MySQL 8.0.39
Source Code Documentation
ssl_init_callback.cc File Reference
#include <mysql/components/services/log_builtins.h>
#include <mysqld_error.h>
#include <sql/auth/auth_common.h>
#include <sql/mysqld.h>
#include <sql/options_mysqld.h>
#include <sql/sql_initialize.h>
#include <sql/ssl_init_callback.h>
#include <sql/sys_vars.h>
#include <sql/sys_vars_shared.h>
#include <tls_ciphers.h>

Macros

#define PFS_TRAILING_PROPERTIES
 

Functions

std::atomic_bool g_admin_ssl_configured (false)
 
std::string mysql_main_channel ("mysql_main")
 
std::string mysql_admin_channel ("mysql_admin")
 
bool validate_tls_version (const char *val)
 Helper method to validate values of –tls-version and –admin-tls-version. More...
 
static bool check_tls_version (sys_var *, THD *, set_var *var)
 
static bool check_admin_tls_version (sys_var *, THD *, set_var *var)
 
void validate_ciphers (const char *option, const char *val, TLS_version version)
 Helper method to validate values of –ssl-cipher and –admin-ssl-cipher. More...
 
static bool check_tls12_ciphers (sys_var *var, THD *, set_var *value)
 
static bool check_tls13_ciphers (sys_var *var, THD *, set_var *value)
 
static bool warn_self_signed_ca_certs (const char *ssl_ca, const char *ssl_capath)
 

Variables

static const char * opt_ssl_ca = nullptr
 SSL context options. More...
 
static const char * opt_ssl_key = nullptr
 
static const char * opt_ssl_cert = nullptr
 
static char * opt_ssl_capath = nullptr
 
static char * opt_ssl_cipher = nullptr
 
static char * opt_tls_ciphersuites = nullptr
 
static char * opt_ssl_crl = nullptr
 
static char * opt_ssl_crlpath = nullptr
 
static char * opt_tls_version = nullptr
 
static bool opt_ssl_session_cache_mode = true
 
static long opt_ssl_session_cache_timeout = 300
 
static PolyLock_mutex lock_ssl_ctx & LOCK_tls_ctx_options
 
static const char * opt_admin_ssl_ca = nullptr
 
static const char * opt_admin_ssl_key = nullptr
 
static const char * opt_admin_ssl_cert = nullptr
 
static const char * opt_admin_ssl_capath = nullptr
 
static const char * opt_admin_ssl_cipher = nullptr
 
static const char * opt_admin_tls_ciphersuites = nullptr
 
static const char * opt_admin_ssl_crl = nullptr
 
static const char * opt_admin_ssl_crlpath = nullptr
 
static const char * opt_admin_tls_version = nullptr
 
static PolyLock_mutex lock_admin_ssl_ctx & LOCK_admin_tls_ctx_options
 
static Sys_var_charptr Sys_ssl_ca ("ssl_ca", "CA file in PEM format (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_ca), CMD_LINE(REQUIRED_ARG, OPT_SSL_CA), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_capath ("ssl_capath", "CA directory (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_capath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CAPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_tls_version ("tls_version", "TLS version, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version), CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls_version))
 
static Sys_var_charptr Sys_ssl_cert ("ssl_cert", "X509 cert in PEM format (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cert), CMD_LINE(REQUIRED_ARG, OPT_SSL_CERT), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_cipher ("ssl_cipher", "SSL cipher to use (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers))
 
static Sys_var_charptr Sys_tls_ciphersuites ("tls_ciphersuites", "TLS v1.3 ciphersuite to use (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers))
 
static Sys_var_charptr Sys_ssl_key ("ssl_key", "X509 key in PEM format (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_key), CMD_LINE(REQUIRED_ARG, OPT_SSL_KEY), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_crl ("ssl_crl", "CRL file in PEM format (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crl), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRL), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_crlpath ("ssl_crlpath", "CRL directory (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crlpath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRLPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_bool Sys_var_opt_ssl_session_cache_mode ("ssl_session_cache_mode", "Is TLS session cache enabled or not", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_mode), CMD_LINE(OPT_ARG), DEFAULT(true), PFS_TRAILING_PROPERTIES)
 
static Sys_var_long Sys_var_opt_ssl_session_cache_timeout ("ssl_session_cache_timeout", "The timeout to expire sessions in the TLS session cache", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_timeout), CMD_LINE(REQUIRED_ARG, OPT_SSL_SESSION_CACHE_TIMEOUT), VALID_RANGE(0, 84600), DEFAULT(300), BLOCK_SIZE(1), PFS_TRAILING_PROPERTIES)
 
