MXS-2483: Rename SSL_LISTENER to mxs::SSLContext
This commit is contained in:
Markus Mäkelä
@ -144,9 +144,9 @@ public:
|
||||
const char* state() const;
|
||||
|
||||
/**
|
||||
* The SSL_LISTENER object
|
||||
* The mxs::SSLContext object
|
||||
*/
|
||||
SSL_LISTENER* ssl() const;
|
||||
mxs::SSLContext* ssl() const;
|
||||
|
||||
/**
|
||||
* Convert to JSON
|
||||
@ -209,7 +209,7 @@ private:
|
||||
std::string m_authenticator; /**< Name of authenticator */
|
||||
std::string m_auth_options; /**< Authenticator options */
|
||||
void* m_auth_instance; /**< Authenticator instance */
|
||||
SSL_LISTENER* m_ssl; /**< Structure of SSL data or NULL */
|
||||
mxs::SSLContext* m_ssl; /**< Structure of SSL data or NULL */
|
||||
struct users* m_users; /**< The user data for this listener */
|
||||
SERVICE* m_service; /**< The service which used by this listener */
|
||||
std::atomic<bool> m_active; /**< True if the port has not been deleted */
|
||||
@ -249,7 +249,7 @@ private:
|
||||
*/
|
||||
Listener(SERVICE* service, const std::string& name, const std::string& address, uint16_t port,
|
||||
const std::string& protocol, const std::string& authenticator,
|
||||
const std::string& auth_opts, void* auth_instance, SSL_LISTENER* ssl,
|
||||
const std::string& auth_opts, void* auth_instance, mxs::SSLContext* ssl,
|
||||
const MXS_CONFIG_PARAMETER& params);
|
||||
|
||||
/**
|
||||
|
||||
@ -181,9 +181,9 @@ public:
|
||||
* routing sessions. */
|
||||
|
||||
// Base variables
|
||||
bool is_active = false; /**< Server is active and has not been "destroyed" */
|
||||
SSL_LISTENER* server_ssl = nullptr; /**< SSL data */
|
||||
uint8_t charset = DEFAULT_CHARSET;/**< Character set. Read from backend and sent to client. */
|
||||
bool is_active = false; /**< Server is active and has not been "destroyed" */
|
||||
mxs::SSLContext* server_ssl = nullptr; /**< SSL data */
|
||||
uint8_t charset = DEFAULT_CHARSET; /**< Character set. Read from backend and sent to client. */
|
||||
|
||||
// Statistics and events
|
||||
ConnStats stats; /**< The server statistics, e.g. number of connections */
|
||||
|
||||
@ -49,11 +49,14 @@ enum ssl_method_type_t
|
||||
#define SSL_ERROR_CLIENT_NOT_SSL 1
|
||||
#define SSL_ERROR_ACCEPT_FAILED 2
|
||||
|
||||
namespace maxscale
|
||||
{
|
||||
|
||||
/**
|
||||
* The ssl_listener structure is used to aggregate the SSL configuration items
|
||||
* and data for a particular listener
|
||||
*/
|
||||
struct SSL_LISTENER
|
||||
struct SSLContext
|
||||
{
|
||||
SSL_CTX* ctx;
|
||||
SSL_METHOD* method; /**< SSLv3 or TLS1.0/1.1/1.2 methods
|
||||
@ -67,9 +70,8 @@ struct SSL_LISTENER
|
||||
char* ssl_ca_cert; /**< SSL CA certificate */
|
||||
bool ssl_init_done; /**< If SSL has already been initialized for this service */
|
||||
bool ssl_verify_peer_certificate; /**< Enable peer certificate verification */
|
||||
|
||||
SSL_LISTENER* next; /**< Next SSL configuration, currently used to store obsolete configurations */
|
||||
};
|
||||
}
|
||||
|
||||
int ssl_authenticate_client(DCB* dcb, bool is_capable);
|
||||
bool ssl_is_connection_healthy(DCB* dcb);
|
||||
@ -92,7 +94,7 @@ ssl_method_type_t string_to_ssl_method_type(const char* str);
|
||||
int ssl_authenticate_check_status(DCB* dcb);
|
||||
|
||||
// TODO: Move this to an internal ssl.h header
|
||||
void write_ssl_config(int fd, SSL_LISTENER* ssl);
|
||||
void write_ssl_config(int fd, mxs::SSLContext* ssl);
|
||||
|
||||
/**
|
||||
* Set the maximum SSL/TLS version the listener will support
|
||||
@ -102,7 +104,7 @@ void write_ssl_config(int fd, SSL_LISTENER* ssl);
|
||||
*
|
||||
* @return 0 on success, -1 on invalid version string
|
||||
*/
|
||||
int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version);
|
||||
int listener_set_ssl_version(mxs::SSLContext* ssl_listener, const char* version);
|
||||
|
||||
/**
|
||||
* Set the locations of the listener's SSL certificate, listener's private key
|
||||
@ -113,7 +115,7 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version);
|
||||
* @param key SSL private key
|
||||
