MXS-2956: Fix use of admin_ssl_ca_cert

The parameter is now optional and uses the correct file. If defined, it defines the CA certificate that would be used to verify client certificate. Client certificate verification doesn't seem to currently work as that requires a custom verification callback that interfaces with GnuTLS.
2020-04-07 15:27:35 +03:00
parent 594e431f1a
commit aacae9b508
2 changed files with 13 additions and 9 deletions
--- a/server/core/admin.cc
+++ b/server/core/admin.cc
@ -352,11 +352,13 @@ static bool load_ssl_certificates()
    const char* cert = config_get_global_options()->admin_ssl_cert;
    const char* ca = config_get_global_options()->admin_ssl_ca_cert;

-    if (*key && *cert && *ca)
+    if (*key && *cert)
    {
-        if ((admin_ssl_key = load_cert(key))
-            && (admin_ssl_cert = load_cert(cert))
-            && (admin_ssl_ca_cert = load_cert(ca)))
+        admin_ssl_key = load_cert(key);
+        admin_ssl_cert = load_cert(cert);
+        admin_ssl_ca_cert = load_cert(ca);
+
+        if (admin_ssl_key && admin_ssl_cert)
        {
            rval = true;
        }
@ -416,7 +418,8 @@ bool mxs_admin_init()
                                       !using_ssl ? MHD_OPTION_END :
                                       MHD_OPTION_HTTPS_MEM_KEY, admin_ssl_key,
                                       MHD_OPTION_HTTPS_MEM_CERT, admin_ssl_cert,
-                                       MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_cert,
+                                       !admin_ssl_ca_cert ? MHD_OPTION_END :
+                                       MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_ca_cert,
                                       MHD_OPTION_END);
    }