diff --git a/include/maxscale/listener.hh b/include/maxscale/listener.hh index 97331e04e..63d035227 100644 --- a/include/maxscale/listener.hh +++ b/include/maxscale/listener.hh @@ -144,9 +144,9 @@ public: const char* state() const; /** - * The SSL_LISTENER object + * The mxs::SSLContext object */ - SSL_LISTENER* ssl() const; + mxs::SSLContext* ssl() const; /** * Convert to JSON @@ -209,7 +209,7 @@ private: std::string m_authenticator; /**< Name of authenticator */ std::string m_auth_options; /**< Authenticator options */ void* m_auth_instance; /**< Authenticator instance */ - SSL_LISTENER* m_ssl; /**< Structure of SSL data or NULL */ + mxs::SSLContext* m_ssl; /**< Structure of SSL data or NULL */ struct users* m_users; /**< The user data for this listener */ SERVICE* m_service; /**< The service which used by this listener */ std::atomic m_active; /**< True if the port has not been deleted */ @@ -249,7 +249,7 @@ private: */ Listener(SERVICE* service, const std::string& name, const std::string& address, uint16_t port, const std::string& protocol, const std::string& authenticator, - const std::string& auth_opts, void* auth_instance, SSL_LISTENER* ssl, + const std::string& auth_opts, void* auth_instance, mxs::SSLContext* ssl, const MXS_CONFIG_PARAMETER& params); /** diff --git a/include/maxscale/server.hh b/include/maxscale/server.hh index 4d84643ce..434fe57fb 100644 --- a/include/maxscale/server.hh +++ b/include/maxscale/server.hh @@ -181,9 +181,9 @@ public: * routing sessions. */ // Base variables - bool is_active = false; /**< Server is active and has not been "destroyed" */ - SSL_LISTENER* server_ssl = nullptr; /**< SSL data */ - uint8_t charset = DEFAULT_CHARSET;/**< Character set. Read from backend and sent to client. */ + bool is_active = false; /**< Server is active and has not been "destroyed" */ + mxs::SSLContext* server_ssl = nullptr; /**< SSL data */ + uint8_t charset = DEFAULT_CHARSET; /**< Character set. Read from backend and sent to client. */ // Statistics and events ConnStats stats; /**< The server statistics, e.g. number of connections */ diff --git a/include/maxscale/ssl.hh b/include/maxscale/ssl.hh index b8bc44ea6..de5d19e69 100644 --- a/include/maxscale/ssl.hh +++ b/include/maxscale/ssl.hh @@ -49,11 +49,14 @@ enum ssl_method_type_t #define SSL_ERROR_CLIENT_NOT_SSL 1 #define SSL_ERROR_ACCEPT_FAILED 2 +namespace maxscale +{ + /** * The ssl_listener structure is used to aggregate the SSL configuration items * and data for a particular listener */ -struct SSL_LISTENER +struct SSLContext { SSL_CTX* ctx; SSL_METHOD* method; /**< SSLv3 or TLS1.0/1.1/1.2 methods @@ -67,9 +70,8 @@ struct SSL_LISTENER char* ssl_ca_cert; /**< SSL CA certificate */ bool ssl_init_done; /**< If SSL has already been initialized for this service */ bool ssl_verify_peer_certificate; /**< Enable peer certificate verification */ - - SSL_LISTENER* next; /**< Next SSL configuration, currently used to store obsolete configurations */ }; +} int ssl_authenticate_client(DCB* dcb, bool is_capable); bool ssl_is_connection_healthy(DCB* dcb); @@ -92,7 +94,7 @@ ssl_method_type_t string_to_ssl_method_type(const char* str); int ssl_authenticate_check_status(DCB* dcb); // TODO: Move this to an internal ssl.h header -void write_ssl_config(int fd, SSL_LISTENER* ssl); +void write_ssl_config(int fd, mxs::SSLContext* ssl); /** * Set the maximum SSL/TLS version the listener will support @@ -102,7 +104,7 @@ void write_ssl_config(int