hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2483: Take SSLContext into use in binlogrouter

Browse Source
This commit is contained in:
Markus Mäkelä
2019-05-17 17:21:50 +03:00
parent c78e907da0
commit e5a49a2f7b
3 changed files with 56 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
server/modules/routing/binlogrouter/blr.cc
View File

@ -824,29 +824,6 @@ static MXS_ROUTER* createInstance(SERVICE* service, MXS_CONFIG_PARAMETER* params
return NULL; return NULL;
} }
mxs::SSLContext* ssl_cfg;
/* Allocate SSL struct for backend connection */
if ((ssl_cfg =
static_cast<mxs::SSLContext*>(MXS_CALLOC(1, sizeof(mxs::SSLContext)))) == NULL)
{
MXS_ERROR("%s: Error allocating memory for SSL struct in createInstance",
inst->service->name());
MXS_FREE(service->dbref);
sqlite3_close_v2(inst->gtid_maps);
free_instance(inst);
return NULL;
}
/* Set some SSL defaults */
ssl_cfg->ssl_init_done = false;
ssl_cfg->ssl_method_type = SERVICE_SSL_TLS_MAX;
ssl_cfg->ssl_cert_verify_depth = 9;
ssl_cfg->ssl_verify_peer_certificate = true;
/** Set SSL pointer in in server struct */
server->server_ssl = ssl_cfg;
/* Add server to service backend list */ /* Add server to service backend list */
serviceAddBackend(inst->service, server); serviceAddBackend(inst->service, server);
@ -1502,11 +1479,7 @@ static void diagnostics(MXS_ROUTER* router, DCB* dcb)
/* SSL options */ /* SSL options */
if (router_inst->ssl_enabled) if (router_inst->ssl_enabled)
{ {
dcb_printf(dcb, "\tMaster SSL is ON:\n"); dcb_printf(dcb, "%s", router_inst->service->dbref->server->server_ssl->to_string().c_str());
if (router_inst->service->dbref->server && router_inst->service->dbref->server->server_ssl)
{
dcb_printf(dcb, "%s", router_inst->service->dbref->server->server_ssl->to_string().c_str());
}
} }
/* Binlog Encryption options */ /* Binlog Encryption options */

18
server/modules/routing/binlogrouter/blr_master.cc
View File

@ -3235,41 +3235,25 @@ void blr_master_set_config(ROUTER_INSTANCE* inst, const ChangeMasterConfig& conf
if (!config.ssl_ca.empty()) if (!config.ssl_ca.empty())
{ {
MXS_FREE(backend_server->server_ssl->ssl_ca_cert);
backend_server->server_ssl->ssl_ca_cert = MXS_STRDUP_A(config.ssl_ca.c_str());
MXS_FREE(inst->ssl_ca); MXS_FREE(inst->ssl_ca);
inst->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str()); inst->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str());
} }
if (!config.ssl_cert.empty()) if (!config.ssl_cert.empty())
{ {
MXS_FREE(backend_server->server_ssl->ssl_cert);
backend_server->server_ssl->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
MXS_FREE(inst->ssl_cert); MXS_FREE(inst->ssl_cert);
inst->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str()); inst->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
} }
if (!config.ssl_key.empty()) if (!config.ssl_key.empty())
{ {
MXS_FREE(backend_server->server_ssl->ssl_key);
backend_server->server_ssl->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
MXS_FREE(inst->ssl_key); MXS_FREE(inst->ssl_key);
inst->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str()); inst->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
} }
if (!config.ssl_version.empty()) if (!config.ssl_version.empty())
{ {
if (listener_set_ssl_version(backend_server->server_ssl, config.ssl_version.c_str()) != 0) inst->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
{
MXS_ERROR("Found unknown optional parameter value for 'ssl_version' for"
" service '%s': %s, ignoring it.",
inst->service->name(),
config.ssl_version.c_str());
}
else
{
inst->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
}
} }
if (config.heartbeat_period >= 0) if (config.heartbeat_period >= 0)

