hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2483: Take SSLContext into use in binlogrouter

Browse Source
This commit is contained in:
Markus Mäkelä 2019-05-17 17:21:50 +03:00
parent c78e907da0
commit e5a49a2f7b
No known key found for this signature in database
GPG Key ID: 72D48FCE664F7B19
3 changed files with 56 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
server/modules/routing/binlogrouter/blr.cc
View File

@ -824,29 +824,6 @@ static MXS_ROUTER* createInstance(SERVICE* service, MXS_CONFIG_PARAMETER* params
return NULL;
}
mxs::SSLContext* ssl_cfg;
/* Allocate SSL struct for backend connection */
if ((ssl_cfg =
static_cast<mxs::SSLContext*>(MXS_CALLOC(1, sizeof(mxs::SSLContext)))) == NULL)
{
MXS_ERROR("%s: Error allocating memory for SSL struct in createInstance",
inst->service->name());
MXS_FREE(service->dbref);
sqlite3_close_v2(inst->gtid_maps);
free_instance(inst);
return NULL;
}
/* Set some SSL defaults */
ssl_cfg->ssl_init_done = false;
ssl_cfg->ssl_method_type = SERVICE_SSL_TLS_MAX;
ssl_cfg->ssl_cert_verify_depth = 9;
ssl_cfg->ssl_verify_peer_certificate = true;
/** Set SSL pointer in in server struct */
server->server_ssl = ssl_cfg;
/* Add server to service backend list */
serviceAddBackend(inst->service, server);
@ -1502,11 +1479,7 @@ static void diagnostics(MXS_ROUTER* router, DCB* dcb)
/* SSL options */
if (router_inst->ssl_enabled)
{
dcb_printf(dcb, "\tMaster SSL is ON:\n");
if (router_inst->service->dbref->server && router_inst->service->dbref->server->server_ssl)
{
dcb_printf(dcb, "%s", router_inst->service->dbref->server->server_ssl->to_string().c_str());
}
dcb_printf(dcb, "%s", router_inst->service->dbref->server->server_ssl->to_string().c_str());
}
/* Binlog Encryption options */

18
server/modules/routing/binlogrouter/blr_master.cc
View File

@ -3235,41 +3235,25 @@ void blr_master_set_config(ROUTER_INSTANCE* inst, const ChangeMasterConfig& conf
if (!config.ssl_ca.empty())
{
MXS_FREE(backend_server->server_ssl->ssl_ca_cert);
backend_server->server_ssl->ssl_ca_cert = MXS_STRDUP_A(config.ssl_ca.c_str());
MXS_FREE(inst->ssl_ca);
inst->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str());
}
if (!config.ssl_cert.empty())
{
MXS_FREE(backend_server->server_ssl->ssl_cert);
backend_server->server_ssl->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
MXS_FREE(inst->ssl_cert);
inst->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
}
if (!config.ssl_key.empty())
{
MXS_FREE(backend_server->server_ssl->ssl_key);
backend_server->server_ssl->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
MXS_FREE(inst->ssl_key);
inst->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
}
if (!config.ssl_version.empty())
{
if (listener_set_ssl_version(backend_server->server_ssl, config.ssl_version.c_str()) != 0)
{
MXS_ERROR("Found unknown optional parameter value for 'ssl_version' for"
" service '%s': %s, ignoring it.",
inst->service->name(),
config.ssl_version.c_str());
}
else
{
inst->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
}
inst->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
}
if (config.heartbeat_period >= 0)

