The fix to the bug where peer certificates were validated but not required
caused the default behavior to change. The default should've changed at
the same time the fix was made.
The password values are now masked with asterisks. This tells whether a
password is set or not but it does not expose any information about the
password itself.
In cases where servers are known to be down on startup, this feature does
more harm than good. Disabling it in these cases would be preferable but
due to how the parameter is used, it is not possible.
Added new ssl_version value for TLSv1.3. This allows the list of accepted
protocol versions to be limited to all supported protocols. Previously
TLSv1.3 was only available with ssl_version=MAX.
Also fixed the enum value serialization to use a lowercase v. This causes
them to have the same value as the one used in the enum.
Previously when ssl_version was used with a value that is not supported on
the system, an unknown parameter error was returned. This could be
confusing and logging a proper error message should make it clear.
The hard limit of 10 seconds is too strict when taking into account the
fact that infinite refreshes was possible before the bug was fixed. This
also makes testing a lot easier where rapid reloads are necessary.
In MaxScale, a "deprecated" parameter is not in use and can be ignored.
Leaving the parameters out of serialized configuration files avoids warning
messages.
Changed getter function return values to std::string, converted
MXS_CONFIG_PARAMETER::set_from_list to take std::strings instead of const
char pointers.
SSLContext is now used everywhere except the binlogrouter which still
allocates the contexts itself. Fixing the binlogrouter's misuse of
internal structures is a rather large undertaking and for this reason the
SSLContext will be taken into use there in a separate commit.
The Listener::create method now takes a set of configuration parameters
from which it constructs a listener. This removes the duplicated code and
makes the behavior of listener creation similar to other objects in
MaxScale. It also allows the configuration parameters to be stored in the
listener object itself.
The functions that searched for listeners compared both sockets and
addresses in the same function. This made its use error prone and caused
false positives in some cases.
