Validate SSL parameters via the module-type parameters

The configuration system that modules use allows the SSL parameter validation to be simplified. It should also provide more consistent error messages for similar types of errors. The SSL_LISTENER initialization is now done in one step. There was no good reason to do it in two separate steps for listeners but in one step for servers. The `ssl` parameter now also accepts boolean values. As the parameter behaves like a boolean and looks like a boolean, it ought to be a boolean. It still accepts the custom `required` and `disabled` values simply for backwards compatibility. Also added the missing freeing functions for the SSL_LISTENER type. This prevents failed SSL_LISTENER creations from leaking memory.
2018-07-14 23:02:45 +03:00
parent 1b89c077b1
commit d28b1c9d1d
8 changed files with 267 additions and 295 deletions
--- a/include/maxscale/listener.h
+++ b/include/maxscale/listener.h
@ -82,7 +82,31 @@ SERV_LISTENER* listener_alloc(struct service* service, const char* name, const c
 void listener_free(SERV_LISTENER* listener);
 int listener_set_ssl_version(SSL_LISTENER *ssl_listener, char* version);
 void listener_set_certificates(SSL_LISTENER *ssl_listener, char* cert, char* key, char* ca_cert);
-int listener_init_SSL(SSL_LISTENER *ssl_listener);
+
+
+/**
+ * Initialize SSL configuration
+ *
+ * This sets up the generated RSA encryption keys, chooses the listener
+ * encryption level and configures the listener certificate, private key and
+ * certificate authority file.
+ *
+ * @note This function should not be called directly, use config_create_ssl() instead
+ *
+ * @todo Combine this with config_create_ssl() into one function
+ *
+ * @param ssl SSL configuration to initialize
+ *
+ * @return True on success, false on error
+ */
+bool SSL_LISTENER_init(SSL_LISTENER* ssl);
+
+/**
+ * Free an SSL_LISTENER
+ *
+ * @param ssl SSL_LISTENER to free
+ */
+void SSL_LISTENER_free(SSL_LISTENER* ssl);

 /**
 * @brief Check if listener is active