MySQL 8.0.37
Source Code Documentation
tls_client_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2024, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is designed to work with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have either included with
14 the program or referenced in the documentation.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24*/
25
26#ifndef MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
27#define MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
28
29#include "mysql/harness/tls_context.h"
30
31#include <system_error>
32
33#include "mysql/harness/stdx/expected.h"
34#include "mysql/harness/tls_export.h"
35
36/**
37 * Client TLS Context.
38 */
39class HARNESS_TLS_EXPORT TlsClientContext : public TlsContext {
40 public:
41 TlsClientContext(TlsVerify mode = TlsVerify::PEER);
42
43 /**
44 * set cipher-list.
45 *
46 * for TLSv1.2-and-earlier ciphers.
47 *
48 * @param ciphers colon separated list of ciphers
49 *
50 * @note list is not filtered for unacceptable ciphers
51 *
52 * @see openssl ciphers
53 * @see cipher_suites()
54 */
55 stdx::expected<void, std::error_code> cipher_list(const std::string &ciphers);
56
57 /**
58 * set cipher-suites of TLSv1.3.
59 *
60 * openssl 1.1.1 added support for TLSv1.3 and move setting those ciphers
61 * to SSL_CTX_set_ciphersuites().
62 *
63 * @param ciphers colon separated list of ciphers. empty == empty, "DEFAULT"
64 * is the default-set
65 *
66 * @note list is not filtered for unacceptable ciphers
67 * @see openssl ciphers
68 * @see has_set_cipher_suites()
69 */
70 stdx::expected<void, std::error_code> cipher_suites(
71 const std::string &ciphers);
72
73 /**
74 * verification of certificates.
75 */
76 stdx::expected<void, std::error_code> verify(TlsVerify verify);
77
78 /**
79 * verify hostname.
80 *
81 * @param server_host hostname or ip-address to match in the certificate.
82 */
83 stdx::expected<void, std::error_code> verify_hostname(
84 const std::string &server_host);
85};
86
87#endif
TlsClientContext
Client TLS Context.
Definition: tls_client_context.h:39
TlsContext
wraps SSL_CTX.
Definition: tls_context.h:85
TlsContext::cipher_list
std::vector< std::string > cipher_list() const
get current cipher-list.
Definition: tls_context.cc:358
stdx::expected
Definition: expected.h:944
oci::ssl::verify
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:115
stdx::io::mode
mode
Definition: file_handle.h:60
tls_context.h
TlsVerify
TlsVerify
Verification of Cerifiticates.
Definition: tls_context.h:62
TlsVerify::PEER
@ PEER
tls_export.h
HARNESS_TLS_EXPORT
#define HARNESS_TLS_EXPORT
Definition: tls_export.h:15