static Sys_var_charptr Sys_admin_ssl_ca ("admin_ssl_ca", "CA file in PEM format (check OpenSSL docs, implies --ssl) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_ca), CMD_LINE(REQUIRED_ARG, OPT_SSL_CA), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx)
 
static Sys_var_charptr Sys_admin_ssl_capath ("admin_ssl_capath", "CA directory (check OpenSSL docs, implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_capath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CAPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx)
 
static Sys_var_charptr Sys_admin_tls_version ("admin_tls_version", "TLS version for --admin-port, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version), CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_admin_tls_version))
 
static Sys_var_charptr Sys_admin_ssl_cert ("admin_ssl_cert", "X509 cert in PEM format (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cert), CMD_LINE(REQUIRED_ARG, OPT_SSL_CERT), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx)
 
static Sys_var_charptr Sys_admin_ssl_cipher ("admin_ssl_cipher", "SSL cipher to use (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers))
 
static Sys_var_charptr Sys_admin_tls_ciphersuites ("admin_tls_ciphersuites", "TLS v1.3 ciphersuite to use (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers))
 
static Sys_var_charptr Sys_admin_ssl_key ("admin_ssl_key", "X509 key in PEM format (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_key), CMD_LINE(REQUIRED_ARG, OPT_SSL_KEY), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx)
 
static Sys_var_charptr Sys_admin_ssl_crl ("admin_ssl_crl", "CRL file in PEM format (check OpenSSL docs, implies --ssl) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crl), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRL), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx)
 
static Sys_var_charptr Sys_admin_ssl_crlpath ("admin_ssl_crlpath", "CRL directory (check OpenSSL docs, implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crlpath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRLPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx)
 
Ssl_init_callback_server_main server_main_callback
 
Ssl_init_callback_server_admin server_admin_callback
 

Macro Definition Documentation

◆ PFS_TRAILING_PROPERTIES

#define PFS_TRAILING_PROPERTIES
Value:
static const int PARSE_EARLY
Definition: set_var.h:153
static Sys_var_ulong ON_UPDATE(nullptr))
static Sys_var_ulong NOT_IN_BINLOG
Definition: sys_vars.cc:4277
static Sys_var_ulong ON_CHECK(nullptr)
#define NO_MUTEX_GUARD
Definition: sys_vars.h:132
#define NULL
Definition: types.h:55

Function Documentation

◆ check_admin_tls_version()

static bool check_admin_tls_version ( sys_var ,
THD ,
set_var var 
)
static

◆ check_tls12_ciphers()

static bool check_tls12_ciphers ( sys_var var,
THD ,
set_var value 
)
static

◆ check_tls13_ciphers()

static bool check_tls13_ciphers ( sys_var var,
THD ,
set_var value 
)
static

◆ check_tls_version()

static bool check_tls_version ( sys_var ,
THD ,
set_var var 
)
static

◆ g_admin_ssl_configured()

std::atomic_bool g_admin_ssl_configured ( false  )

◆ mysql_admin_channel()

std::string mysql_admin_channel ( "mysql_admin"  )

◆ mysql_main_channel()

std::string mysql_main_channel ( "mysql_main"  )

◆ validate_ciphers()

void validate_ciphers ( const char *  option,
const char *  val,
TLS_version  version 
)

Helper method to validate values of –ssl-cipher and –admin-ssl-cipher.

◆ validate_tls_version()

bool validate_tls_version ( const char *  val)

Helper method to validate values of –tls-version and –admin-tls-version.

◆ warn_self_signed_ca_certs()

static bool warn_self_signed_ca_certs ( const char *  ssl_ca,
const char *  ssl_capath 
)
static

Variable Documentation

◆ LOCK_admin_tls_ctx_options

PolyLock_mutex lock_admin_ssl_ctx& LOCK_admin_tls_ctx_options
static

◆ LOCK_tls_ctx_options

PolyLock_mutex lock_ssl_ctx& LOCK_tls_ctx_options
static

◆ opt_admin_ssl_ca

const char* opt_admin_ssl_ca = nullptr
static

◆ opt_admin_ssl_capath

const char* opt_admin_ssl_capath = nullptr
static

◆ opt_admin_ssl_cert

const char* opt_admin_ssl_cert = nullptr
static

◆ opt_admin_ssl_cipher

const char* opt_admin_ssl_cipher = nullptr
static

◆ opt_admin_ssl_crl

const char* opt_admin_ssl_crl = nullptr
static

◆ opt_admin_ssl_crlpath

const char* opt_admin_ssl_crlpath = nullptr
static

◆ opt_admin_ssl_key

const char* opt_admin_ssl_key = nullptr
static

◆ opt_admin_tls_ciphersuites

const char* opt_admin_tls_ciphersuites = nullptr
static

◆ opt_admin_tls_version

const char* opt_admin_tls_version = nullptr
static

◆ opt_ssl_ca

const char* opt_ssl_ca = nullptr
static

SSL context options.

