MySQL 8.0.39
Source Code Documentation
sslopt-vars.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef SSLOPT_VARS_INCLUDED
25#define SSLOPT_VARS_INCLUDED
26
27/**
28 @file include/sslopt-vars.h
29*/
30
31#include <stddef.h>
32#include <stdio.h>
33#include <sys/types.h>
34#include <functional>
35
36#include "m_string.h"
37#include "my_getopt.h"
38#include "mysql.h"
39#include "template_utils.h"
40#include "typelib.h"
41
42#ifdef MYSQL_SERVER
43#error This header is supposed to be used only in the client
44#endif
45
46const char *ssl_mode_names_lib[] = {"DISABLED", "PREFERRED", "REQUIRED",
47 "VERIFY_CA", "VERIFY_IDENTITY", NullS};
49 ssl_mode_names_lib, nullptr};
50
51const char *ssl_fips_mode_names_lib[] = {"OFF", "ON", "STRICT", NullS};
53 "", ssl_fips_mode_names_lib, nullptr};
54
56static char *opt_ssl_ca = nullptr;
57static char *opt_ssl_capath = nullptr;
58static char *opt_ssl_cert = nullptr;
59static char *opt_ssl_cipher = nullptr;
60static char *opt_tls_ciphersuites = nullptr;
61static char *opt_ssl_key = nullptr;
62static char *opt_ssl_crl = nullptr;
63static char *opt_ssl_crlpath = nullptr;
64static char *opt_tls_version = nullptr;
66static bool ssl_mode_set_explicitly = false;
67static char *opt_ssl_session_data = nullptr;
69
70static inline int set_client_ssl_options(MYSQL *mysql) {
71 /*
72 Print a warning if explicitly defined combination of --ssl-mode other than
73 VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
74 */
77 fprintf(stderr,
78 "WARNING: no verification of server certificate will be done. "
79 "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
80 }
81
82 /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
89 } else {
92 }
97 if (opt_ssl_fips_mode > 0) {
99 if (mysql_errno(mysql) == CR_SSL_FIPS_MODE_ERR) return 1;
100 }
103 FILE *fi = fopen(opt_ssl_session_data, "rb");
104 char buff[4096], *bufptr = &buff[0];
105 size_t read = 0;
106
107 if (!fi) {
108 fprintf(stderr, "Error: Can't open the ssl session data file.\n");
109 return 1;
110 }
111 long file_length = sizeof(buff) - 1;
112 if (0 == fseek(fi, 0, SEEK_END)) {
113 file_length = ftell(fi);
114 if (file_length > 0)
115 file_length = std::min(file_length, 65536L);
116 else
117 file_length = sizeof(buff) - 1;
118 fseek(fi, 0, SEEK_SET);
119 }
120 if (file_length > (long)(sizeof(buff) - 1)) {
121 bufptr = (char *)malloc(file_length + 1);
122 if (bufptr)
123 bufptr[file_length] = 0;
124 else {
125 bufptr = &buff[0];
126 file_length = sizeof(buff) - 1;
127 }
128 }
129 read = fread(bufptr, 1, file_length, fi);
130 if (!read) {
131 fprintf(stderr, "Error: Can't read the ssl session data file.\n");
132 fclose(fi);
133 if (bufptr != &buff[0]) free(bufptr);
134 return 1;
135 }
136 assert(read <= (size_t)file_length);
137 bufptr[read] = 0;
138 fclose(fi);
139
140 int ret = 0;
142 if (bufptr != &buff[0]) free(bufptr);
143 return ret;
144 }
145 return 0;
146}
147
149 MYSQL *mysql, std::function<void(const char *)> report_error) {
153 "--ssl-session-data specified but the session was not reused.");
154 return true;
155 }
156 return false;
157}
158
159#define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
160
161const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";
162
163#endif /* SSLOPT_VARS_INCLUDED */
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:126
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:291
bool read(T *ap, const GV &gv, const char *key)
Definition: sdi_impl.h:341
#define malloc(A)
Definition: lexyy.cc:914
#define free(A)
Definition: lexyy.cc:915
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: m_string.h:53
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient.
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:9086
@ MYSQL_OPT_SSL_CIPHER
Definition: mysql.h:194
@ MYSQL_OPT_SSL_CA
Definition: mysql.h:192
@ MYSQL_OPT_TLS_VERSION
Definition: mysql.h:205
@ MYSQL_OPT_SSL_KEY
Definition: mysql.h:190
@ MYSQL_OPT_SSL_FIPS_MODE
Definition: mysql.h:210
@ MYSQL_OPT_SSL_CRLPATH
Definition: mysql.h:196
@ MYSQL_OPT_SSL_CERT
Definition: mysql.h:191
@ MYSQL_OPT_SSL_SESSION_DATA
Definition: mysql.h:216
@ MYSQL_OPT_SSL_MODE
Definition: mysql.h:206
@ MYSQL_OPT_SSL_CAPATH
Definition: mysql.h:193
@ MYSQL_OPT_SSL_CRL
Definition: mysql.h:195
@ MYSQL_OPT_TLS_CIPHERSUITES
Definition: mysql.h:211
bool STDCALL mysql_get_ssl_session_reused(MYSQL *mysql)
Check if the current ssl session is reused.
Definition: client.cc:3616
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:8455
@ SSL_MODE_PREFERRED
Definition: mysql.h:273
@ SSL_MODE_VERIFY_CA
Definition: mysql.h:275
@ SSL_FIPS_MODE_OFF
Definition: mysql.h:280
const std::string FILE("FILE")
Definition: instrumented_condition_variable.h:32
static char * opt_ssl_session_data
Definition: sslopt-vars.h:67
static int set_client_ssl_options(MYSQL *mysql)
Definition: sslopt-vars.h:70
static bool opt_ssl_session_data_continue_on_failed_reuse
Definition: sslopt-vars.h:68
static char * opt_ssl_cipher
Definition: sslopt-vars.h:59
const char * ssl_mode_names_lib[]
Definition: sslopt-vars.h:46
static char * opt_ssl_ca
Definition: sslopt-vars.h:56
static char * opt_tls_version
Definition: sslopt-vars.h:64
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:161
static char * opt_ssl_capath
Definition: sslopt-vars.h:57
static char * opt_ssl_crlpath
Definition: sslopt-vars.h:63
TYPELIB ssl_fips_mode_typelib
Definition: sslopt-vars.h:52
static char * opt_tls_ciphersuites
Definition: sslopt-vars.h:60
const char * ssl_fips_mode_names_lib[]
Definition: sslopt-vars.h:51
static ulong opt_ssl_fips_mode
Definition: sslopt-vars.h:65
static uint opt_ssl_mode
Definition: sslopt-vars.h:55
static bool ssl_mode_set_explicitly
Definition: sslopt-vars.h:66
static char * opt_ssl_cert
Definition: sslopt-vars.h:58
TYPELIB ssl_mode_typelib
Definition: sslopt-vars.h:48
static char * opt_ssl_crl
Definition: sslopt-vars.h:62
static char * opt_ssl_key
Definition: sslopt-vars.h:61
static bool ssl_client_check_post_connect_ssl_setup(MYSQL *mysql, std::function< void(const char *)> report_error)
Definition: sslopt-vars.h:148
Definition: mysql.h:299
Definition: typelib.h:35
unsigned int uint
Definition: uca9-dump.cc:75
#define array_elements(A)
Definition: validate_password_imp.cc:48