* @param ca_cert SSL CA certificate
|
||||
*/
|
||||
void listener_set_certificates(SSL_LISTENER* ssl_listener, const std::string& cert,
|
||||
void listener_set_certificates(mxs::SSLContext* ssl_listener, const std::string& cert,
|
||||
const std::string& key, const std::string& ca_cert);
|
||||
|
||||
/**
|
||||
@ -131,11 +133,11 @@ void listener_set_certificates(SSL_LISTENER* ssl_listener, const std::string& ce
|
||||
*
|
||||
* @return True on success, false on error
|
||||
*/
|
||||
bool SSL_LISTENER_init(SSL_LISTENER* ssl);
|
||||
bool SSL_LISTENER_init(mxs::SSLContext* ssl);
|
||||
|
||||
/**
|
||||
* Free an SSL_LISTENER
|
||||
*
|
||||
* @param ssl SSL_LISTENER to free
|
||||
* @param ssl mxs::SSLContext to free
|
||||
*/
|
||||
void SSL_LISTENER_free(SSL_LISTENER* ssl);
|
||||
void SSL_LISTENER_free(mxs::SSLContext* ssl);
|
||||
|
||||
@ -2874,7 +2874,7 @@ bool config_can_modify_at_runtime(const char* name)
|
||||
*
|
||||
* @param ssl SSL structure to free
|
||||
*/
|
||||
static void free_ssl_structure(SSL_LISTENER* ssl)
|
||||
static void free_ssl_structure(mxs::SSLContext* ssl)
|
||||
{
|
||||
if (ssl)
|
||||
{
|
||||
@ -2889,9 +2889,9 @@ static void free_ssl_structure(SSL_LISTENER* ssl)
|
||||
bool config_create_ssl(const char* name,
|
||||
const MXS_CONFIG_PARAMETER& params,
|
||||
bool require_cert,
|
||||
SSL_LISTENER** dest)
|
||||
mxs::SSLContext** dest)
|
||||
{
|
||||
SSL_LISTENER* ssl = NULL;
|
||||
mxs::SSLContext* ssl = NULL;
|
||||
|
||||
// The enum values convert to bool
|
||||
int value = params.get_enum(CN_SSL, ssl_values);
|
||||
@ -2939,7 +2939,7 @@ bool config_create_ssl(const char* name,
|
||||
return false;
|
||||
}
|
||||
|
||||
ssl = (SSL_LISTENER*)MXS_CALLOC(1, sizeof(SSL_LISTENER));
|
||||
ssl = (mxs::SSLContext*)MXS_CALLOC(1, sizeof(mxs::SSLContext));
|
||||
MXS_ABORT_IF_NULL(ssl);
|
||||
|
||||
int ssl_version = params.get_enum(CN_SSL_VERSION, ssl_version_values);
|
||||
|
||||
@ -394,15 +394,15 @@ bool runtime_destroy_server(Server* server)
|
||||
return rval;
|
||||
}
|
||||
|
||||
static SSL_LISTENER* create_ssl(const char* name,
|
||||
const char* key,
|
||||
const char* cert,
|
||||
const char* ca,
|
||||
const char* version,
|
||||
const char* depth,
|
||||
const char* verify)
|
||||
static mxs::SSLContext* create_ssl(const char* name,
|
||||
const char* key,
|
||||
const char* cert,
|
||||
const char* ca,
|
||||
const char* version,
|
||||
const char* depth,
|
||||
const char* verify)
|
||||
{
|
||||
SSL_LISTENER* rval = NULL;
|
||||
mxs::SSLContext* rval = NULL;
|
||||
CONFIG_CONTEXT* obj = config_context_create(name);
|
||||
|
||||
if (obj)
|
||||
@ -437,13 +437,11 @@ bool runtime_enable_server_ssl(Server* server,
|
||||
if (key && cert && ca)
|
||||
{
|
||||
std::lock_guard<std::mutex> guard(crt_lock);
|
||||
SSL_LISTENER* ssl = create_ssl(server->name(), key, cert, ca, version, depth, verify);
|
||||
mxs::SSLContext* ssl = create_ssl(server->name(), key, cert, ca, version, depth, verify);
|
||||
|
||||
if (ssl)
|
||||
{
|
||||
/** TODO: Properly discard old SSL configurations.This could cause the
|
||||
* loss of a pointer if two update operations are done at the same time.*/
|
||||
ssl->next = server->server_ssl;
|
||||
// TODO: Properly discard old SSL configurations
|
||||
|
||||
/** Sync to prevent reads on partially initialized server_ssl */
|
||||
atomic_synchronize();
|
||||
|
||||
@ -101,7 +101,7 @@ static void dcb_stop_polling_and_shutdown(DCB* dcb);
|
||||
static bool dcb_maybe_add_persistent(DCB*);
|
||||
static inline bool dcb_write_parameter_check(DCB* dcb, GWBUF* queue);
|
||||
static int dcb_read_no_bytes_available(DCB* dcb, int nreadtotal);
|
||||
static int dcb_create_SSL(DCB* dcb, SSL_LISTENER* ssl);
|
||||
static int dcb_create_SSL(DCB* dcb, mxs::SSLContext* ssl);
|
||||
static int dcb_read_SSL(DCB* dcb, GWBUF** head);
|
||||
static GWBUF* dcb_basic_read(DCB* dcb,
|
||||
int bytesavailable,
|
||||
@ -2118,7 +2118,7 @@ int dcb_count_by_usage(DCB_USAGE usage)
|
||||
* @param dcb
|
||||
* @return -1 on error, 0 otherwise.
