MXS-2763: Log correct error for unsupported TLS versions
Previously when ssl_version was used with a value that is not supported on the system, an unknown parameter error was returned. This could be confusing and logging a proper error message should make it clear.
This commit is contained in:
Markus Mäkelä
@ -31,13 +31,9 @@ struct dcb;
|
|||||||
|
|
||||||
typedef enum ssl_method_type
|
typedef enum ssl_method_type
|
||||||
{
|
{
|
||||||
#ifndef OPENSSL_1_1
|
|
||||||
SERVICE_TLS10,
|
SERVICE_TLS10,
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_1_0
|
|
||||||
SERVICE_TLS11,
|
SERVICE_TLS11,
|
||||||
SERVICE_TLS12,
|
SERVICE_TLS12,
|
||||||
#endif
|
|
||||||
SERVICE_SSL_MAX,
|
SERVICE_SSL_MAX,
|
||||||
SERVICE_TLS_MAX,
|
SERVICE_TLS_MAX,
|
||||||
SERVICE_SSL_TLS_MAX,
|
SERVICE_SSL_TLS_MAX,
|
||||||
|
|||||||
@ -279,13 +279,9 @@ static const MXS_ENUM_VALUE ssl_values[] =
|
|||||||
static const MXS_ENUM_VALUE ssl_version_values[] =
|
static const MXS_ENUM_VALUE ssl_version_values[] =
|
||||||
{
|
{
|
||||||
{"MAX", SERVICE_SSL_TLS_MAX},
|
{"MAX", SERVICE_SSL_TLS_MAX},
|
||||||
#ifndef OPENSSL_1_1
|
|
||||||
{"TLSv10", SERVICE_TLS10 },
|
{"TLSv10", SERVICE_TLS10 },
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_1_0
|
|
||||||
{"TLSv11", SERVICE_TLS11 },
|
{"TLSv11", SERVICE_TLS11 },
|
||||||
{"TLSv12", SERVICE_TLS12 },
|
{"TLSv12", SERVICE_TLS12 },
|
||||||
#endif
|
|
||||||
{NULL}
|
{NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -188,14 +188,10 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version)
|
|||||||
{
|
{
|
||||||
ssl_listener->ssl_method_type = SERVICE_SSL_TLS_MAX;
|
ssl_listener->ssl_method_type = SERVICE_SSL_TLS_MAX;
|
||||||
}
|
}
|
||||||
#ifndef OPENSSL_1_1
|
|
||||||
else if (strcasecmp(version, "TLSV10") == 0)
|
else if (strcasecmp(version, "TLSV10") == 0)
|
||||||
{
|
{
|
||||||
ssl_listener->ssl_method_type = SERVICE_TLS10;
|
ssl_listener->ssl_method_type = SERVICE_TLS10;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_1_0
|
|
||||||
else if (strcasecmp(version, "TLSV11") == 0)
|
else if (strcasecmp(version, "TLSV11") == 0)
|
||||||
{
|
{
|
||||||
ssl_listener->ssl_method_type = SERVICE_TLS11;
|
ssl_listener->ssl_method_type = SERVICE_TLS11;
|
||||||
@ -204,7 +200,6 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version)
|
|||||||
{
|
{
|
||||||
ssl_listener->ssl_method_type = SERVICE_TLS12;
|
ssl_listener->ssl_method_type = SERVICE_TLS12;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
@ -278,22 +273,34 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
|
|||||||
|
|
||||||
switch (ssl->ssl_method_type)
|
switch (ssl->ssl_method_type)
|
||||||
{
|
{
|
||||||
#ifndef OPENSSL_1_1
|
|
||||||
case SERVICE_TLS10:
|
case SERVICE_TLS10:
|
||||||
|
#ifndef OPENSSL_1_1
|
||||||
ssl->method = (SSL_METHOD*)TLSv1_method();
|
ssl->method = (SSL_METHOD*)TLSv1_method();
|
||||||
|
#else
|
||||||
|
MXS_ERROR("TLSv1.0 is not supported on this system.");
|
||||||
|
return false;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_1_0
|
|
||||||
case SERVICE_TLS11:
|
case SERVICE_TLS11:
|
||||||
|
#ifdef OPENSSL_1_0
|
||||||
ssl->method = (SSL_METHOD*)TLSv1_1_method();
|
ssl->method = (SSL_METHOD*)TLSv1_1_method();
|
||||||
|
#else
|
||||||
|
MXS_ERROR("TLSv1.1 is not supported on this system.");
|
||||||
|
return false;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SERVICE_TLS12:
|
case SERVICE_TLS12:
|
||||||
|
#ifdef OPENSSL_1_0
|
||||||
ssl->method = (SSL_METHOD*)TLSv1_2_method();
|
ssl->method = (SSL_METHOD*)TLSv1_2_method();
|
||||||
|
#else
|
||||||
|
MXS_ERROR("TLSv1.2 is not supported on this system.");
|
||||||
|
return false;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#endif
|
|
||||||
/** Rest of these use the maximum available SSL/TLS methods */
|
/** Rest of these use the maximum available SSL/TLS methods */
|
||||||
case SERVICE_SSL_MAX:
|
case SERVICE_SSL_MAX:
|
||||||
ssl->method = (SSL_METHOD*)SSLv23_method();
|
ssl->method = (SSL_METHOD*)SSLv23_method();
|
||||||
|
|||||||
@ -201,19 +201,15 @@ const char* ssl_method_type_to_string(ssl_method_type_t method_type)
|
|||||||
{
|
{
|
||||||
switch (method_type)
|
switch (method_type)
|
||||||
{
|
{
|
||||||
#ifndef OPENSSL_1_1
|
|
||||||
case SERVICE_TLS10:
|
case SERVICE_TLS10:
|
||||||
return "TLSV10";
|
return "TLSV10";
|
||||||
|
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_1_0
|
|
||||||
case SERVICE_TLS11:
|
case SERVICE_TLS11:
|
||||||
return "TLSV11";
|
return "TLSV11";
|
||||||
|
|
||||||
case SERVICE_TLS12:
|
case SERVICE_TLS12:
|
||||||
return "TLSV12";
|
return "TLSV12";
|
||||||
|
|
||||||
#endif
|
|
||||||
case SERVICE_SSL_MAX:
|
case SERVICE_SSL_MAX:
|
||||||
case SERVICE_TLS_MAX:
|
case SERVICE_TLS_MAX:
|
||||||
case SERVICE_SSL_TLS_MAX:
|
case SERVICE_SSL_TLS_MAX:
|
||||||
@ -230,14 +226,10 @@ ssl_method_type_t string_to_ssl_method_type(const char* str)
|
|||||||
{
|
{
|
||||||
return SERVICE_SSL_TLS_MAX;
|
return SERVICE_SSL_TLS_MAX;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_1_1
|
|
||||||
else if (strcasecmp("TLSV10", str) == 0)
|
else if (strcasecmp("TLSV10", str) == 0)
|
||||||
{
|
{
|
||||||
return SERVICE_TLS10;
|
return SERVICE_TLS10;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_1_0
|
|
||||||
else if (strcasecmp("TLSV11", str) == 0)
|
else if (strcasecmp("TLSV11", str) == 0)
|
||||||
{
|
{
|
||||||
return SERVICE_TLS11;
|
return SERVICE_TLS11;
|
||||||
@ -246,8 +238,6 @@ ssl_method_type_t string_to_ssl_method_type(const char* str)
|
|||||||
{
|
{
|
||||||
return SERVICE_TLS12;
|
return SERVICE_TLS12;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
return SERVICE_SSL_UNKNOWN;
|
return SERVICE_SSL_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user