MySQL 8.0.39
Source Code Documentation
destination_ssl_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2024, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is designed to work with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have either included with
14 the program or referenced in the documentation.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24*/
25
26#ifndef MYSQL_ROUTING_DESTINATION_TLS_CONTEXT_INCLUDED
27#define MYSQL_ROUTING_DESTINATION_TLS_CONTEXT_INCLUDED
28
30
31#include <map>
32#include <mutex>
33#include <string>
34
36#include "ssl_mode.h" // SslVerify
37
38/**
39 * TlsClientContext per destination.
40 */
42 public:
43 /**
44 * set SslVerify.
45 */
46 void verify(SslVerify ssl_verify);
47
48 /**
49 * set CA file.
50 */
51 void ca_file(const std::string &file);
52
53 /**
54 * set CA path.
55 */
56 void ca_path(const std::string &path);
57
58 /**
59 * set CRL file.
60 */
61 void crl_file(const std::string &file);
62
63 /**
64 * set CRL path.
65 */
66 void crl_path(const std::string &path);
67
68 /**
69 * set allowed EC curves.
70 */
71 void curves(const std::string &curves);
72
73 /**
74 * set allowed ciphers.
75 */
76 void ciphers(const std::string &ciphers);
77
78 /**
79 * get a TlsClientContent for a destination.
80 *
81 * If no TlsClientContext exists for the destination, creates a
82 * TlsClientContent based on:
83 *
84 * - verify()
85 * - ca_file()
86 * - ca_path()
87 * - crl_file()
88 * - crl_path()
89 * - curves()
90 * - ciphers()
91 *
92 * If that succeeds, it the resulting TlsClientContext is cached and a pointer
93 * to it is returned.
94 *
95 * If a TlsClientContext for the destination exists, a pointer to it is
96 * returned.
97 *
98 * @param dest_id unique identifier of a destination
99 * @param hostname name of the destination host
100 */
101 TlsClientContext *get(const std::string &dest_id,
102 const std::string &hostname);
103
104 private:
106 std::string ca_file_;
107 std::string ca_path_;
108 std::string crl_file_;
109 std::string crl_path_;
110 std::string curves_;
111 std::string ciphers_;
112
113 std::map<std::string, std::unique_ptr<TlsClientContext>> tls_contexts_;
114
115 std::mutex mtx_;
116};
117
118#endif
TlsClientContext per destination.
Definition: destination_ssl_context.h:41
std::string curves_
Definition: destination_ssl_context.h:110
std::string crl_file_
Definition: destination_ssl_context.h:108
std::map< std::string, std::unique_ptr< TlsClientContext > > tls_contexts_
Definition: destination_ssl_context.h:113
std::mutex mtx_
Definition: destination_ssl_context.h:115
std::string ciphers_
Definition: destination_ssl_context.h:111
std::string ca_file_
Definition: destination_ssl_context.h:106
std::string ca_path_
Definition: destination_ssl_context.h:107
std::string crl_path_
Definition: destination_ssl_context.h:109
Client TLS Context.
Definition: tls_client_context.h:39
static char * path
Definition: mysqldump.cc:137
Definition: os0file.h:86
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:115
void get(PSI_field *, PSI_longlong *) noexcept
Definition: pfs_plugin_column_bigint_v1_all_empty.cc:32
#define ROUTING_EXPORT
Definition: routing_export.h:15
SslVerify
Definition: ssl_mode.h:38