MySQL 8.4.2
Source Code Documentation
tls_client_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2024, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is designed to work with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have either included with
14 the program or referenced in the documentation.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24*/
25
26#ifndef MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
27#define MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
28
30
31#include <chrono>
32#include <list>
33#include <mutex>
34#include <system_error>
35#include <vector>
36
39
40/**
41 * Client TLS Context.
42 */
44 public:
46 void operator()(SSL_SESSION *sess) { SSL_SESSION_free(sess); }
47 };
48 using SslSession = std::unique_ptr<SSL_SESSION, SslSessionDeleter>;
49
52 size_t session_cache_size = 0,
54
60
61 /**
62 * set cipher-list.
63 *
64 * for TLSv1.2-and-earlier ciphers.
65 *
66 * @param ciphers colon separated list of ciphers
67 *
68 * @note list is not filtered for unacceptable ciphers
69 *
70 * @see openssl ciphers
71 * @see cipher_suites()
72 */
73 stdx::expected<void, std::error_code> cipher_list(const std::string &ciphers);
74
75 /**
76 * set cipher-suites of TLSv1.3.
77 *
78 * openssl 1.1.1 added support for TLSv1.3 and move setting those ciphers
79 * to SSL_CTX_set_ciphersuites().
80 *
81 * @param ciphers colon separated list of ciphers. empty == empty, "DEFAULT"
82 * is the default-set
83 *
84 * @note list is not filtered for unacceptable ciphers
85 * @see openssl ciphers
86 * @see has_set_cipher_suites()
87 */
89 const std::string &ciphers);
90
91 /**
92 * verification of certificates.
93 */
95
96 /**
97 * verify hostname.
98 *
99 * @param server_host hostname or ip-address to match in the certificate.
100 */
102 const std::string &server_host);
103
104 /**
105 * add session.
106 */
107 stdx::expected<void, std::error_code> add_session(SSL_SESSION *sess);
108 /**
109 * remove session.
110 */
111 stdx::expected<void, std::error_code> remove_session(SSL_SESSION *sess);
112 /**
113 * get session.
114 */
116
117 private:
118 struct Sessions {
119 using SessionId = std::vector<uint8_t>;
120 using SessionData = std::pair<SessionId, SslSession>;
121
122 std::list<SessionData> sessions_;
123 std::mutex mtx_;
124 };
125 std::unique_ptr<Sessions> sessions_;
126
130};
131
132#endif
Client TLS Context.
Definition: tls_client_context.h:43
std::unique_ptr< Sessions > sessions_
Definition: tls_client_context.h:125
std::unique_ptr< SSL_SESSION, SslSessionDeleter > SslSession
Definition: tls_client_context.h:48
TlsClientContext & operator=(TlsClientContext &&)=default
TlsClientContext(TlsClientContext &&)=default
std::chrono::seconds session_cache_timeout_
Definition: tls_client_context.h:129
bool session_cache_mode_
Definition: tls_client_context.h:127
TlsClientContext(const TlsClientContext &)=delete
TlsClientContext & operator=(const TlsClientContext &)=delete
size_t session_cache_size_
Definition: tls_client_context.h:128
wraps SSL_CTX.
Definition: tls_context.h:85
std::vector< std::string > cipher_list() const
get current cipher-list.
Definition: tls_context.cc:392
Definition: expected.h:284
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:115
mode
Definition: file_handle.h:61
Definition: tls_client_context.h:118
std::list< SessionData > sessions_
Definition: tls_client_context.h:122
std::pair< SessionId, SslSession > SessionData
Definition: tls_client_context.h:120
std::mutex mtx_
Definition: tls_client_context.h:123
std::vector< uint8_t > SessionId
Definition: tls_client_context.h:119
Definition: tls_client_context.h:45
void operator()(SSL_SESSION *sess)
Definition: tls_client_context.h:46
double seconds()
Definition: task.cc:310
TlsVerify
Verification of Cerifiticates.
Definition: tls_context.h:62
#define HARNESS_TLS_EXPORT
Definition: tls_export.h:15