BUG#23336595 MYSQL X PLUGIN - ADD LINK TO DOCUMENTATION ON HOW TO CONFIGURE SSL

Description:
  The requested talks about putting a link to X Plugin which
  describes how to setup SSL.

Solution:
  Added new trace, which reference the MySQL documentation:
    "For more information, please see the Using Secure Connections"
    " with X Plugin section in the MySQL documentation"
  Made additional cleanup in the trace messages.

RB: 13578
Reviewed-by: Grzegorz Szwarc <[email protected]>

Author: lkotula

rapid/plugin/x/ngs/include/ngs_common/connection_vio.h

@@ -139,7 +139,7 @@ class Ssl_context
 {
 public:
   Ssl_context();
-  void setup(const char* tls_version,
+  bool setup(const char* tls_version,
               const char* ssl_key,
               const char* ssl_ca,
               const char* ssl_capath,

rapid/plugin/x/ngs/ngs_common/connection_vio.cc

@@ -291,14 +291,14 @@ Ssl_context::Ssl_context()
 {
 }
 
-void Ssl_context::setup(const char* tls_version,
-                        const char* ssl_key,
-                        const char* ssl_ca,
-                        const char* ssl_capath,
-                        const char* ssl_cert,
-                        const char* ssl_cipher,
-                        const char* ssl_crl,
-                        const char* ssl_crlpath)
+bool Ssl_context::setup(const char *tls_version,
+                        const char *ssl_key,
+                        const char *ssl_ca,
+                        const char *ssl_capath,
+                        const char *ssl_cert,
+                        const char *ssl_cipher,
+                        const char *ssl_crl,
+                        const char *ssl_crlpath)
 {
   enum_ssl_init_error error = SSL_INITERR_NOERROR;
 
@@ -313,10 +313,12 @@ void Ssl_context::setup(const char* tls_version,
   if (NULL == m_ssl_acceptor)
   {
     log_warning("Failed at SSL configuration: \"%s\"", sslGetErrString(error));
-    return;
+    return false;
   }
 
   m_options.reset(new Options_context_ssl(m_ssl_acceptor));
+
+  return true;
 }
 
 

rapid/plugin/x/src/xpl_server.cc

@@ -525,10 +525,22 @@ static xpl::Ssl_config choose_ssl_config(const bool mysqld_have_ssl,
     const xpl::Ssl_config & mysqlx_ssl)
 {
   if (!mysqlx_ssl.is_configured() && mysqld_have_ssl)
+  {
+    my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL,
+        "Using SSL configuration from MySQL Server");
+
     return mysqld_ssl;
+  }
 
   if (mysqlx_ssl.is_configured())
+  {
+    my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL,
+        "Using SSL configuration from Mysqlx Plugin");
     return mysqlx_ssl;
+  }
+
+  my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL,
+      "Neither MySQL Server nor Mysqlx Plugin has valid SSL configuration");
 
   return xpl::Ssl_config();
 }
@@ -581,37 +593,31 @@ bool xpl::Server::on_net_startup()
     instance->start_verify_server_state_timer();
 
     ngs::Ssl_context_unique_ptr ssl_ctx(new ngs::Ssl_context());
-    try
-    {
-      ssl_config = choose_ssl_config(mysqld_have_ssl,
-                                     ssl_config,
-                                     xpl::Plugin_system_variables::ssl_config);
-
-#ifdef HAVE_YASSL
-      // YaSSL doesn't support CRL according to vio
-      const char *crl = NULL;
-      const char *crlpath = NULL;
-#else
-      const char *crl = ssl_config.ssl_crl;
-      const char *crlpath = ssl_config.ssl_crlpath;
-#endif
-      ssl_ctx->setup(tls_version,
-                     ssl_config.ssl_key,
-                     ssl_config.ssl_ca,
-                     ssl_config.ssl_capath,
-                     ssl_config.ssl_cert,
-                     ssl_config.ssl_cipher,
-                     crl, crlpath);
 
