 |
MySQL 8.0.43
Source Code Documentation
|
|
MySQL 8.0.43
Source Code Documentation
|
TLS Context for the server side. More...
#include <tls_server_context.h>
Public Member Functions | |
| TlsServerContext (TlsVersion min_version=TlsVersion::TLS_1_2, TlsVersion max_version=TlsVersion::AUTO) | |
| construct a TLS Context for server-side. More... | |
| stdx::expected< void, std::error_code > | load_key_and_cert (const std::string &private_key_file, const std::string &cert_chain_file) |
| load key and cert. More... | |
| stdx::expected< void, std::error_code > | init_tmp_dh (const std::string &dh_params) |
| init temporary DH parameters. More... | |
| stdx::expected< void, std::error_code > | cipher_list (const std::string &ciphers) |
| set cipher-list. More... | |
| stdx::expected< void, std::error_code > | verify (TlsVerify verify, std::bitset< 2 > tls_opts=0) |
| set how cerifiticates should be verified. More... | |
| int | security_level () const |
| get the security level. More... | |
| stdx::expected< void, std::error_code > | session_id_context (const unsigned char *sid_ctx, unsigned int sid_ctx_len) |
| set the session-id context for ssl-context reuse. More... | |
 Public Member Functions inherited from TlsContext | |
| TlsContext (const SSL_METHOD *method) | |
| construct a TlsContext based on the SSL_METHODs provided by openssl. More... | |
| stdx::expected< void, std::error_code > | ssl_ca (const std::string &ca_file, const std::string &ca_path) |
| set CA file and CA directory. More... | |
| stdx::expected< void, std::error_code > | crl (const std::string &crl_file, const std::string &crl_path) |
| set CRL file and CRL directory. More... | |
| SSL_CTX * | get () const |
| get non-owning pointer to SSL_CTX. More... | |
| stdx::expected< void, std::error_code > | version_range (TlsVersion min_version, TlsVersion max_version) |
| set the supported TLS version range. More... | |
| TlsVersion | min_version () const |
| get the min TLS version. More... | |
| stdx::expected< void, std::error_code > | curves_list (const std::string &curves) |
| init elliptic curves for DH ciphers for Perfect Forward Security. More... | |
| std::vector< std::string > | cipher_list () const |
| get current cipher-list. More... | |
| void | info_callback (InfoCallback) |
| set info callback. More... | |
| InfoCallback | info_callback () const |
| get info callback More... | |
| int | security_level () const |
| get security_level. More... | |
| long | session_cache_hits () const |
| get session reuse cache hits number More... | |
Static Public Member Functions | |
| static std::vector< std::string > | default_ciphers () |
| default ciphers. More... | |
| Static Public Member Functions inherited from TlsContext | |
| static constexpr bool | has_set_curves_list () |
| if TLS context allows to change elliptic curves list. More... | |
| static constexpr bool | has_set_cipher_suites () |
| if TLS context allows setting cipher-suites (TLSv1.3 and later). More... | |
Static Public Attributes | |
| static constexpr std::array< const char *, 12 > | unacceptable_cipher_spec |
| unacceptable ciphers. More... | |
Additional Inherited Members | |
| Public Types inherited from TlsContext | |
| using | InfoCallback = void(*)(const SSL *, int, int) |
| Protected Attributes inherited from TlsContext | |
| std::unique_ptr< SSL_CTX, decltype(&SSL_CTX_free)> | ssl_ctx_ |
TLS Context for the server side.
| TlsServerContext::TlsServerContext | ( | TlsVersion | min_version = TlsVersion::TLS_1_2, |
| TlsVersion | max_version = TlsVersion::AUTO |
||
| ) |
construct a TLS Context for server-side.
| stdx::expected< void, std::error_code > TlsServerContext::cipher_list | ( | const std::string & | ciphers | ) |
set cipher-list.
list is filtered for unacceptable_cipher_spec
| ciphers | colon separated list of ciphers |
|
static |
default ciphers.
| stdx::expected< void, std::error_code > TlsServerContext::init_tmp_dh | ( | const std::string & | dh_params | ) |
init temporary DH parameters.
| dh_params | filename of a PEM file with DH parameters |
| stdx::expected< void, std::error_code > TlsServerContext::load_key_and_cert | ( | const std::string & | private_key_file, |
| const std::string & | cert_chain_file | ||
| ) |
load key and cert.
cerifiticate is verified against the key
| private_key_file | filename of a PEM file containing a key |
| cert_chain_file | filename of a PEM file containing a certificate |
| int TlsServerContext::security_level | ( | ) | const |
get the security level.
| sec-level | RSA-min-key-size | +--------—+---------------—+ | 1 | 1024 | | 2 | 2048 | | 3 | 3072 | | 4 | 7680 | | 5 | 15360 |
| stdx::expected< void, std::error_code > TlsServerContext::session_id_context | ( | const unsigned char * | sid_ctx, |
| unsigned int | sid_ctx_len | ||
| ) |
set the session-id context for ssl-context reuse.
unique identifier of the ssl-ctx.
| sid_ctx | opaque string of size sid_ctx_len |
| sid_ctx_len | length of sid_ctx_len |
| stdx::expected< void, std::error_code > TlsServerContext::verify | ( | TlsVerify | verify, |
| std::bitset< 2 > | tls_opts = 0 |
||
| ) |
set how cerifiticates should be verified.
| verify | NONE or PEER |
| tls_opts | extra options for PEER |
| std::illegal_argument | if verify is NONE and tls_opts is != 0 |
|
staticconstexpr |
unacceptable ciphers.
they are filtered out if set through cipher_list()
1.9.2