mysql-server/8.0.39/ssl__init__callback_8h_source.html

/* Copyright (c) 2020, 2024, Oracle and/or its affiliates.


   This program is free software; you can redistribute it and/or modify

   it under the terms of the GNU General Public License, version 2.0,

   as published by the Free Software Foundation.


   This program is designed to work with certain software (including

   but not limited to OpenSSL) that is licensed under separate terms,

   as designated in a particular file or component or in included license

   documentation.  The authors of MySQL hereby grant you an additional

   permission to link the program and your derivative works with the

   separately licensed software that they have either included with

   the program or referenced in the documentation.


   This program is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

   GNU General Public License, version 2.0, for more details.


   You should have received a copy of the GNU General Public License

   along with this program; if not, write to the Free Software

   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */


#ifndef SSL_INIT_CALLBACK_INCLUDED

#define SSL_INIT_CALLBACK_INCLUDED


#include <atomic>

#include <string>


#include <sql/auth/auth_common.h> /* ssl_artifacts_status */


extern std::atomic_bool g_admin_ssl_configured;


extern std::string mysql_main_channel;

extern std::string mysql_admin_channel;


/** helper class to deal with optionally empty strings */

class OptionalString {

 public:

  OptionalString() : value_(), empty_(true) {}

  OptionalString(const char *s) : value_(s ? s : ""), empty_(!s) {}

  ~OptionalString() = default;

  OptionalString(const OptionalString &) = default;


  const char *c_str() const { return empty_ ? nullptr : value_.c_str(); }

  OptionalString &assign(const char *s) {

    value_.assign(s ? s : "");

    empty_ = !s;

    return *this;

  }


 private:

  std::string value_;

  bool empty_;

};


/* Class to encasulate callbacks for init/reinit */

class Ssl_init_callback {

 public:

  virtual void read_parameters(OptionalString *ca, OptionalString *capath,

                               OptionalString *version, OptionalString *cert,

                               OptionalString *cipher,

                               OptionalString *ciphersuites,

                               OptionalString *key, OptionalString *crl,

                               OptionalString *crl_path,

                               bool *session_cache_mode,

                               long *session_cache_timeout) = 0;


  virtual bool provision_certs() = 0;


  virtual bool warn_self_signed_ca() = 0;


  virtual ~Ssl_init_callback() = default;

};


/**

  Class to encasulate callbacks for init/reinit

  for client server connection port

*/

class Ssl_init_callback_server_main final : public Ssl_init_callback {

 public:

  void read_parameters(OptionalString *ca, OptionalString *capath,

                       OptionalString *version, OptionalString *cert,

                       OptionalString *cipher, OptionalString *ciphersuites,

                       OptionalString *key, OptionalString *crl,

                       OptionalString *crl_path, bool *session_cache_mode,

                       long *session_cache_timeout) override;


  bool provision_certs() override;


  bool warn_self_signed_ca() override;


  ~Ssl_init_callback_server_main() override = default;


 private:

  ssl_artifacts_status auto_detect_ssl();

};


/**

  Class to encasulate callbacks for init/reinit

  for admin connection port

*/

class Ssl_init_callback_server_admin final : public Ssl_init_callback {

 public:

  void read_parameters(OptionalString *ca, OptionalString *capath,

                       OptionalString *version, OptionalString *cert,

                       OptionalString *cipher, OptionalString *ciphersuites,

                       OptionalString *key, OptionalString *crl,

                       OptionalString *crl_path, bool *session_cache_mode,

                       long *session_cache_timeout) override;


  bool provision_certs() override {

    /*

      No automatic provisioning. Always return

      success to fallback to system variables.

    */

    return false;

  }


  bool warn_self_signed_ca() override;


  ~Ssl_init_callback_server_admin() override = default;

};


extern Ssl_init_callback_server_main server_main_callback;

extern Ssl_init_callback_server_admin server_admin_callback;


/**

  Helper method to validate values of --tls-version and --admin-tls-version

*/

bool validate_tls_version(const char *val);


enum class TLS_version { TLSv12 = 0, TLSv13 };

/**

  Helper method to validate values of --ssl-cipher and --admin-ssl-cipher

*/

void validate_ciphers(const char *option, const char *val, TLS_version version);

#endif  // !SSL_INIT_CALLBACK_INCLUDED

auth_common.h

ssl_artifacts_status
ssl_artifacts_status
Definition: auth_common.h:902

OptionalString
helper class to deal with optionally empty strings
Definition: ssl_init_callback.h:38

OptionalString::assign
OptionalString & assign(const char *s)
Definition: ssl_init_callback.h:46

