From 53adab51939ad0f95f809dd7a4fe4584816fd5e7 Mon Sep 17 00:00:00 2001 From: Dmitry Simonenko Date: Wed, 5 Apr 2017 15:46:26 +0300 Subject: [PATCH] odissey: separate tls context init --- core/CMakeLists.txt | 1 + core/od_be.c | 42 +++------------- core/od_pooler.c | 52 +++----------------- core/od_tls.c | 115 ++++++++++++++++++++++++++++++++++++++++++++ core/od_tls.h | 16 ++++++ 5 files changed, 147 insertions(+), 79 deletions(-) create mode 100644 core/od_tls.c create mode 100644 core/od_tls.h diff --git a/core/CMakeLists.txt b/core/CMakeLists.txt index bc80cf21..ed64a047 100644 --- a/core/CMakeLists.txt +++ b/core/CMakeLists.txt @@ -20,6 +20,7 @@ set(od_src od_router_copy.c od_cancel.c od_auth.c + od_tls.c od_periodic.c od_fe.c od_be.c diff --git a/core/od_be.c b/core/od_be.c index 78b8d614..ddc8555d 100644 --- a/core/od_be.c +++ b/core/od_be.c @@ -36,6 +36,7 @@ #include "od_pooler.h" #include "od_cancel.h" #include "od_auth.h" +#include "od_tls.h" #include "od_be.h" int od_beterminate(od_server_t *server) @@ -156,9 +157,6 @@ static int od_beconnect_tls(od_pooler_t *pooler, od_server_t *server, od_schemeserver_t *scheme) { - if (scheme->tls_verify == OD_TDISABLE) - return 0; - od_debug(&pooler->od->log, server->io, "S (tls): init"); /* SSL Request */ @@ -260,9 +258,11 @@ od_beconnect(od_pooler_t *pooler, od_server_t *server) } /* do tls handshake */ - rc = od_beconnect_tls(pooler, server, server_scheme); - if (rc == -1) - return -1; + if (server_scheme->tls_verify != OD_TDISABLE) { + rc = od_beconnect_tls(pooler, server, server_scheme); + if (rc == -1) + return -1; + } od_log(&pooler->od->log, server->io, "S: new connection"); @@ -368,39 +368,11 @@ od_bepop(od_pooler_t *pooler, od_route_t *route, od_client_t *client) od_schemeserver_t *server_scheme; server_scheme = route->scheme->server; if (server_scheme->tls_verify != OD_TDISABLE) { - server->tls = machine_create_tls(pooler->env); + server->tls = od_tls_server(pooler, server_scheme); if (server->tls == NULL) { od_serverfree(server); return NULL; } - if (server_scheme->tls_verify == OD_TALLOW) - machine_tls_set_verify(server->tls, "none"); - else - if (server_scheme->tls_verify == OD_TREQUIRE) - machine_tls_set_verify(server->tls, "peer"); - else - machine_tls_set_verify(server->tls, "peer_strict"); - if (server_scheme->tls_ca_file) { - rc = machine_tls_set_ca_file(server->tls, server_scheme->tls_ca_file); - if (rc == -1) { - od_serverfree(server); - return NULL; - } - } - if (server_scheme->tls_cert_file) { - rc = machine_tls_set_cert_file(server->tls, server_scheme->tls_cert_file); - if (rc == -1) { - od_serverfree(server); - return NULL; - } - } - if (server_scheme->tls_key_file) { - rc = machine_tls_set_key_file(server->tls, server_scheme->tls_key_file); - if (rc == -1) { - od_serverfree(server); - return NULL; - } - } } server->pooler = pooler; diff --git a/core/od_pooler.c b/core/od_pooler.c index aad7e229..dc13845f 100644 --- a/core/od_pooler.c +++ b/core/od_pooler.c @@ -33,50 +33,10 @@ #include "od_route_pool.h" #include "od.h" #include "od_pooler.h" +#include "od_tls.h" #include "od_periodic.h" #include "od_router.h" -static int -od_pooler_tls_init(od_pooler_t *pooler) -{ - od_scheme_t *scheme = &pooler->od->scheme; - int rc; - pooler->tls = NULL; - if (scheme->tls_verify == OD_TDISABLE) - return 0; - pooler->tls = machine_create_tls(pooler->env); - if (pooler->tls == NULL) - return -1; - if (scheme->tls_verify == OD_TALLOW) - machine_tls_set_verify(pooler->tls, "none"); - else - if (scheme->tls_verify == OD_TREQUIRE) - machine_tls_set_verify(pooler->tls, "peer"); - else - machine_tls_set_verify(pooler->tls, "peer_strict"); - - if (scheme->tls_ca_file) { - rc = machine_tls_set_ca_file(pooler->tls, scheme->tls_ca_file); - if (rc == -1) - goto error; - } - if (scheme->tls_cert_file) { - rc = machine_tls_set_cert_file(pooler->tls, scheme->tls_cert_file); - if (rc == -1) - goto error; - } - if (scheme->tls_key_file) { - rc = machine_tls_set_key_file(pooler->tls, scheme->tls_key_file); - if (rc == -1) - goto error; - } - return 0; -error: - machine_free_tls(pooler->tls); - pooler->tls = NULL; - return -1; -} - static inline void od_pooler(void *arg) { @@ -85,9 +45,13 @@ od_pooler(void *arg) /* init pooler tls */ int rc; - rc = od_pooler_tls_init(pooler); - if (rc == -1) - return; + pooler->tls = NULL; + od_scheme_t *scheme = &pooler->od->scheme; + if (scheme->tls_verify != OD_TDISABLE) { + pooler->tls = od_tls_client(pooler, scheme); + if (pooler->tls == NULL) + return; + } /* listen '*' */ struct addrinfo *hints_ptr = NULL; diff --git a/core/od_tls.c b/core/od_tls.c new file mode 100644 index 00000000..0ff80bf1 --- /dev/null +++ b/core/od_tls.c @@ -0,0 +1,115 @@ + +/* + * odissey. + * + * PostgreSQL connection pooler and request router. +*/ + +#include +#include +#include +#include +#include + +#include +#include + +#include "od_macro.h" +#include "od_list.h" +#include "od_pid.h" +#include "od_syslog.h" +#include "od_log.h" +#include "od_scheme.h" +#include "od_lex.h" +#include "od_config.h" +#include "od_stat.h" +#include "od_server.h" +#include "od_server_pool.h" +#include "od_client.h" +#include "od_client_list.h" +#include "od_client_pool.h" +#include "od_route_id.h" +#include "od_route.h" +#include "od_route_pool.h" +#include "od.h" +#include "od_io.h" +#include "od_pooler.h" +#include "od_tls.h" + +machine_tls_t +od_tls_client(od_pooler_t *pooler, od_scheme_t *scheme) +{ + int rc; + machine_tls_t tls; + tls = machine_create_tls(pooler->env); + if (tls == NULL) + return NULL; + if (scheme->tls_verify == OD_TALLOW) + machine_tls_set_verify(tls, "none"); + else + if (scheme->tls_verify == OD_TREQUIRE) + machine_tls_set_verify(tls, "peer"); + else + machine_tls_set_verify(tls, "peer_strict"); + if (scheme->tls_ca_file) { + rc = machine_tls_set_ca_file(tls, scheme->tls_ca_file); + if (rc == -1) { + machine_free_tls(tls); + return NULL; + } + } + if (scheme->tls_cert_file) { + rc = machine_tls_set_cert_file(tls, scheme->tls_cert_file); + if (rc == -1) { + machine_free_tls(tls); + return NULL; + } + } + if (scheme->tls_key_file) { + rc = machine_tls_set_key_file(tls, scheme->tls_key_file); + if (rc == -1) { + machine_free_tls(tls); + return NULL; + } + } + return tls; +} + +machine_tls_t +od_tls_server(od_pooler_t *pooler, od_schemeserver_t *scheme) +{ + int rc; + machine_tls_t tls; + tls = machine_create_tls(pooler->env); + if (tls == NULL) + return NULL; + if (scheme->tls_verify == OD_TALLOW) + machine_tls_set_verify(tls, "none"); + else + if (scheme->tls_verify == OD_TREQUIRE) + machine_tls_set_verify(tls, "peer"); + else + machine_tls_set_verify(tls, "peer_strict"); + if (scheme->tls_ca_file) { + rc = machine_tls_set_ca_file(tls, scheme->tls_ca_file); + if (rc == -1) { + machine_free_tls(tls); + return NULL; + } + } + if (scheme->tls_cert_file) { + rc = machine_tls_set_cert_file(tls, scheme->tls_cert_file); + if (rc == -1) { + machine_free_tls(tls); + return NULL; + } + } + if (scheme->tls_key_file) { + rc = machine_tls_set_key_file(tls, scheme->tls_key_file); + if (rc == -1) { + machine_free_tls(tls); + return NULL; + } + } + return tls; +} diff --git a/core/od_tls.h b/core/od_tls.h new file mode 100644 index 00000000..7c308a1b --- /dev/null +++ b/core/od_tls.h @@ -0,0 +1,16 @@ +#ifndef OD_TLS_H_ +#define OD_TLS_H_ + +/* + * odissey. + * + * PostgreSQL connection pooler and request router. +*/ + +machine_tls_t +od_tls_client(od_pooler_t*, od_scheme_t*); + +machine_tls_t +od_tls_server(od_pooler_t*, od_schemeserver_t*); + +#endif