Store old server SSL configurations

If the SSL configuration of a server was altered successfully, it would overwrite an existing configuration leading to a true memory leak. Converting the SSL_LISTENER structure to a list allows it to store the old configurations without leaking the memory. This has no functional benefits apart from storing references which could aid in debugging. In the future, the discarded configurations could be freed once all connections that use it are closed.
2016-11-23 08:48:09 +02:00 · 2016-11-23 08:48:09 +02:00 · ff54771cd1
commit ff54771cd1
parent 498395cd3d
3 changed files with 10 additions and 1 deletions
--- a/include/maxscale/config_runtime.h
+++ b/include/maxscale/config_runtime.h
@ -96,6 +96,8 @@ bool runtime_alter_server(SERVER *server, char *key, char *value);
 * The @c key , @c cert and @c ca parameters are required. @c version and @c depth
 * are optional.
 *
+ * @note SSL cannot be disabled at runtime.
+ *
 * @param server Server to configure
 * @param key Path to SSL private key
 * @param cert Path to SSL public certificate
@ -110,7 +112,7 @@ bool runtime_enable_server_ssl(SERVER *server, const char *key, const char *cert
 /**
 * @brief Alter monitor parameters
 *
- * @param monitor Monitor to aler
+ * @param monitor Monitor to alter
 * @param key Key to modify
 * @param value New value
 * @return True if @c key was one of the supported parameters
--- a/include/maxscale/gw_ssl.h
+++ b/include/maxscale/gw_ssl.h
@ -71,6 +71,7 @@ typedef struct ssl_listener
    char *ssl_key;                      /*< SSL private key */
    char *ssl_ca_cert;                  /*< SSL CA certificate */
    bool ssl_init_done;                 /*< If SSL has already been initialized for this service */
+    struct ssl_listener *next;          /*< Next SSL configuration, currently used to store obsolete configurations */
 } SSL_LISTENER;

 int ssl_authenticate_client(struct dcb *dcb, bool is_capable);
--- a/server/core/config_runtime.c
+++ b/server/core/config_runtime.c
@ -211,6 +211,12 @@ bool runtime_enable_server_ssl(SERVER *server, const char *key, const char *cert

            if (err == 0 && ssl && listener_init_SSL(ssl) == 0)
            {
+                /** TODO: Properly discard old SSL configurations
+                 *
+                 * This could cause the loss of a pointer if two update
+                 * operations are done at the same time.*/
+                ssl->next = server->server_ssl;
+
                /** Sync to prevent reads on partially initialized server_ssl */
                atomic_synchronize();