odissey: separate tls context init

2017-04-05 15:46:26 +03:00 · 2017-04-05 15:46:26 +03:00 · 53adab5193
parent 7d73f4a1d0
commit 53adab5193
5 changed files with 147 additions and 79 deletions
--- a/core/CMakeLists.txt
+++ b/core/CMakeLists.txt
@ -20,6 +20,7 @@ set(od_src
    od_router_copy.c
    od_cancel.c
    od_auth.c
+    od_tls.c
    od_periodic.c
    od_fe.c
    od_be.c
--- a/core/od_be.c
+++ b/core/od_be.c
@ -36,6 +36,7 @@
 #include "od_pooler.h"
 #include "od_cancel.h"
 #include "od_auth.h"
+#include "od_tls.h"
 #include "od_be.h"

 int od_beterminate(od_server_t *server)
@ -156,9 +157,6 @@ static int
 od_beconnect_tls(od_pooler_t *pooler, od_server_t *server,
                 od_schemeserver_t *scheme)
 {
-	if (scheme->tls_verify == OD_TDISABLE)
-		return 0;
-
 	od_debug(&pooler->od->log, server->io, "S (tls): init");

 	/* SSL Request */
@ -260,9 +258,11 @@ od_beconnect(od_pooler_t *pooler, od_server_t *server)
 	}

 	/* do tls handshake */
-	rc = od_beconnect_tls(pooler, server, server_scheme);
-	if (rc == -1)
-		return -1;
+	if (server_scheme->tls_verify != OD_TDISABLE) {
+		rc = od_beconnect_tls(pooler, server, server_scheme);
+		if (rc == -1)
+			return -1;
+	}

 	od_log(&pooler->od->log, server->io, "S: new connection");

@ -368,39 +368,11 @@ od_bepop(od_pooler_t *pooler, od_route_t *route, od_client_t *client)
 	od_schemeserver_t *server_scheme;
 	server_scheme = route->scheme->server;
 	if (server_scheme->tls_verify != OD_TDISABLE) {
-		server->tls = machine_create_tls(pooler->env);
+		server->tls = od_tls_server(pooler, server_scheme);
 		if (server->tls == NULL) {
 			od_serverfree(server);
 			return NULL;
 		}
-		if (server_scheme->tls_verify == OD_TALLOW)
-			machine_tls_set_verify(server->tls, "none");
-		else
-		if (server_scheme->tls_verify == OD_TREQUIRE)
-			machine_tls_set_verify(server->tls, "peer");
-		else
-			machine_tls_set_verify(server->tls, "peer_strict");
-		if (server_scheme->tls_ca_file) {
-			rc = machine_tls_set_ca_file(server->tls, server_scheme->tls_ca_file);
-			if (rc == -1) {
-				od_serverfree(server);
-				return NULL;
-			}
-		}
-		if (server_scheme->tls_cert_file) {
-			rc = machine_tls_set_cert_file(server->tls, server_scheme->tls_cert_file);
-			if (rc == -1) {
-				od_serverfree(server);
-				return NULL;
-			}
-		}
-		if (server_scheme->tls_key_file) {
-			rc = machine_tls_set_key_file(server->tls, server_scheme->tls_key_file);
-			if (rc == -1) {
-				od_serverfree(server);
-				return NULL;
-			}
-		}
 	}

 	server->pooler = pooler;
--- a/core/od_pooler.c
+++ b/core/od_pooler.c
@ -33,50 +33,10 @@
 #include "od_route_pool.h"
 #include "od.h"
 #include "od_pooler.h"
+#include "od_tls.h"
 #include "od_periodic.h"
 #include "od_router.h"

-static int
-od_pooler_tls_init(od_pooler_t *pooler)
-{
-	od_scheme_t *scheme = &pooler->od->scheme;
-	int rc;
-	pooler->tls = NULL;
-	if (scheme->tls_verify == OD_TDISABLE)
-		return 0;
-	pooler->tls = machine_create_tls(pooler->env);
-	if (pooler->tls == NULL)
-		return -1;
-	if (scheme->tls_verify == OD_TALLOW)
-		machine_tls_set_verify(pooler->tls, "none");
-	else
-	if (scheme->tls_verify == OD_TREQUIRE)
-		machine_tls_set_verify(pooler->tls, "peer");
-	else
-		machine_tls_set_verify(pooler->tls, "peer_strict");
-
-	if (scheme->tls_ca_file) {
-		rc = machine_tls_set_ca_file(pooler->tls, scheme->tls_ca_file);
-		if (rc == -1)
-			goto error;
-	}
-	if (scheme->tls_cert_file) {
-		rc = machine_tls_set_cert_file(pooler->tls, scheme->tls_cert_file);
-		if (rc == -1)
-			goto error;
-	}
-	if (scheme->tls_key_file) {
-		rc = machine_tls_set_key_file(pooler->tls, scheme->tls_key_file);
-		if (rc == -1)
-			goto error;
-	}
-	return 0;
-error:
-	machine_free_tls(pooler->tls);
-	pooler->tls = NULL;
-	return -1;
-}
-
 static inline void
 od_pooler(void *arg)
 {
@ -85,9 +45,13 @@ od_pooler(void *arg)