fd, SSL_LISTENER* ssl); * * @return 0 on success, -1 on invalid version string */ -int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version); +int listener_set_ssl_version(mxs::SSLContext* ssl_listener, const char* version); /** * Set the locations of the listener's SSL certificate, listener's private key @@ -113,7 +115,7 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version); * @param key SSL private key * @param ca_cert SSL CA certificate */ -void listener_set_certificates(SSL_LISTENER* ssl_listener, const std::string& cert, +void listener_set_certificates(mxs::SSLContext* ssl_listener, const std::string& cert, const std::string& key, const std::string& ca_cert); /** @@ -131,11 +133,11 @@ void listener_set_certificates(SSL_LISTENER* ssl_listener, const std::string& ce * * @return True on success, false on error */ -bool SSL_LISTENER_init(SSL_LISTENER* ssl); +bool SSL_LISTENER_init(mxs::SSLContext* ssl); /** * Free an SSL_LISTENER * - * @param ssl SSL_LISTENER to free + * @param ssl mxs::SSLContext to free */ -void SSL_LISTENER_free(SSL_LISTENER* ssl); +void SSL_LISTENER_free(mxs::SSLContext* ssl); diff --git a/server/core/config.cc b/server/core/config.cc index 9b1c38205..cea4f0aab 100644 --- a/server/core/config.cc +++ b/server/core/config.cc @@ -2874,7 +2874,7 @@ bool config_can_modify_at_runtime(const char* name) * * @param ssl SSL structure to free */ -static void free_ssl_structure(SSL_LISTENER* ssl) +static void free_ssl_structure(mxs::SSLContext* ssl) { if (ssl) { @@ -2889,9 +2889,9 @@ static void free_ssl_structure(SSL_LISTENER* ssl) bool config_create_ssl(const char* name, const MXS_CONFIG_PARAMETER& params, bool require_cert, - SSL_LISTENER** dest) + mxs::SSLContext** dest) { - SSL_LISTENER* ssl = NULL; + mxs::SSLContext* ssl = NULL; // The enum values convert to bool int value = params.get_enum(CN_SSL, ssl_values); @@ -2939,7 +2939,7 @@ bool config_create_ssl(const char* name, return false; } - ssl = (SSL_LISTENER*)MXS_CALLOC(1, sizeof(SSL_LISTENER)); + ssl = (mxs::SSLContext*)MXS_CALLOC(1, sizeof(mxs::SSLContext)); MXS_ABORT_IF_NULL(ssl); int ssl_version = params.get_enum(CN_SSL_VERSION, ssl_version_values); diff --git a/server/core/config_runtime.cc b/server/core/config_runtime.cc index 9561e8722..f99291294 100644 --- a/server/core/config_runtime.cc +++ b/server/core/config_runtime.cc @@ -394,15 +394,15 @@ bool runtime_destroy_server(Server* server) return rval; } -static SSL_LISTENER* create_ssl(const char* name, - const char* key, - const char* cert, - const char* ca, - const char* version, - const char* depth, - const char* verify) +static mxs::SSLContext* create_ssl(const char* name, + const char* key, + const char* cert, + const char* ca, + const char* version, + const char* depth, + const char* verify) { - SSL_LISTENER* rval = NULL; + mxs::SSLContext* rval = NULL; CONFIG_CONTEXT* obj = config_context_create(name); if (obj) @@ -437,13 +437,11 @@ bool runtime_enable_server_ssl(Server* server, if (key && cert && ca) { std::lock_guard guard(crt_lock); - SSL_LISTENER* ssl = create_ssl(server->name(), key, cert, ca, version, depth, verify); + mxs::SSLContext* ssl = create_ssl(server->name(), key, cert, ca, version, depth, verify); if (ssl) { - /** TODO: Properly discard old SSL configurations.This could cause the - * loss of a pointer if two update operations are done at the same time.