|
||||
*/
|
||||
static int dcb_create_SSL(DCB* dcb, SSL_LISTENER* ssl)
|
||||
static int dcb_create_SSL(DCB* dcb, mxs::SSLContext* ssl)
|
||||
{
|
||||
if ((dcb->ssl = SSL_new(ssl->ctx)) == NULL)
|
||||
{
|
||||
|
||||
@ -142,7 +142,7 @@ void config_remove_param(CONFIG_CONTEXT* obj, const char* name);
|
||||
bool config_create_ssl(const char* name,
|
||||
const MXS_CONFIG_PARAMETER& params,
|
||||
bool require_cert,
|
||||
SSL_LISTENER** dest);
|
||||
mxs::SSLContext** dest);
|
||||
|
||||
/**
|
||||
* @brief Check if all SSL parameters are defined
|
||||
|
||||
@ -105,7 +105,7 @@ Listener::Listener(SERVICE* service,
|
||||
const std::string& authenticator,
|
||||
const std::string& auth_opts,
|
||||
void* auth_instance,
|
||||
SSL_LISTENER* ssl,
|
||||
mxs::SSLContext* ssl,
|
||||
const MXS_CONFIG_PARAMETER& params)
|
||||
: MXB_POLL_DATA{Listener::poll_handler}
|
||||
, m_name(name)
|
||||
@ -209,7 +209,7 @@ SListener Listener::create(const std::string& name,
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
SSL_LISTENER* ssl_info = NULL;
|
||||
mxs::SSLContext* ssl_info = NULL;
|
||||
|
||||
if (!config_create_ssl(name.c_str(), params, true, &ssl_info))
|
||||
{
|
||||
@ -618,7 +618,7 @@ void* Listener::auth_instance() const
|
||||
return m_auth_instance;
|
||||
}
|
||||
|
||||
SSL_LISTENER* Listener::ssl() const
|
||||
mxs::SSLContext* Listener::ssl() const
|
||||
{
|
||||
return m_ssl;
|
||||
}
|
||||
|
||||
@ -155,7 +155,7 @@ char* mxs_lestr_consume(uint8_t** c, size_t* size)
|
||||
|
||||
MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, const char* passwd)
|
||||
{
|
||||
SSL_LISTENER* listener = server->server_ssl;
|
||||
mxs::SSLContext* listener = server->server_ssl;
|
||||
|
||||
if (listener)
|
||||
{
|
||||
|
||||
@ -195,7 +195,7 @@ Server* Server::server_alloc(const char* name, const MXS_CONFIG_PARAMETER& param
|
||||
return NULL;
|
||||
}
|
||||
|
||||
SSL_LISTENER* ssl = NULL;
|
||||
mxs::SSLContext* ssl = NULL;
|
||||
|
||||
if (!config_create_ssl(name, params, false, &ssl))
|
||||
{
|
||||
@ -528,7 +528,7 @@ void Server::print_to_dcb(DCB* dcb) const
|
||||
}
|
||||
if (server->server_ssl)
|
||||
{
|
||||
SSL_LISTENER* l = server->server_ssl;
|
||||
mxs::SSLContext* l = server->server_ssl;
|
||||
dcb_printf(dcb,
|
||||
"\tSSL initialized: %s\n",
|
||||
l->ssl_init_done ? "yes" : "no");
|
||||
|
||||
@ -254,7 +254,7 @@ ssl_method_type_t string_to_ssl_method_type(const char* str)
|
||||
return SERVICE_SSL_UNKNOWN;
|
||||
}
|
||||
|
||||
void write_ssl_config(int fd, SSL_LISTENER* ssl)
|
||||
void write_ssl_config(int fd, mxs::SSLContext* ssl)
|
||||
{
|
||||
if (ssl)
|
||||
{
|
||||
@ -320,7 +320,7 @@ int ssl_authenticate_check_status(DCB* dcb)
|
||||
return rval;
|
||||
}
|
||||
|
||||
int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version)
|
||||
int listener_set_ssl_version(mxs::SSLContext* ssl_listener, const char* version)
|
||||
{
|
||||
if (strcasecmp(version, "MAX") == 0)
|
||||
{
|
||||