◆ opt_ssl_capath

char* opt_ssl_capath = nullptr
static

◆ opt_ssl_cert

const char* opt_ssl_cert = nullptr
static

◆ opt_ssl_cipher

char* opt_ssl_cipher = nullptr
static

◆ opt_ssl_crl

char* opt_ssl_crl = nullptr
static

◆ opt_ssl_crlpath

char* opt_ssl_crlpath = nullptr
static

◆ opt_ssl_key

const char* opt_ssl_key = nullptr
static

◆ opt_ssl_session_cache_mode

bool opt_ssl_session_cache_mode = true
static

◆ opt_ssl_session_cache_timeout

long opt_ssl_session_cache_timeout = 300
static

◆ opt_tls_ciphersuites

char* opt_tls_ciphersuites = nullptr
static

◆ opt_tls_version

char* opt_tls_version = nullptr
static

◆ server_admin_callback

Ssl_init_callback_server_admin server_admin_callback

◆ server_main_callback

Ssl_init_callback_server_main server_main_callback

◆ Sys_admin_ssl_ca

Sys_var_charptr Sys_admin_ssl_ca("admin_ssl_ca", "CA file in PEM format (check OpenSSL docs, implies --ssl) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_ca), CMD_LINE(REQUIRED_ARG, OPT_SSL_CA), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx) ( "admin_ssl_ca"  ,
"CA file in PEM format (check OpenSSL docs, implies --ssl) for " "--admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_ca,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CA ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx 
)
static

◆ Sys_admin_ssl_capath

Sys_var_charptr Sys_admin_ssl_capath("admin_ssl_capath", "CA directory (check OpenSSL docs, implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_capath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CAPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx) ( "admin_ssl_capath"  ,
"CA directory (check OpenSSL docs, implies --ssl) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_capath,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CAPATH ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx 
)
static

◆ Sys_admin_ssl_cert

Sys_var_charptr Sys_admin_ssl_cert("admin_ssl_cert", "X509 cert in PEM format (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cert), CMD_LINE(REQUIRED_ARG, OPT_SSL_CERT), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx) ( "admin_ssl_cert"  ,
"X509 cert in PEM format (implies --ssl) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_cert,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CERT ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx 
)
static

◆ Sys_admin_ssl_cipher

Sys_var_charptr Sys_admin_ssl_cipher("admin_ssl_cipher", "SSL cipher to use (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers)) ( "admin_ssl_cipher"  ,
"SSL cipher to use (implies --ssl) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_cipher,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls12_ciphers  
)
static

◆ Sys_admin_ssl_crl

Sys_var_charptr Sys_admin_ssl_crl("admin_ssl_crl", "CRL file in PEM format (check OpenSSL docs, implies --ssl) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crl), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRL), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx) ( "admin_ssl_crl"  ,
"CRL file in PEM format (check OpenSSL docs, implies --ssl) for " "--admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_crl,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CRL ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx 
)
static

◆ Sys_admin_ssl_crlpath

Sys_var_charptr Sys_admin_ssl_crlpath("admin_ssl_crlpath", "CRL directory (check OpenSSL docs, implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crlpath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRLPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx) ( "admin_ssl_crlpath"  ,
"CRL directory (check OpenSSL docs, implies --ssl) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_crlpath,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CRLPATH ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx 
)
static

◆ Sys_admin_ssl_key

Sys_var_charptr Sys_admin_ssl_key("admin_ssl_key", "X509 key in PEM format (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_key), CMD_LINE(REQUIRED_ARG, OPT_SSL_KEY), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx) ( "admin_ssl_key"  ,
"X509 key in PEM format (implies --ssl) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_key,
CMD_LINE(REQUIRED_ARG, OPT_SSL_KEY ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx 
)
static

◆ Sys_admin_tls_ciphersuites

Sys_var_charptr Sys_admin_tls_ciphersuites("admin_tls_ciphersuites", "TLS v1.3 ciphersuite to use (implies --ssl) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers)) ( "admin_tls_ciphersuites"  ,
"TLS v1.3 ciphersuite to use (implies --ssl) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_tls_ciphersuites,
CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls13_ciphers  
)
static

