Added new ssl_version value for TLSv1.3. This allows the list of accepted
protocol versions to be limited to all supported protocols. Previously
TLSv1.3 was only available with ssl_version=MAX.
Also fixed the enum value serialization to use a lowercase v. This causes
them to have the same value as the one used in the enum.
Previously when ssl_version was used with a value that is not supported on
the system, an unknown parameter error was returned. This could be
confusing and logging a proper error message should make it clear.
Since the user authentication stores a SHA2-512 hash of the password on
disk, caching the hash results in memory speeds up the authentication
process significantly. Storing the password on disk in plain-text form
would also speed it up but this would be quite insecure.
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
Requiring contiguous buffers removes the need to use mxs::Buffer which
also removes the need to check for buffer boundaries.
Converted all the functions used by get_canonical into `static inline` so
that the compiler knows it can inline them. A few of them weren't `static`
which made the calls to the functions unnecessarily expensive.
The backslash was added instead of assigned. Since the value stored at
that position is always a null byte, assignment and addition would result
in the same outcome.
Since most of the time users run MaxScale as the maxscale user, we can
change the ownership of the file when it is being created. This prevents
the need to manually set the permissions after the file is created.
If the user creating the file is root, the ownership change will work but
on the other hand if the user simply has write permission into MaxScale's
files, the ownership change will likely cause an error. This will still be
an improvement as the user will know the file ownership needs to be
changed.
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
Requiring contiguous buffers removes the need to use mxs::Buffer which
also removes the need to check for buffer boundaries.
Converted all the functions used by get_canonical into `static inline` so
that the compiler knows it can inline them. A few of them weren't `static`
which made the calls to the functions unnecessarily expensive.
The backslash was added instead of assigned. Since the value stored at
that position is always a null byte, assignment and addition would result
in the same outcome.
By printing the stacktrace in one log message, it prevents it from
interleaving with other messages. This happens on busy systems and makes
crash analysis harder.
TIMESTAMP2, DATETIME2 and TIME2 values with decimal parts are now
correctly converted into their string forms. Previously the decimal part
was ignored but most of the code required to extract it was in place.
The TLS parameters were defined but the main parameter that enables it
wasn't automatically added. As the REST API documentation states that this
parameter does not need to be defined, the runtime configuration must add
it.
Authenticators and monitors now use SSL when configured. The fix has two parts:
1) Removed the extra SSLConfig inside SSLProvider, as SSLContext already contains
the config.
2) When inputting parameter values to mysql_ssl_set(), empty strings are converted
to NULL-pointers as the function expects those for unused values.
The new configuration system relieas upon static varibles being
used for declaring what arguments a particular module uses. To
ensure that the destruction order does not matter, we redundantly
store the needed data (the name).
When a connection is created, the size of the history that is about to be
replayed is known. Storing this and decrementing it each time a session
command is completed tells us when the Backend has finished replaying the
session command history. This can then be used to distinguish whether a
session command executed on a master should be retried or whether to
simply discard the connection.