 	/* init pooler tls */
 	int rc;
-	rc = od_pooler_tls_init(pooler);
-	if (rc == -1)
-		return;
+	pooler->tls = NULL;
+	od_scheme_t *scheme = &pooler->od->scheme;
+	if (scheme->tls_verify != OD_TDISABLE) {
+		pooler->tls = od_tls_client(pooler, scheme);
+		if (pooler->tls == NULL)
+			return;
+	}

 	/* listen '*' */
 	struct addrinfo *hints_ptr = NULL;
--- a/core/od_tls.c
+++ b/core/od_tls.c
@ -0,0 +1,115 @@
+
+/*
+ * odissey.
+ *
+ * PostgreSQL connection pooler and request router.
+*/
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <machinarium.h>
+#include <soprano.h>
+
+#include "od_macro.h"
+#include "od_list.h"
+#include "od_pid.h"
+#include "od_syslog.h"
+#include "od_log.h"
+#include "od_scheme.h"
+#include "od_lex.h"
+#include "od_config.h"
+#include "od_stat.h"
+#include "od_server.h"
+#include "od_server_pool.h"
+#include "od_client.h"
+#include "od_client_list.h"
+#include "od_client_pool.h"
+#include "od_route_id.h"
+#include "od_route.h"
+#include "od_route_pool.h"
+#include "od.h"
+#include "od_io.h"
+#include "od_pooler.h"
+#include "od_tls.h"
+
+machine_tls_t
+od_tls_client(od_pooler_t *pooler, od_scheme_t *scheme)
+{
+	int rc;
+	machine_tls_t tls;
+	tls = machine_create_tls(pooler->env);
+	if (tls == NULL)
+		return NULL;
+	if (scheme->tls_verify == OD_TALLOW)
+		machine_tls_set_verify(tls, "none");
+	else
+	if (scheme->tls_verify == OD_TREQUIRE)
+		machine_tls_set_verify(tls, "peer");
+	else
+		machine_tls_set_verify(tls, "peer_strict");
+	if (scheme->tls_ca_file) {
+		rc = machine_tls_set_ca_file(tls, scheme->tls_ca_file);
+		if (rc == -1) {
+			machine_free_tls(tls);
+			return NULL;
+		}
+	}
+	if (scheme->tls_cert_file) {
+		rc = machine_tls_set_cert_file(tls, scheme->tls_cert_file);
+		if (rc == -1) {
+			machine_free_tls(tls);
+			return NULL;
+		}
+	}
+	if (scheme->tls_key_file) {
+		rc = machine_tls_set_key_file(tls, scheme->tls_key_file);
+		if (rc == -1) {
+			machine_free_tls(tls);
+			return NULL;
+		}
+	}
+	return tls;
+}
+
+machine_tls_t
+od_tls_server(od_pooler_t *pooler, od_schemeserver_t *scheme)
+{
+	int rc;
+	machine_tls_t tls;
+	tls = machine_create_tls(pooler->env);
+	if (tls == NULL)
+		return NULL;
+	if (scheme->tls_verify == OD_TALLOW)
+		machine_tls_set_verify(tls, "none");
+	else
+	if (scheme->tls_verify == OD_TREQUIRE)
+		machine_tls_set_verify(tls, "peer");
+	else
+		machine_tls_set_verify(tls, "peer_strict");
+	if (scheme->tls_ca_file) {
+		rc = machine_tls_set_ca_file(tls, scheme->tls_ca_file);
+		if (rc == -1) {
+			machine_free_tls(tls);
+			return NULL;
+		}
+	}
+	if (scheme->tls_cert_file) {
+		rc = machine_tls_set_cert_file(tls, scheme->tls_cert_file);
+		if (rc == -1) {
+			machine_free_tls(tls);
+			return NULL;
+		}
+	}
+	if (scheme->tls_key_file) {
+		rc = machine_tls_set_key_file(tls, scheme->tls_key_file);
+		if (rc == -1) {
+			machine_free_tls(tls);
+			return NULL;
+		}
+	}
+	return tls;
+}
--- a/core/od_tls.h
+++ b/core/od_tls.h
@ -0,0 +1,16 @@
+#ifndef OD_TLS_H_
+#define OD_TLS_H_
+
+/*
+ * odissey.
+ *
+ * PostgreSQL connection pooler and request router.
+*/
+
+machine_tls_t
+od_tls_client(od_pooler_t*, od_scheme_t*);
+
+machine_tls_t
+od_tls_server(od_pooler_t*, od_schemeserver_t*);
+
+#endif