-#if !defined(HAVE_YASSL)
-      my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL, "Using OpenSSL for connections");
-#else
-      my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL, "Using YaSSL for connections");
-#endif
+    ssl_config = choose_ssl_config(mysqld_have_ssl,
+                                   ssl_config,
+                                   xpl::Plugin_system_variables::ssl_config);
+
+    // YaSSL doesn't support CRL according to vio
+    const char *crl = IS_YASSL_OR_OPENSSL(NULL, ssl_config.ssl_crl);
+    const char *crlpath = IS_YASSL_OR_OPENSSL(NULL, ssl_config.ssl_crlpath);
+
+    const bool ssl_setup_result = ssl_ctx->setup(tls_version, ssl_config.ssl_key,
+                                                 ssl_config.ssl_ca,
+                                                 ssl_config.ssl_capath,
+                                                 ssl_config.ssl_cert,
+                                                 ssl_config.ssl_cipher,
+                                                 crl, crlpath);
+
+    if (ssl_setup_result)
+    {
+      my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL,
+          "Using " IS_YASSL_OR_OPENSSL("YaSSL", "OpenSSL") " for TLS connections");
     }
-    catch (std::exception &e)
+    else
     {
-      throw ngs::Error_code(ER_X_SERVICE_ERROR, std::string("SSL context setup failed: \"") + e.what() + std::string("\""));
+      my_plugin_log_message(&xpl::plugin_handle, MY_INFORMATION_LEVEL,
+          "For more information, please see the Using Secure Connections with X Plugin section in the MySQL documentation.");
     }
 
     if (instance->server().prepare(boost::move(ssl_ctx), skip_networking, skip_name_resolve, true))

rapid/plugin/x/src/xpl_server.h

@@ -278,4 +278,10 @@ void Server::update_status_variable(xpl::Common_status_variables &status_variabl
 
 } // namespace xpl
 
+#ifdef HAVE_YASSL
+#define IS_YASSL_OR_OPENSSL(Y, O) Y
+#else // HAVE_YASSL
+#define IS_YASSL_OR_OPENSSL(Y, O) O
+#endif // HAVE_YASSL
+
 #endif  // _XPL_SERVER_H_

rapid/plugin/x/src/xpl_system_variables.cc

@@ -76,7 +76,8 @@ void Plugin_system_variables::setup_system_variable_from_env_or_compile_opt(char
 
 
 Ssl_config::Ssl_config()
-: ssl_key(NULL), ssl_ca(NULL), ssl_capath(NULL), ssl_cert(NULL), ssl_cipher(NULL), ssl_crl(NULL), ssl_crlpath(NULL), m_null_char(0)
+: ssl_key(NULL), ssl_ca(NULL), ssl_capath(NULL), ssl_cert(NULL), ssl_cipher(NULL),
+  ssl_crl(NULL), ssl_crlpath(NULL), m_null_char(0)
 {
 }
 
@@ -91,24 +92,6 @@ bool Ssl_config::is_configured() const
          has_value(ssl_crlpath);
 }
 
-/*void Ssl_config::set_not_null_value()
-{
-  if (!has_value(ssl_key))
-    ssl_key = &m_null_char;
-  if (!has_value(ssl_ca))
-    ssl_ca = &m_null_char;
-  if (!has_value(ssl_capath))
-    ssl_capath = &m_null_char;
-  if (!has_value(ssl_cert))
-    ssl_cert = &m_null_char;
-  if (!has_value(ssl_cipher))
-    ssl_cipher = &m_null_char;
-  if (!has_value(ssl_crl))
-    ssl_crl = &m_null_char;
-  if (!has_value(ssl_crlpath))
-    ssl_crlpath = &m_null_char;
-}*/
-
 bool Ssl_config::has_value(const char *ptr) const
 {
   return ptr && *ptr;

rapid/plugin/x/src/xpl_system_variables.h

@@ -39,7 +39,6 @@ struct Ssl_config
   Ssl_config();
 
   bool is_configured() const;
-//  void set_not_null_value();
 
   char *ssl_key;
   char *ssl_ca;