◆ Sys_admin_tls_version

Sys_var_charptr Sys_admin_tls_version("admin_tls_version", "TLS version for --admin-port, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version), CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_admin_tls_version)) ( "admin_tls_version"  ,
"TLS version for --admin-  port,
permitted values are TLSv1.2"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_tls_version,
CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION ,
IN_FS_CHARSET  ,
"TLSv1.2"  ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_admin_tls_version  
)
static

◆ Sys_ssl_ca

Sys_var_charptr Sys_ssl_ca("ssl_ca", "CA file in PEM format (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_ca), CMD_LINE(REQUIRED_ARG, OPT_SSL_CA), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_ca"  ,
"CA file in PEM format (check OpenSSL docs, implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_ca,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CA ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_capath

Sys_var_charptr Sys_ssl_capath("ssl_capath", "CA directory (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_capath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CAPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_capath"  ,
"CA directory (check OpenSSL docs, implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_capath,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CAPATH ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_cert

Sys_var_charptr Sys_ssl_cert("ssl_cert", "X509 cert in PEM format (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cert), CMD_LINE(REQUIRED_ARG, OPT_SSL_CERT), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_cert"  ,
"X509 cert in PEM format (implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_cert,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CERT ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_cipher

Sys_var_charptr Sys_ssl_cipher("ssl_cipher", "SSL cipher to use (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers)) ( "ssl_cipher"  ,
"SSL cipher to use (implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_cipher,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls12_ciphers  
)
static

◆ Sys_ssl_crl

Sys_var_charptr Sys_ssl_crl("ssl_crl", "CRL file in PEM format (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crl), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRL), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_crl"  ,
"CRL file in PEM format (check OpenSSL docs, implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_crl,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CRL ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_crlpath

Sys_var_charptr Sys_ssl_crlpath("ssl_crlpath", "CRL directory (check OpenSSL docs, implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crlpath), CMD_LINE(REQUIRED_ARG, OPT_SSL_CRLPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_crlpath"  ,
"CRL directory (check OpenSSL docs, implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_crlpath,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CRLPATH ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_key

Sys_var_charptr Sys_ssl_key("ssl_key", "X509 key in PEM format (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_key), CMD_LINE(REQUIRED_ARG, OPT_SSL_KEY), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_key"  ,
"X509 key in PEM format (implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_key,
CMD_LINE(REQUIRED_ARG, OPT_SSL_KEY ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_tls_ciphersuites

Sys_var_charptr Sys_tls_ciphersuites("tls_ciphersuites", "TLS v1.3 ciphersuite to use (implies --ssl)", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers)) ( "tls_ciphersuites"  ,
"TLS v1.3 ciphersuite to use (implies --ssl)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_tls_ciphersuites,
CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls13_ciphers  
)
static

◆ Sys_tls_version

Sys_var_charptr Sys_tls_version("tls_version", "TLS version, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version), CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls_version)) ( "tls_version"  ,
"TLS  version,
permitted values are TLSv1.2"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_tls_version,
CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION ,
IN_FS_CHARSET  ,
"TLSv1.2"  ,
lock_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls_version  
)
static

◆ Sys_var_opt_ssl_session_cache_mode

Sys_var_bool Sys_var_opt_ssl_session_cache_mode("ssl_session_cache_mode", "Is TLS session cache enabled or not", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_mode), CMD_LINE(OPT_ARG), DEFAULT(true), PFS_TRAILING_PROPERTIES) ( "ssl_session_cache_mode"  ,
"Is TLS session cache enabled or not"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_session_cache_mode,
CMD_LINE(OPT_ARG ,
DEFAULT(true)  ,
PFS_TRAILING_PROPERTIES   
)
static

◆ Sys_var_opt_ssl_session_cache_timeout

Sys_var_long Sys_var_opt_ssl_session_cache_timeout("ssl_session_cache_timeout", "The timeout to expire sessions in the TLS session cache", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_timeout), CMD_LINE(REQUIRED_ARG, OPT_SSL_SESSION_CACHE_TIMEOUT), VALID_RANGE(0, 84600), DEFAULT(300), BLOCK_SIZE(1), PFS_TRAILING_PROPERTIES) ( "ssl_session_cache_timeout"  ,
"The timeout to expire sessions in the TLS session cache"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_session_cache_timeout,
CMD_LINE(REQUIRED_ARG, OPT_SSL_SESSION_CACHE_TIMEOUT ,
VALID_RANGE(0, 84600)  ,
DEFAULT(300)  ,
BLOCK_SIZE(1)  ,
PFS_TRAILING_PROPERTIES   
)
static