Commit Graph

4312 Commits

Author SHA1 Message Date
9e9abbe8be MXS-2786: Require certificates when verifying peers
When peer verification is enabled, clients must present a certificate.
2019-12-03 10:34:00 +02:00
7a5e50f980 Merge branch '2.3' into 2.4 2019-11-29 16:41:07 +02:00
521c75505b Properly detect SSL initialization failures
The return value was not checked in the function that created it.
2019-11-29 16:31:07 +02:00
ab8393939b MXS-2773: Make host blocking an optional feature
In cases where servers are known to be down on startup, this feature does
more harm than good. Disabling it in these cases would be preferable but
due to how the parameter is used, it is not possible.
2019-11-29 16:31:07 +02:00
cd9b82ba09 Print OpenSSL errors on CA cert errors
This helps figure out why the certificate is not OK.
2019-11-29 16:16:35 +02:00
fb23f3eb3e OpenSSL 1.1 supports TLSv1.1 and TLSv1.2
TLSv1.0 is the only version that newer OpenSSL versions do not support.
2019-11-29 16:16:35 +02:00
d45ea8d489 Merge branch '2.3' into 2.4 2019-11-29 13:59:16 +02:00
d41975dde8 MXS-2782 Return nullptr if non-existing worker is asked for
Earlier assert in debug mode and garbage in release mode.
2019-11-28 14:33:00 +02:00
c5ce940b12 Merge branch '2.3' into 2.4 2019-11-28 08:05:44 +02:00
774e9bc3f0 MXS-2762: Add ssl_version=TLSv13
Added new ssl_version value for TLSv1.3. This allows the list of accepted
protocol versions to be limited to all supported protocols. Previously
TLSv1.3 was only available with ssl_version=MAX.

Also fixed the enum value serialization to use a lowercase v. This causes
them to have the same value as the one used in the enum.
2019-11-28 07:48:01 +02:00
f7f865d4c3 MXS-2763: Log correct error for unsupported TLS versions
Previously when ssl_version was used with a value that is not supported on
the system, an unknown parameter error was returned. This could be
confusing and logging a proper error message should make it clear.
2019-11-28 07:48:01 +02:00
f6731a898d Update change date 2019-11-13 08:37:17 +02:00
3f05059afa Merge branch '2.3' into 2.4 2019-11-11 09:09:10 +02:00
638d1bf354 MXS-2760: Fix ssl_version conversion
The value is now correctly converted to the enum values.
2019-11-11 09:05:46 +02:00
fdfbf3e133 Update 2.4.3 change date 2019-11-05 12:21:00 +02:00
03e8e85a22 Enable SO_KEEPALIVE
This hopefully prevents unnecessary TCP timeouts.
2019-11-05 11:02:32 +02:00
861e27eb00 Merge branch '2.3' into 2.4 2019-10-29 14:04:31 +02:00
df6c56e7ca Update 2.3.13 Change Date 2019-10-29 12:51:31 +02:00
e82be12be9 Cache password hash results
Since the user authentication stores a SHA2-512 hash of the password on
disk, caching the hash results in memory speeds up the authentication
process significantly. Storing the password on disk in plain-text form
would also speed it up but this would be quite insecure.
2019-10-29 11:34:09 +02:00
9b75ea17ac Fix merge bug
Unhandled conflict
2019-10-29 11:08:52 +02:00
722d269123 Merge branch '2.3' into 2.4 2019-10-29 11:02:37 +02:00
446a3fac15 MXS-2720: Fix service session count
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
2019-10-29 09:26:41 +02:00
26a56f48b2 MXS-2720: Assert that client count is non-negative 2019-10-29 09:26:41 +02:00
cf8ff493bc Add query canonicalization profiling
A small helper program like this helps figure out performance problems
with the function.
2019-10-29 09:26:41 +02:00
8258e14bfe Add minor optimizations to get_canonical
Requiring contiguous buffers removes the need to use mxs::Buffer which
also removes the need to check for buffer boundaries.

Converted all the functions used by get_canonical into `static inline` so
that the compiler knows it can inline them. A few of them weren't `static`
which made the calls to the functions unnecessarily expensive.
2019-10-29 09:26:41 +02:00
7f41bfa5f8 Fix minor defect in get_canonical
The backslash was added instead of assigned. Since the value stored at
that position is always a null byte, assignment and addition would result
in the same outcome.
2019-10-29 09:26:41 +02:00
d6eb73c9ee MXS-2639: Fix maxinfo memory leak
The JSON version didn't call json_decref on the object it created.
2019-10-29 09:26:41 +02:00
c609042874 MXS-2706: Fix maxinfo JSON output
The output now correctly formats integers.
2019-10-29 09:26:41 +02:00
ff73bc778e MXS-2728: Give maxscale ownership of the .secrets file
Since most of the time users run MaxScale as the maxscale user, we can
change the ownership of the file when it is being created. This prevents
the need to manually set the permissions after the file is created.