169
server/modules/routing/binlogrouter/blr_slave.cc
View File

@ -4841,8 +4841,6 @@ static char* blr_set_master_logfile(ROUTER_INSTANCE* router,
*/ */
static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* curr_master) static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* curr_master)
{ {
mxs::SSLContext* server_ssl;
curr_master->port = router->service->dbref->server->port; curr_master->port = router->service->dbref->server->port;
curr_master->host = router->service->dbref->server->address; curr_master->host = router->service->dbref->server->address;
curr_master->pos = router->current_pos; curr_master->pos = router->current_pos;
@ -4854,23 +4852,23 @@ static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* c
/* SSL options */ /* SSL options */
if (router->service->dbref->server->server_ssl) if (router->service->dbref->server->server_ssl)
{ {
server_ssl = router->service->dbref->server->server_ssl; auto server_ssl = router->service->dbref->server->server_ssl;
curr_master->ssl_enabled = router->ssl_enabled; curr_master->ssl_enabled = router->ssl_enabled;
if (router->ssl_version) if (router->ssl_version)
{ {
curr_master->ssl_version = router->ssl_version; curr_master->ssl_version = router->ssl_version;
} }
if (server_ssl->ssl_key) if (!server_ssl->ssl_key().empty())
{ {
curr_master->ssl_key = server_ssl->ssl_key; curr_master->ssl_key = server_ssl->ssl_key();
} }
if (server_ssl->ssl_cert) if (!server_ssl->ssl_cert().empty())
{ {
curr_master->ssl_cert = server_ssl->ssl_cert; curr_master->ssl_cert = server_ssl->ssl_cert();
} }
if (server_ssl->ssl_ca_cert) if (!server_ssl->ssl_ca().empty())
{ {
curr_master->ssl_ca = server_ssl->ssl_ca_cert; curr_master->ssl_ca = server_ssl->ssl_ca();
} }
} }
/* Connect options */ /* Connect options */
@ -6330,126 +6328,67 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router,
const ChangeMasterConfig& config, const ChangeMasterConfig& config,
char* error_message) char* error_message)
{ {
mxs::SSLContext* server_ssl = NULL; bool updated = 0;
int updated = 0;
if (config.ssl_enabled) if (config.ssl_enabled)
{ {
router->ssl_enabled = config.ssl_enabled; router->ssl_enabled = config.ssl_enabled;
updated++;
} }
if (router->ssl_enabled == false) if (router->ssl_enabled)
{ {
/* Free SSL struct */ MXS_CONFIG_PARAMETER params;
blr_free_ssl_data(router); params.set_from_list({
} {CN_SSL, CN_REQUIRED},
else {CN_SSL_KEY, config.ssl_key},
{ {CN_SSL_CERT, config.ssl_cert},
/* Check for existing SSL struct */ {CN_SSL_CA_CERT, config.ssl_ca},
if (router->service->dbref->server->server_ssl) {CN_SSL_VERSION, config.ssl_version},
{CN_SSL_CERT_VERIFY_DEPTH, "9"},
{CN_SSL_VERIFY_PEER_CERTIFICATE, "true"}
});
auto ssl = mxs::SSLContext::create(params);
if (ssl)
{ {
server_ssl = router->service->dbref->server->server_ssl; updated = 1;
server_ssl->ssl_init_done = false; delete router->service->dbref->server->server_ssl;
router->service->dbref->server->server_ssl = ssl;
/* Update options in router fields */
if (!config.ssl_key.empty())
{
mxb_assert((config.ssl_key.front() != '\'') && (config.ssl_key.front() != '"'));
MXS_FREE(router->ssl_key);
router->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
}
if (!config.ssl_ca.empty())
{
mxb_assert((config.ssl_ca.front() != '\'') && (config.ssl_ca.front() != '"'));
MXS_FREE(router->ssl_ca);
router->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str());
}
if (!config.ssl_cert.empty())
{
mxb_assert((config.ssl_cert.front() != '\'') && (config.ssl_cert.front() != '"'));
MXS_FREE(router->ssl_cert);
router->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
}
if (!config.ssl_version.empty())
{
mxb_assert((config.ssl_version.front() != '\'') && (config.ssl_version.front() != '"'));
MXS_FREE(router->ssl_version);
router->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
}
} }
else else
{ {
/* Allocate SSL struct for backend connection */ updated = -1;
server_ssl = static_cast<mxs::SSLContext*>(MXS_CALLOC(1, sizeof(mxs::SSLContext)));
if (server_ssl == NULL)
{
router->ssl_enabled = false;
/* Report back the error */
snprintf(error_message,
BINLOG_ERROR_MSG_LEN,
"CHANGE MASTER TO: Error allocating memory for SSL struct"
" in blr_set_master_ssl");
return -1;
}
/* Set some SSL defaults */
server_ssl->ssl_init_done = false;
server_ssl->ssl_method_type = SERVICE_SSL_TLS_MAX;
server_ssl->ssl_cert_verify_depth = 9;
/* Set the pointer */
router->service->dbref->server->server_ssl = server_ssl;
} }
} }
/* Update options in router fields and in server_ssl struct, if present */ return updated;
if (!config.ssl_key.empty())
{
mxb_assert((config.ssl_key.front() != '\'') && (config.ssl_key.front() != '"'));
if (server_ssl)
{
MXS_FREE(server_ssl->ssl_key);
server_ssl->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
}
MXS_FREE(router->ssl_key);
router->ssl_key = MXS_STRDUP_A(config.ssl_key.c_str());
updated++;
}
if (!config.ssl_ca.empty())
{
mxb_assert((config.ssl_ca.front() != '\'') && (config.ssl_ca.front() != '"'));
if (server_ssl)
{
MXS_FREE(server_ssl->ssl_ca_cert);
server_ssl->ssl_ca_cert = MXS_STRDUP_A(config.ssl_ca.c_str());
}
MXS_FREE(router->ssl_ca);
router->ssl_ca = MXS_STRDUP_A(config.ssl_ca.c_str());
updated++;
}
if (!config.ssl_cert.empty())
{
mxb_assert((config.ssl_cert.front() != '\'') && (config.ssl_cert.front() != '"'));
if (server_ssl)
{
MXS_FREE(server_ssl->ssl_cert);
server_ssl->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
}
MXS_FREE(router->ssl_cert);
router->ssl_cert = MXS_STRDUP_A(config.ssl_cert.c_str());
updated++;
}
if (!config.ssl_version.empty() && server_ssl)
{
mxb_assert((config.ssl_version.front() != '\'') && (config.ssl_version.front() != '"'));
if (!config.ssl_version.empty())
{
if (listener_set_ssl_version(server_ssl, config.ssl_version.c_str()) != 0)
{
/* Report back the error */
snprintf(error_message,
BINLOG_ERROR_MSG_LEN,
"Unknown parameter value for 'ssl_version': %s",
config.ssl_version.c_str());
return -1;
}
/* Set provided ssl_version in router SSL cfg anyway */
MXS_FREE(router->ssl_version);
router->ssl_version = MXS_STRDUP_A(config.ssl_version.c_str());
updated++;
}
}
if (updated)
{
return 1;
}
else
{
return 0;
}
} }
/** /**