MySQL 8.0.40
Source Code Documentation
xcom_network_provider_native_lib.h
Go to the documentation of this file.
1/* Copyright (c) 2015, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef XCOM_NETWORK_PROVIDER_NATIVE_LIB_H
25#define XCOM_NETWORK_PROVIDER_NATIVE_LIB_H
26
27#include "xcom/result.h"
28#include "xcom/site_def.h"
29
30#ifndef XCOM_WITHOUT_OPENSSL
31#ifdef _WIN32
32/* In OpenSSL before 1.1.0, we need this first. */
33#include <Ws2tcpip.h>
34#include <winsock2.h>
35#endif /* _WIN32 */
36
37#include <openssl/err.h>
38#include <openssl/ssl.h>
39#endif /*! XCOM_WITHOUT_OPENSSL*/
40
41#define SYS_STRERROR_SIZE 512
42
44 public:
45 static result checked_create_socket(int domain, int type, int protocol);
46 static struct addrinfo *does_node_have_v4_address(struct addrinfo *retrieved);
47 static int timed_connect(int fd, struct sockaddr *sock_addr,
48 socklen_t sock_size);
49 static int timed_connect_sec(int fd, struct sockaddr *sock_addr,
50 socklen_t sock_size, int timeout);
51 static int timed_connect_msec(int fd, struct sockaddr *sock_addr,
52 socklen_t sock_size, int timeout);
53 static int allowlist_socket_accept(int fd, site_def const *xcom_config);
56
57 private:
58 static void init_server_addr(struct sockaddr **sock_addr, socklen_t *sock_len,
59 xcom_port port, int family);
60 static result xcom_checked_socket(int domain, int type, int protocol);
63 static void gcs_shutdown_socket(int *sock);
64 static result gcs_close_socket(int *sock);
65};
66
67#ifndef XCOM_WITHOUT_OPENSSL
68
69#ifndef SSL_SUCCESS
70#define SSL_SUCCESS 1
71#define SSL_ERROR 0
72#endif
73
75 public:
76 /*
77 Initialize the SSL.
78
79 server_key_file - Path of file that contains the server's X509 key in PEM
80 format.
81 server_cert_file - Path of file that contains the server's X509 certificate
82 in PEM format. client_key_file - Path of file that contains the client's
83 X509 key in PEM format. client_cert_file - Path of file that contains the
84 client's X509 certificate in PEM format. ca_file - Path of file
85 that contains list of trusted SSL CAs. ca_path - Path of directory
86 that contains trusted SSL CA certificates in PEM format. crl_file -
87 Path of file that contains certificate revocation lists. crl_path -
88 Path of directory that contains certificate revocation list files. cipher -
89 List of permitted ciphers to use for connection encryption. tls_version -
90 Protocols permitted for secure connections.
91
92 Note that only the server_key_file/server_cert_file and the client_key_file/
93 client_cert_file are required and the rest of the pointers can be NULL.
94 If the key is provided along with the certificate, either the key file or
95 the other can be omitted.
96
97 The caller can free the parameters after the call if this is necessary.
98
99 Return 0 if success 1 otherwise.
100 */
101 static int xcom_init_ssl(const char *server_key_file,
102 const char *server_cert_file,
103 const char *client_key_file,
104 const char *client_cert_file, const char *ca_file,
105 const char *ca_path, const char *crl_file,
106 const char *crl_path, const char *cipher,
107 const char *tls_version,
108 const char *tls_ciphersuites);
109
110 /*
111 Cleans Up the SSL Configuration freeing allocated memory.
112 */
113 static void xcom_cleanup_ssl();
114
115 /*
116 Destroy the SSL Configuration freeing allocated memory.
117 */
118 static void xcom_destroy_ssl();
119
120 /*
121 Verify whether the server certificate matches the host to which
122 the connection is attempted.