169
server/modules/routing/binlogrouter/blr_slave.cc
View File

@ -4841,8 +4841,6 @@ static char* blr_set_master_logfile(ROUTER_INSTANCE* router,
*/
static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* curr_master)
{
mxs::SSLContext* server_ssl;
curr_master->port = router->service->dbref->server->port;
curr_master->host = router->service->dbref->server->address;
curr_master->pos = router->current_pos;
@ -4854,23 +4852,23 @@ static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* c
/* SSL options */
if (router->service->dbref->server->server_ssl)
{
server_ssl = router->service->dbref->server->server_ssl;
auto server_ssl = router->service->dbref->server->server_ssl;
curr_master->ssl_enabled = router->ssl_enabled;
if (router->ssl_version)
{
curr_master->ssl_version = router->ssl_version;
}
if (server_ssl->ssl_key)
if (!server_ssl->ssl_key().empty())
{
curr_master->ssl_key = server_ssl->ssl_key;
curr_master->ssl_key = server_ssl->ssl_key();
}
if (server_ssl->ssl_cert)
if (!server_ssl->ssl_cert().empty())
{
curr_master->ssl_cert = server_ssl->ssl_cert;
curr_master->ssl_cert = server_ssl->ssl_cert();
}
if (server_ssl->ssl_ca_cert)
if (!server_ssl->ssl_ca().empty())
{
curr_master->ssl_ca = server_ssl->ssl_ca_cert;
curr_master->ssl_ca = server_ssl->ssl_ca();
}
}
/* Connect options */
@ -6330,126 +6328,67 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router,
const ChangeMasterConfig& config,
char* error_message)
{
mxs::SSLContext* server_ssl = NULL;
int updated = 0;
bool updated = 0;
if (config.ssl_enabled)
{
router->ssl_enabled = config.ssl_enabled;
updated++;
}
if (router->ssl_enabled == false)
if (router->ssl_enabled)
{
/* Free SSL struct */
blr_free_ssl_data(router);
}
else
{
/* Check for existing SSL struct */
if (router->service->dbref->server->server_ssl)
MXS_CONFIG_PARAMETER params;
params.set_from_list({
{CN_SSL, CN_REQUIRED},
{CN_SSL_KEY, config.ssl_key},
{CN_SSL_CERT, config.ssl_cert},
{CN_SSL_CA_CERT, config.ssl_ca},
{CN_SSL_VERSION, config.ssl_version},
{CN_SSL_CERT_VERIFY_DEPTH, "9"},
{CN_SSL_VERIFY_PEER_CERTIFICATE, "true"}
});
auto ssl = mxs::SSLContext::create(params);
if (ssl)
{
server_ssl = router->service->dbref->server->server_ssl;
server_ssl->ssl_init_done = false;
updated = 1;
delete router->service->dbref->server->server_ssl;
router->service->dbref->server->server_ssl = ssl;
/* Update options in router fields */
if (!config.ssl_key.empty())
{
mxb_assert((config.ssl_key.front() != '\'') && (config.ssl_key.front() != '"'));
MXS_FREE(router->ssl_key);
router->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
}
if (!config.ssl_ca.empty())
{
mxb_assert((config.ssl_ca.front() != '\'') && (config.ssl_ca.front() != '"'));
MXS_FREE(router->ssl_ca);
router->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str());
}
if (!config.ssl_cert.empty())
{
mxb_assert((config.ssl_cert.front() != '\'') && (config.ssl_cert.front() != '"'));
MXS_FREE(router->ssl_cert);
router->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
}
if (!config.ssl_version.empty())
{
mxb_assert((config.ssl_version.front() != '\'') && (config.ssl_version.front() != '"'));
MXS_FREE(router->ssl_version);
router->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
}
}
else
{
/* Allocate SSL struct for backend connection */
server_ssl = static_cast<mxs::SSLContext*>(MXS_CALLOC(1, sizeof(mxs::SSLContext)));
if (server_ssl == NULL)
{
router->ssl_enabled = false;
/* Report back the error */
snprintf(error_message,
BINLOG_ERROR_MSG_LEN,
"CHANGE MASTER TO: Error allocating memory for SSL struct"
" in blr_set_master_ssl");
return -1;
}
/* Set some SSL defaults */
server_ssl->ssl_init_done = false;
server_ssl->ssl_method_type = SERVICE_SSL_TLS_MAX;
server_ssl->ssl_cert_verify_depth = 9;
/* Set the pointer */
router->service->dbref->server->server_ssl = server_ssl;
updated = -1;
}
}
/* Update options in router fields and in server_ssl struct, if present */
if (!config.ssl_key.empty())
{
mxb_assert((config.ssl_key.front() != '\'') && (config.ssl_key.front() != '"'));
if (server_ssl)
{
MXS_FREE(server_ssl->ssl_key);
server_ssl->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
}
MXS_FREE(router->ssl_key);
router->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
updated++;
}
if (!config.ssl_ca.empty())
{
mxb_assert((config.ssl_ca.front() != '\'') && (config.ssl_ca.front() != '"'));
if (server_ssl)
{
MXS_FREE(server_ssl->ssl_ca_cert);
server_ssl->ssl_ca_cert = MXS_STRDUP_A(config.ssl_ca.c_str());
}
MXS_FREE(router->ssl_ca);
router->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str());
updated++;
}
if (!config.ssl_cert.empty())
{
mxb_assert((config.ssl_cert.front() != '\'') && (config.ssl_cert.front() != '"'));
if (server_ssl)
{
MXS_FREE(server_ssl->ssl_cert);
server_ssl->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
}
MXS_FREE(router->ssl_cert);
router->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
updated++;
}
if (!config.ssl_version.empty() && server_ssl)
{
mxb_assert((config.ssl_version.front() != '\'') && (config.ssl_version.front() != '"'));
if (!config.ssl_version.empty())
{
if (listener_set_ssl_version(server_ssl, config.ssl_version.c_str()) != 0)
{
/* Report back the error */
snprintf(error_message,
BINLOG_ERROR_MSG_LEN,
"Unknown parameter value for 'ssl_version': %s",
config.ssl_version.c_str());
return -1;
}
/* Set provided ssl_version in router SSL cfg anyway */
MXS_FREE(router->ssl_version);
router->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
updated++;
}
}
if (updated)
{
return 1;
}
else
{
return 0;
}
return updated;
}
/**