OptionalString::~OptionalString
~OptionalString()=default

OptionalString::OptionalString
OptionalString(const char *s)
Definition: ssl_init_callback.h:41

OptionalString::value_
std::string value_
Definition: ssl_init_callback.h:53

OptionalString::OptionalString
OptionalString(const OptionalString &)=default

OptionalString::empty_
bool empty_
Definition: ssl_init_callback.h:54

OptionalString::OptionalString
OptionalString()
Definition: ssl_init_callback.h:40

OptionalString::c_str
const char * c_str() const
Definition: ssl_init_callback.h:45

Ssl_init_callback_server_admin
Class to encasulate callbacks for init/reinit for admin connection port.
Definition: ssl_init_callback.h:103

Ssl_init_callback_server_admin::warn_self_signed_ca
bool warn_self_signed_ca() override
Definition: ssl_init_callback.cc:494

Ssl_init_callback_server_admin::~Ssl_init_callback_server_admin
~Ssl_init_callback_server_admin() override=default

Ssl_init_callback_server_admin::read_parameters
void read_parameters(OptionalString *ca, OptionalString *capath, OptionalString *version, OptionalString *cert, OptionalString *cipher, OptionalString *ciphersuites, OptionalString *key, OptionalString *crl, OptionalString *crl_path, bool *session_cache_mode, long *session_cache_timeout) override
Definition: ssl_init_callback.cc:469

Ssl_init_callback_server_admin::provision_certs
bool provision_certs() override
Definition: ssl_init_callback.h:112

Ssl_init_callback_server_main
Class to encasulate callbacks for init/reinit for client server connection port.
Definition: ssl_init_callback.h:80

Ssl_init_callback_server_main::provision_certs
bool provision_certs() override
Definition: ssl_init_callback.cc:450

Ssl_init_callback_server_main::warn_self_signed_ca
bool warn_self_signed_ca() override
Definition: ssl_init_callback.cc:462

Ssl_init_callback_server_main::~Ssl_init_callback_server_main
~Ssl_init_callback_server_main() override=default

Ssl_init_callback_server_main::read_parameters
void read_parameters(OptionalString *ca, OptionalString *capath, OptionalString *version, OptionalString *cert, OptionalString *cipher, OptionalString *ciphersuites, OptionalString *key, OptionalString *crl, OptionalString *crl_path, bool *session_cache_mode, long *session_cache_timeout) override
Definition: ssl_init_callback.cc:391

Ssl_init_callback_server_main::auto_detect_ssl
ssl_artifacts_status auto_detect_ssl()
Definition: ssl_init_callback.cc:411

Ssl_init_callback
Definition: ssl_init_callback.h:58

Ssl_init_callback::read_parameters
virtual void read_parameters(OptionalString *ca, OptionalString *capath, OptionalString *version, OptionalString *cert, OptionalString *cipher, OptionalString *ciphersuites, OptionalString *key, OptionalString *crl, OptionalString *crl_path, bool *session_cache_mode, long *session_cache_timeout)=0

Ssl_init_callback::warn_self_signed_ca
virtual bool warn_self_signed_ca()=0

Ssl_init_callback::provision_certs
virtual bool provision_certs()=0

Ssl_init_callback::~Ssl_init_callback
virtual ~Ssl_init_callback()=default

nullptr
Fido Client Authentication nullptr
Definition: fido_client_plugin.cc:222

key
required string key
Definition: replication_asynchronous_connection_failover.proto:60

version
required uint64 version
Definition: replication_group_member_actions.proto:41

Ssl_acceptor_context_property_type::session_cache_timeout
@ session_cache_timeout

Ssl_acceptor_context_property_type::session_cache_mode
@ session_cache_mode

mysql_admin_channel
std::string mysql_admin_channel

mysql_main_channel
std::string mysql_main_channel

server_admin_callback
Ssl_init_callback_server_admin server_admin_callback
Definition: ssl_init_callback.cc:500

validate_ciphers
void validate_ciphers(const char *option, const char *val, TLS_version version)
Helper method to validate values of –ssl-cipher and –admin-ssl-cipher.
Definition: ssl_init_callback.cc:92

TLS_version
TLS_version
Definition: ssl_init_callback.h:133

TLS_version::TLSv12
@ TLSv12

TLS_version::TLSv13
@ TLSv13

validate_tls_version
bool validate_tls_version(const char *val)
Helper method to validate values of –tls-version and –admin-tls-version.
Definition: ssl_init_callback.cc:71

g_admin_ssl_configured
std::atomic_bool g_admin_ssl_configured

server_main_callback
Ssl_init_callback_server_main server_main_callback
Definition: ssl_init_callback.cc:499