diff --git a/include/maxscale/config_runtime.h b/include/maxscale/config_runtime.h index acb56bba8..cc29f775c 100644 --- a/include/maxscale/config_runtime.h +++ b/include/maxscale/config_runtime.h @@ -96,6 +96,8 @@ bool runtime_alter_server(SERVER *server, char *key, char *value); * The @c key , @c cert and @c ca parameters are required. @c version and @c depth * are optional. * + * @note SSL cannot be disabled at runtime. + * * @param server Server to configure * @param key Path to SSL private key * @param cert Path to SSL public certificate @@ -110,7 +112,7 @@ bool runtime_enable_server_ssl(SERVER *server, const char *key, const char *cert /** * @brief Alter monitor parameters * - * @param monitor Monitor to aler + * @param monitor Monitor to alter * @param key Key to modify * @param value New value * @return True if @c key was one of the supported parameters diff --git a/include/maxscale/gw_ssl.h b/include/maxscale/gw_ssl.h index d15733e79..db6be67c1 100644 --- a/include/maxscale/gw_ssl.h +++ b/include/maxscale/gw_ssl.h @@ -71,6 +71,7 @@ typedef struct ssl_listener char *ssl_key; /*< SSL private key */ char *ssl_ca_cert; /*< SSL CA certificate */ bool ssl_init_done; /*< If SSL has already been initialized for this service */ + struct ssl_listener *next; /*< Next SSL configuration, currently used to store obsolete configurations */ } SSL_LISTENER; int ssl_authenticate_client(struct dcb *dcb, bool is_capable); diff --git a/server/core/config_runtime.c b/server/core/config_runtime.c index 854be86be..5858a13b6 100644 --- a/server/core/config_runtime.c +++ b/server/core/config_runtime.c @@ -211,6 +211,12 @@ bool runtime_enable_server_ssl(SERVER *server, const char *key, const char *cert if (err == 0 && ssl && listener_init_SSL(ssl) == 0) { + /** TODO: Properly discard old SSL configurations + * + * This could cause the loss of a pointer if two update + * operations are done at the same time.*/ + ssl->next = server->server_ssl; + /** Sync to prevent reads on partially initialized server_ssl */ atomic_synchronize();