123 */
124 static int ssl_verify_server_cert(SSL *ssl, const char *server_hostname);
125};
126
127/*
128 Pointers to the SSL Context for the server and client
129 contexts respectively.
130*/
131extern SSL_CTX *server_ctx;
132extern SSL_CTX *client_ctx;
133
134#endif /* !XCOM_WITHOUT_OPENSSL */
135#endif // XCOM_NETWORK_PROVIDER_H
Definition: xcom_network_provider_native_lib.h:43
static result create_server_socket()
Definition: xcom_network_provider_native_lib.cc:126
static result announce_tcp(xcom_port port)
Definition: xcom_network_provider_native_lib.cc:207
static int timed_connect(int fd, struct sockaddr *sock_addr, socklen_t sock_size)
Definition: xcom_network_provider_native_lib.cc:454
static int timed_connect_msec(int fd, struct sockaddr *sock_addr, socklen_t sock_size, int timeout)
Definition: xcom_network_provider_native_lib.cc:342
static struct addrinfo * does_node_have_v4_address(struct addrinfo *retrieved)
Retrieves a node IPv4 address, if it exists.
Definition: xcom_network_provider_native_lib.cc:511
static void gcs_shutdown_socket(int *sock)
Definition: xcom_network_provider_native_lib.cc:312
static int timed_connect_sec(int fd, struct sockaddr *sock_addr, socklen_t sock_size, int timeout)
Definition: xcom_network_provider_native_lib.cc:461
static result gcs_close_socket(int *sock)
Definition: xcom_network_provider_native_lib.cc:318
static result checked_create_socket(int domain, int type, int protocol)
Definition: xcom_network_provider_native_lib.cc:469
static result xcom_checked_socket(int domain, int type, int protocol)
Wrapper function which retries and checks errors from socket.
Definition: xcom_network_provider_native_lib.cc:111
static int allowlist_socket_accept(int fd, site_def const *xcom_config)
Definition: xcom_network_provider_native_lib.cc:286
static result create_server_socket_v4()
Definition: xcom_network_provider_native_lib.cc:177
static result gcs_shut_close_socket(int *sock)
Definition: xcom_network_provider_native_lib.cc:329
static void init_server_addr(struct sockaddr **sock_addr, socklen_t *sock_len, xcom_port port, int family)
Initializes a sockaddr prepared to be used in bind()
Definition: xcom_network_provider_native_lib.cc:77
Definition: xcom_network_provider_native_lib.h:74
static void xcom_cleanup_ssl()
Definition: xcom_network_provider_ssl_native_lib.cc:545
static int ssl_verify_server_cert(SSL *ssl, const char *server_hostname)
Definition: xcom_network_provider_ssl_native_lib.cc:578
static void xcom_destroy_ssl()
Definition: xcom_network_provider_ssl_native_lib.cc:551
static int xcom_init_ssl(const char *server_key_file, const char *server_cert_file, const char *client_key_file, const char *client_cert_file, const char *ca_file, const char *ca_path, const char *crl_file, const char *crl_path, const char *cipher, const char *tls_version, const char *tls_ciphersuites)
Definition: xcom_network_provider_ssl_native_lib.cc:467
static MYSQL * sock
Definition: mysqlcheck.cc:56
constexpr value_type ssl
Definition: classic_protocol_constants.h:49
static bool timeout(bool(*wait_condition)())
Timeout function.
Definition: log0meb.cc:496
required uint64 port
Definition: replication_asynchronous_connection_failover.proto:33
required string type
Definition: replication_group_member_actions.proto:34
struct sockaddr sockaddr
Definition: sock_probe_win32.h:63
Definition: result.h:30
Definition: site_struct.h:43
unsigned short xcom_port
Definition: xcom_common.h:46
SSL_CTX * client_ctx
Definition: xcom_network_provider_ssl_native_lib.cc:163
SSL_CTX * server_ctx
Definition: xcom_network_provider_ssl_native_lib.cc:162