hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feae0cda17c3487be182fa45ca11b34a7fd2feed
MaxScale/include/maxscale/ssl.hh
Markus Mäkelä 859e930466 MXS-2486: Make SSL configurations immutable 
Changes to SSL configurations is expected to be rare which allows them to
be made into immutable objects once created. This is an acceptable
compromise between performance and usability.
2019-05-24 15:33:18 +03:00

168 lines
4.3 KiB
C++
Raw Blame History

/*
* Copyright (c) 2018 MariaDB Corporation Ab
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file and at www.mariadb.com/bsl11.
*
* Change Date: 2022-01-01
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2 or later of the General
* Public License.
*/
#pragma once
/**
* @file ssl.hh
*
* The SSL definitions for MaxScale
*/
#include <maxscale/ccdefs.hh>
#include <maxscale/protocol.hh>
#include <maxscale/modinfo.h>
#include <maxscale/routingworker.hh>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/dh.h>
struct DCB;
class MXS_CONFIG_PARAMETER;
enum ssl_method_type_t
{
#ifndef OPENSSL_1_1
SERVICE_TLS10,
#endif
#ifdef OPENSSL_1_0
SERVICE_TLS11,
SERVICE_TLS12,
#endif
SERVICE_SSL_MAX,
SERVICE_TLS_MAX,
SERVICE_SSL_TLS_MAX,
SERVICE_SSL_UNKNOWN
};
const char* ssl_method_type_to_string(ssl_method_type_t method_type);
ssl_method_type_t string_to_ssl_method_type(const char* str);
/**
* Return codes for SSL authentication checks
*/
#define SSL_AUTH_CHECKS_OK 0
#define SSL_ERROR_CLIENT_NOT_SSL 1
#define SSL_ERROR_ACCEPT_FAILED 2
extern const MXS_ENUM_VALUE ssl_version_values[];
// The concrete implementation of the SSLProvider class (hides the dependency on routingworker.hh)
class SSLProviderImp;
namespace maxscale
{
// SSL configuration
struct SSLConfig
{
SSLConfig() = default;
SSLConfig(const MXS_CONFIG_PARAMETER& params);
// CA must always be defined for non-empty configurations
bool empty() const
{
return ca.empty();
}
std::string key; /**< SSL private key */
std::string cert; /**< SSL certificate */
std::string ca; /**< SSL CA certificate */
ssl_method_type_t version = SERVICE_SSL_TLS_MAX; /**< Which TLS version to use */
int verify_depth = 9; /**< SSL certificate verification depth */
bool verify_peer = true; /**< Enable peer certificate verification */
};
/**
* The SSLContext is used to aggregate the SSL configuration and data for a particular object.
*/
class SSLContext
{
public:
SSLContext& operator=(SSLContext&) = delete;
SSLContext(SSLContext&) = delete;
/**
* Create a new SSL configuration
*
* @param params Parameters from which the SSL configuration is created from
*
* @return A new SSL configuration or nullptr on error
*/
static std::unique_ptr<SSLContext> create(const MXS_CONFIG_PARAMETER& params);
/**
* Serialize the SSL configuration into a INI file section
*
* @return SSLContext as a INI file section
*/
std::string serialize() const;
/**
* Opens a new OpenSSL session for this configuration context
*/
SSL* open() const
{
return SSL_new(m_ctx);
}
// SSL configuration
const SSLConfig& config() const
{
return m_cfg;
}
// Convert to JSON representation
json_t* to_json() const;
// Convert to human readable string representation
std::string to_string() const;
~SSLContext();
private:
SSL_CTX* m_ctx = nullptr;
SSL_METHOD* m_method = nullptr; /**< SSLv3 or TLS1.0/1.1/1.2 methods
* see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
SSLConfig m_cfg;
SSLContext(const SSLConfig& cfg);
bool init();
};
// A SSL connection provider (incoming or outgoing). Used by servers and listeners.
class SSLProvider
{
public:
SSLProvider& operator=(SSLProvider&) = delete;
SSLProvider(SSLProvider&) = delete;
SSLProvider(std::unique_ptr<mxs::SSLContext> context);
// Current configuration
const mxs::SSLConfig& config() const;
// The context or nullptr if no context is set
mxs::SSLContext* context() const;
// Set the context, argument must not be null
void set_context(std::unique_ptr<mxs::SSLContext> ssl);
private:
std::unique_ptr<mxs::SSLContext> m_context; /**< SSL context */
mxs::SSLConfig m_config; /**< SSL configuration */
};
}
Reference in New Issue View Git Blame Copy Permalink