return m_cfg;
    }

    // Convert to JSON representation
@ -121,16 +129,9 @@ private:
    SSL_CTX*    m_ctx = nullptr;
    SSL_METHOD* m_method = nullptr;         /**<  SSLv3 or TLS1.0/1.1/1.2 methods
                                             * see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
+    SSLConfig m_cfg;

-    std::string       m_key;            /**< SSL private key */
-    std::string       m_cert;           /**< SSL certificate */
-    std::string       m_ca;             /**< SSL CA certificate */
-    ssl_method_type_t m_version;        /**< Which TLS version to use */
-    int               m_verify_depth;   /**< SSL certificate verification depth */
-    bool              m_verify_peer;    /**< Enable peer certificate verification */
-
-    SSLContext(const std::string& key, const std::string& cert, const std::string& ca,
-               ssl_method_type_t version, int verify_depth, bool verify_peer_cert);
+    SSLContext(const SSLConfig& cfg);
    bool init();
 };
 }