*/ - ssl->next = server->server_ssl; + // TODO: Properly discard old SSL configurations /** Sync to prevent reads on partially initialized server_ssl */ atomic_synchronize(); diff --git a/server/core/dcb.cc b/server/core/dcb.cc index f3c4a8533..40254978d 100644 --- a/server/core/dcb.cc +++ b/server/core/dcb.cc @@ -101,7 +101,7 @@ static void dcb_stop_polling_and_shutdown(DCB* dcb); static bool dcb_maybe_add_persistent(DCB*); static inline bool dcb_write_parameter_check(DCB* dcb, GWBUF* queue); static int dcb_read_no_bytes_available(DCB* dcb, int nreadtotal); -static int dcb_create_SSL(DCB* dcb, SSL_LISTENER* ssl); +static int dcb_create_SSL(DCB* dcb, mxs::SSLContext* ssl); static int dcb_read_SSL(DCB* dcb, GWBUF** head); static GWBUF* dcb_basic_read(DCB* dcb, int bytesavailable, @@ -2118,7 +2118,7 @@ int dcb_count_by_usage(DCB_USAGE usage) * @param dcb * @return -1 on error, 0 otherwise. */ -static int dcb_create_SSL(DCB* dcb, SSL_LISTENER* ssl) +static int dcb_create_SSL(DCB* dcb, mxs::SSLContext* ssl) { if ((dcb->ssl = SSL_new(ssl->ctx)) == NULL) { diff --git a/server/core/internal/config.hh b/server/core/internal/config.hh index daefa2fd0..6a89695bd 100644 --- a/server/core/internal/config.hh +++ b/server/core/internal/config.hh @@ -142,7 +142,7 @@ void config_remove_param(CONFIG_CONTEXT* obj, const char* name); bool config_create_ssl(const char* name, const MXS_CONFIG_PARAMETER& params, bool require_cert, - SSL_LISTENER** dest); + mxs::SSLContext** dest); /** * @brief Check if all SSL parameters are defined diff --git a/server/core/listener.cc b/server/core/listener.cc index 7429a9b0f..e8e77ff1f 100644 --- a/server/core/listener.cc +++ b/server/core/listener.cc @@ -105,7 +105,7 @@ Listener::Listener(SERVICE* service, const std::string& authenticator, const std::string& auth_opts, void* auth_instance, - SSL_LISTENER* ssl, + mxs::SSLContext* ssl, const MXS_CONFIG_PARAMETER& params) : MXB_POLL_DATA{Listener::poll_handler} , m_name(name) @@ -209,7 +209,7 @@ SListener Listener::create(const std::string& name, return nullptr; } - SSL_LISTENER* ssl_info = NULL; + mxs::SSLContext* ssl_info = NULL; if (!config_create_ssl(name.c_str(), params, true, &ssl_info)) { @@ -618,7 +618,7 @@ void* Listener::auth_instance() const return m_auth_instance; } -SSL_LISTENER* Listener::ssl() const +mxs::SSLContext* Listener::ssl() const { return m_ssl; } diff --git a/server/core/mysql_utils.cc b/server/core/mysql_utils.cc index 6f3813e5f..f6928c461 100644 --- a/server/core/mysql_utils.cc +++ b/server/core/mysql_utils.cc @@ -155,7 +155,7 @@ char* mxs_lestr_consume(uint8_t** c, size_t* size) MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, const char* passwd) { - SSL_LISTENER* listener = server->server_ssl; + mxs::SSLContext* listener = server->server_ssl; if (listener) { diff --git a/server/core/server.cc b/server/core/server.cc index 53ddb3472..1736ac8ce 100644 --- a/server/core/server.cc +++ b/server/core/server.cc @@ -195,7 +195,7 @@ Server* Server::server_alloc(const char* name, const MXS_CONFIG_PARAMETER& param return NULL; } - SSL_LISTENER* ssl = NULL; + mxs::SSLContext* ssl = NULL; if (!config_create_ssl(name, params, false, &ssl)) { @@ -528,7 +528,7 @@ void Server::print_to_dcb(DCB* dcb) const } if (server->server_ssl) { - SSL_LISTENER* l = server->server_ssl; + mxs::SSLContext* l = server->server_ssl; dcb_printf(dcb, "\tSSL initialized: %s\n", l->ssl_init_done ? "yes" : "no"); diff --git a/server/core/ssl.cc b/server/core/ssl.cc index 94ec7f9f4..3b2dd4e7c 100644 --- a/server/core/ssl.cc +++ b/server/core/ssl.cc @@ -254,7 +254,7 @@ ssl_method_type_t string_to_ssl_method_type(const char* str) return SERVICE_SSL_UNKNOWN; } -void write_ssl_config(int fd, SSL_LISTENER* ssl) +void write_ssl_config(int fd, mxs::SSLContext* ssl) { if (ssl) { @@ -320,7 +320,7 @@ int ssl_authenticate_check_status(DCB* dcb) return rval; } -int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version) +int listener_set_ssl_version(mxs::SSLContext* ssl_listener, const char* version) { if (strcasecmp(version, "MAX") == 0) { @@ -350,7 +350,7 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version) return 0; } -void listener_set_certificates(SSL_LISTENER* ssl_listener, const std::string& cert, +void listener_set_certificates(mxs::SSLContext* ssl_listener, const std::string& cert, const std::string& key, const std::string& ca_cert) { MXS_FREE(ssl_listener->ssl_cert); @@ -449,7 +449,7 @@ static RSA* tmp_rsa_callback(SSL* s, int is_export, int keylength) return rsa_tmp; } -bool SSL_LISTENER_init(SSL_LISTENER* ssl) +bool SSL_LISTENER_init(mxs::SSLContext* ssl) { mxb_assert(!ssl->ssl_init_done); bool rval = true; @@ -584,7 +584,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl) return rval; } -void SSL_LISTENER_free(SSL_LISTENER* ssl) +void SSL_LISTENER_free(mxs::SSLContext* ssl) { if (ssl) { diff --git a/server/modules/routing/binlogrouter/blr.cc b/server/modules/routing/binlogrouter/blr.cc index 46c1d64ab..7709b9f77 100644 --- a/server/modules/routing/binlogrouter/blr.cc +++ b/server/modules/routing/binlogrouter/blr.cc @@ -825,10 +825,10 @@ static MXS_ROUTER* createInstance(SERVICE* service, MXS_CONFIG_PARAMETER* params return NULL; } - SSL_LISTENER* ssl_cfg; + mxs::SSLContext* ssl_cfg; /* Allocate SSL struct for backend connection */ if ((ssl_cfg = - static_cast(MXS_CALLOC(1, sizeof(SSL_LISTENER)))) == NULL) + static_cast(MXS_CALLOC(1, sizeof(mxs::SSLContext)))) == NULL) { MXS_ERROR("%s: Error allocating memory for SSL struct in createInstance", inst->service->name()); @@ -2941,7 +2941,7 @@ const char* blr_get_event_description(ROUTER_INSTANCE* router, uint8_t event) */ void blr_free_ssl_data(ROUTER_INSTANCE* inst) { - SSL_LISTENER* server_ssl; + mxs::SSLContext* server_ssl; if (inst->service->dbref->server->server_ssl) { diff --git a/server/modules/routing/binlogrouter/blr_slave.cc b/server/modules/routing/binlogrouter/blr_slave.cc index 38a3c59c3..1abf98750 100644 --- a/server/modules/routing/binlogrouter/blr_slave.cc +++ b/server/modules/routing/binlogrouter/blr_slave.cc @@ -4841,7 +4841,7 @@ static char* blr_set_master_logfile(ROUTER_INSTANCE* router, */ static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* curr_master) { - SSL_LISTENER* server_ssl; + mxs::SSLContext* server_ssl; curr_master->port = router->service->dbref->server->port; curr_master->host = router->service->dbref->server->address; @@ -6330,7 +6330,7 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router, const ChangeMasterConfig& config, char* error_message) { - SSL_LISTENER* server_ssl = NULL; + mxs::SSLContext* server_ssl = NULL; int updated = 0; if (config.ssl_enabled) @@ -6355,7 +6355,7 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router, else { /* Allocate SSL struct for backend connection */ - server_ssl = static_cast(MXS_CALLOC(1, sizeof(SSL_LISTENER))); + server_ssl = static_cast(MXS_CALLOC(1, sizeof(mxs::SSLContext))); if (server_ssl == NULL) { router->ssl_enabled = false;