Merge branch '2.3' into 2.4

2020-04-09 12:02:44 +03:00 · 2020-04-09 12:02:44 +03:00 · c8c919be27
commit c8c919be27
parent 927db1fc6e aacae9b508
2 changed files with 13 additions and 9 deletions
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@ -1078,8 +1078,8 @@ REST API. The default credentials for the interface are `admin:mariadb`.

 The path to the TLS private key in PEM format for the admin interface.

-If the `admin_ssl_key`, `admin_ssl_cert` and `admin_ssl_ca_cert` options are all
-defined, the admin interface will use encrypted HTTPS instead of plain HTTP.
+If the `admin_ssl_key` and `admin_ssl_cert` options are all defined, the admin
+interface will use encrypted HTTPS instead of plain HTTP.

 ### `admin_ssl_cert`

@ -1088,8 +1088,9 @@ documentation for more details.

 ### `admin_ssl_ca_cert`

-The path to the TLS CA certificate in PEM format. See `admin_ssl_key`
-documentation for more details.
+The path to the TLS CA certificate in PEM format. If defined, the client
+certificate, if provided, will be validated against it. This parameter is
+optional starting with MaxScale 2.3.19.

 ### `admin_enabled`

--- a/server/core/admin.cc
+++ b/server/core/admin.cc
@ -349,11 +349,13 @@ static bool load_ssl_certificates()
    const char* cert = config_get_global_options()->admin_ssl_cert;
    const char* ca = config_get_global_options()->admin_ssl_ca_cert;

-    if (*key && *cert && *ca)
+    if (*key && *cert)
    {
-        if ((admin_ssl_key = load_cert(key))
-            && (admin_ssl_cert = load_cert(cert))
-            && (admin_ssl_ca_cert = load_cert(ca)))
+        admin_ssl_key = load_cert(key);
+        admin_ssl_cert = load_cert(cert);
+        admin_ssl_ca_cert = load_cert(ca);
+
+        if (admin_ssl_key && admin_ssl_cert)
        {
            rval = true;
        }
@ -412,7 +414,8 @@ bool mxs_admin_init()
                                       !using_ssl ? MHD_OPTION_END :
                                       MHD_OPTION_HTTPS_MEM_KEY, admin_ssl_key,
                                       MHD_OPTION_HTTPS_MEM_CERT, admin_ssl_cert,
-                                       MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_cert,
+                                       !admin_ssl_ca_cert ? MHD_OPTION_END :
+                                       MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_ca_cert,
                                       MHD_OPTION_END);
    }