If the user creating the file is root, the ownership change will work but
on the other hand if the user simply has write permission into MaxScale's
files, the ownership change will likely cause an error. This will still be
an improvement as the user will know the file ownership needs to be
changed.
2019-10-25 16:22:11 +03:00
dc895e41ad Merge branch '2.3' into 2.4 2019-10-11 09:51:48 +03:00
183673b026 MXS-2720: Fix service session count
The number of sessions wasn't always incremented but it was always
decremented. This happened primarily when authentication failed. By making
the management of the counters a part of the object lifecycle, this
problem goes away.
2019-10-10 21:34:03 +03:00
c9da7c2727 MXS-2720: Assert that client count is non-negative 2019-10-10 21:24:36 +03:00
067b1cfbc1 Add query canonicalization profiling
A small helper program like this helps figure out performance problems
with the function.
2019-10-10 21:24:35 +03:00
dc4e35e60d Add minor optimizations to get_canonical
Requiring contiguous buffers removes the need to use mxs::Buffer which
also removes the need to check for buffer boundaries.

Converted all the functions used by get_canonical into `static inline` so
that the compiler knows it can inline them. A few of them weren't `static`
which made the calls to the functions unnecessarily expensive.
2019-10-10 21:24:35 +03:00
6ea2adef12 Fix minor defect in get_canonical
The backslash was added instead of assigned. Since the value stored at
that position is always a null byte, assignment and addition would result
in the same outcome.
2019-10-10 21:24:35 +03:00
56defbfdec MXS-2639: Fix maxinfo memory leak
The JSON version didn't call json_decref on the object it created.
2019-10-09 08:41:51 +03:00
026109f9bc MXS-2706: Fix maxinfo JSON output
The output now correctly formats integers.
2019-10-09 08:41:51 +03:00
64d19cf018 MXS-2711: Fix updating of retain_last_statements
The value is now correctly expected to be a non-negative integer.
2019-10-04 09:42:03 +03:00
237cdd798b MXS-2687: Detect invalid socket arguments
Cherry-pick of 5a94f09cb97d7da5ca4a71b398f14ec32e6c90e7.
2019-10-03 09:29:52 +03:00
7f7b052f0e Print stacktrace in one message
By printing the stacktrace in one log message, it prevents it from
interleaving with other messages. This happens on busy systems and makes
crash analysis harder.
2019-10-02 10:44:57 +03:00
27675ed41d MXS-2354: Fix subsecond part of temporal values
TIMESTAMP2, DATETIME2 and TIME2 values with decimal parts are now
correctly converted into their string forms. Previously the decimal part
was ignored but most of the code required to extract it was in place.
2019-09-30 11:47:29 +03:00
19487d2bfb Merge branch '2.3' into 2.4 2019-09-20 09:36:23 +03:00
f587ec191d MXS-2688 Add QC operator QUERY_OP_SET
Allows RWS to unconditionally send all SET-statements to
all servers.
2019-09-20 09:27:38 +03:00
78cc5b2445 Move packet_tracker.cc under maxscale
It depends on MaxScale-types. This also removes the maxsql-pcre2-dependency.
2019-09-18 12:19:09 +03:00
1f26189ddd Merge branch '2.3' into 2.4 2019-09-17 14:55:34 +03:00
dabab543cc MXS-2684 Add throttling callbacks to backend DCB from pool
Add throttling callbacks to a backend DCB taken from the persistent
pool. They were removed when the dcb was put into the pool.
2019-09-17 14:45:53 +03:00
31029eaec8 MXS-2675: Fix server creation with TLS via REST API
The TLS parameters were defined but the main parameter that enables it
wasn't automatically added. As the REST API documentation states that this
parameter does not need to be defined, the runtime configuration must add
it.
2019-09-13 14:14:34 +03:00
ebbd806c6a Merge branch '2.3' into 2.4 2019-09-06 10:59:08 +03:00
00feb61b23 MXS-2652 Do not clear maintenance flag when a server goes down
The set of flags to clear should be well-defined.
2019-09-06 09:43:32 +03:00
68f3b235e1 MXS-2650 Fix SSL-use with Connector-C
Authenticators and monitors now use SSL when configured. The fix has two parts:
1) Removed the extra SSLConfig inside SSLProvider, as SSLContext already contains
the config.
2) When inputting parameter values to mysql_ssl_set(), empty strings are converted
to NULL-pointers as the function expects those for unused values.
2019-08-29 17:46:26 +03:00