hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.3' into 2.4

Browse Source
This commit is contained in:
Markus Mäkelä
2020-04-09 12:02:44 +03:00
parent 927db1fc6e aacae9b508
commit c8c919be27
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -1078,8 +1078,8 @@ REST API. The default credentials for the interface are `admin:mariadb`.
The path to the TLS private key in PEM format for the admin interface. The path to the TLS private key in PEM format for the admin interface.
If the `admin_ssl_key`, `admin_ssl_cert` and `admin_ssl_ca_cert` options are all If the `admin_ssl_key` and `admin_ssl_cert` options are all defined, the admin
defined, the admin interface will use encrypted HTTPS instead of plain HTTP. interface will use encrypted HTTPS instead of plain HTTP.
### `admin_ssl_cert` ### `admin_ssl_cert`
@ -1088,8 +1088,9 @@ documentation for more details.
### `admin_ssl_ca_cert` ### `admin_ssl_ca_cert`
The path to the TLS CA certificate in PEM format. See `admin_ssl_key` The path to the TLS CA certificate in PEM format. If defined, the client
documentation for more details. certificate, if provided, will be validated against it. This parameter is
optional starting with MaxScale 2.3.19.
### `admin_enabled` ### `admin_enabled`

13
server/core/admin.cc
View File

@ -349,11 +349,13 @@ static bool load_ssl_certificates()
const char* cert = config_get_global_options()->admin_ssl_cert; const char* cert = config_get_global_options()->admin_ssl_cert;
const char* ca = config_get_global_options()->admin_ssl_ca_cert; const char* ca = config_get_global_options()->admin_ssl_ca_cert;
if (*key && *cert && *ca) if (*key && *cert)
{ {
if ((admin_ssl_key = load_cert(key)) admin_ssl_key = load_cert(key);
&& (admin_ssl_cert = load_cert(cert)) admin_ssl_cert = load_cert(cert);
&& (admin_ssl_ca_cert = load_cert(ca))) admin_ssl_ca_cert = load_cert(ca);
if (admin_ssl_key && admin_ssl_cert)
{ {
rval = true; rval = true;
} }
@ -412,7 +414,8 @@ bool mxs_admin_init()
!using_ssl ? MHD_OPTION_END : !using_ssl ? MHD_OPTION_END :
MHD_OPTION_HTTPS_MEM_KEY, admin_ssl_key, MHD_OPTION_HTTPS_MEM_KEY, admin_ssl_key,
MHD_OPTION_HTTPS_MEM_CERT, admin_ssl_cert, MHD_OPTION_HTTPS_MEM_CERT, admin_ssl_cert,
MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_cert, !admin_ssl_ca_cert ? MHD_OPTION_END :
MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_ca_cert,
MHD_OPTION_END); MHD_OPTION_END);
} }