@ -350,7 +350,7 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version)
|
||||
return 0;
|
||||
}
|
||||
|
||||
void listener_set_certificates(SSL_LISTENER* ssl_listener, const std::string& cert,
|
||||
void listener_set_certificates(mxs::SSLContext* ssl_listener, const std::string& cert,
|
||||
const std::string& key, const std::string& ca_cert)
|
||||
{
|
||||
MXS_FREE(ssl_listener->ssl_cert);
|
||||
@ -449,7 +449,7 @@ static RSA* tmp_rsa_callback(SSL* s, int is_export, int keylength)
|
||||
return rsa_tmp;
|
||||
}
|
||||
|
||||
bool SSL_LISTENER_init(SSL_LISTENER* ssl)
|
||||
bool SSL_LISTENER_init(mxs::SSLContext* ssl)
|
||||
{
|
||||
mxb_assert(!ssl->ssl_init_done);
|
||||
bool rval = true;
|
||||
@ -584,7 +584,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
|
||||
return rval;
|
||||
}
|
||||
|
||||
void SSL_LISTENER_free(SSL_LISTENER* ssl)
|
||||
void SSL_LISTENER_free(mxs::SSLContext* ssl)
|
||||
{
|
||||
if (ssl)
|
||||
{
|
||||
|
||||
@ -825,10 +825,10 @@ static MXS_ROUTER* createInstance(SERVICE* service, MXS_CONFIG_PARAMETER* params
|
||||
return NULL;
|
||||
}
|
||||
|
||||
SSL_LISTENER* ssl_cfg;
|
||||
mxs::SSLContext* ssl_cfg;
|
||||
/* Allocate SSL struct for backend connection */
|
||||
if ((ssl_cfg =
|
||||
static_cast<SSL_LISTENER*>(MXS_CALLOC(1, sizeof(SSL_LISTENER)))) == NULL)
|
||||
static_cast<mxs::SSLContext*>(MXS_CALLOC(1, sizeof(mxs::SSLContext)))) == NULL)
|
||||
{
|
||||
MXS_ERROR("%s: Error allocating memory for SSL struct in createInstance",
|
||||
inst->service->name());
|
||||
@ -2941,7 +2941,7 @@ const char* blr_get_event_description(ROUTER_INSTANCE* router, uint8_t event)
|
||||
*/
|
||||
void blr_free_ssl_data(ROUTER_INSTANCE* inst)
|
||||
{
|
||||
SSL_LISTENER* server_ssl;
|
||||
mxs::SSLContext* server_ssl;
|
||||
|
||||
if (inst->service->dbref->server->server_ssl)
|
||||
{
|
||||
|
||||
@ -4841,7 +4841,7 @@ static char* blr_set_master_logfile(ROUTER_INSTANCE* router,
|
||||
*/
|
||||
static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* curr_master)
|
||||
{
|
||||
SSL_LISTENER* server_ssl;
|
||||
mxs::SSLContext* server_ssl;
|
||||
|
||||
curr_master->port = router->service->dbref->server->port;
|
||||
curr_master->host = router->service->dbref->server->address;
|
||||
@ -6330,7 +6330,7 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router,
|
||||
const ChangeMasterConfig& config,
|
||||
char* error_message)
|
||||
{
|
||||
SSL_LISTENER* server_ssl = NULL;
|
||||
mxs::SSLContext* server_ssl = NULL;
|
||||
int updated = 0;
|
||||
|
||||
if (config.ssl_enabled)
|
||||
@ -6355,7 +6355,7 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router,
|
||||
else
|
||||
{
|
||||
/* Allocate SSL struct for backend connection */
|
||||
server_ssl = static_cast<SSL_LISTENER*>(MXS_CALLOC(1, sizeof(SSL_LISTENER)));
|
||||
server_ssl = static_cast<mxs::SSLContext*>(MXS_CALLOC(1, sizeof(mxs::SSLContext)));
|
||||
if (server_ssl == NULL)
|
||||
{
|
||||
router->ssl_enabled = false;
|
||||
|
||||
Reference in New Issue
Block a user