MySQL 9.0.1
Source Code Documentation
destination_ssl_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2024, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is designed to work with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have either included with
14 the program or referenced in the documentation.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24*/
25
26#ifndef MYSQL_ROUTING_DESTINATION_TLS_CONTEXT_INCLUDED
27#define MYSQL_ROUTING_DESTINATION_TLS_CONTEXT_INCLUDED
28
30
31#include <chrono>
32#include <map>
33#include <mutex>
34#include <string>
35
37#include "mysqlrouter/ssl_mode.h" // SslVerify
38
39/**
40 * TlsClientContext per destination.
41 */
43 public:
44 DestinationTlsContext(bool session_cache_mode, size_t ssl_session_cache_size,
45 unsigned int ssl_session_cache_timeout)
46 : session_cache_mode_(session_cache_mode),
47 ssl_session_cache_size_(ssl_session_cache_size),
48 ssl_session_cache_timeout_(ssl_session_cache_timeout) {}
49
50 /**
51 * set SslVerify.
52 */
53 void verify(SslVerify ssl_verify);
54
55 /**
56 * set CA file.
57 */
58 void ca_file(const std::string &file);
59
60 /**
61 * set CA path.
62 */
63 void ca_path(const std::string &path);
64
65 /**
66 * set CRL file.
67 */
68 void crl_file(const std::string &file);
69
70 /**
71 * set CRL path.
72 */
73 void crl_path(const std::string &path);
74
75 /**
76 * set allowed EC curves.
77 */
78 void curves(const std::string &curves);
79
80 /**
81 * set allowed ciphers.
82 */
83 void ciphers(const std::string &ciphers);
84
85 /**
86 * set client-key and its cert.
87 */
88 void client_key_and_cert_file(std::string key, std::string cert);
89
90 /**
91 * get a TlsClientContent for a destination.
92 *
93 * If no TlsClientContext exists for the destination, creates a
94 * TlsClientContent based on:
95 *
96 * - verify()
97 * - ca_file()
98 * - ca_path()
99 * - crl_file()
100 * - crl_path()
101 * - curves()
102 * - ciphers()
103 *
104 * If that succeeds, it the resulting TlsClientContext is cached and a pointer
105 * to it is returned.
106 *
107 * If a TlsClientContext for the destination exists, a pointer to it is
108 * returned.
109 *
110 * @param dest_id unique identifier of a destination
111 * @param hostname name of the destination host
112 */
113 TlsClientContext *get(const std::string &dest_id,
114 const std::string &hostname);
115
116 private:
118 std::string ca_file_;
119 std::string ca_path_;
120 std::string crl_file_;
121 std::string crl_path_;
122 std::string curves_;
123 std::string ciphers_;
124
125 std::string cert_file_;
126 std::string key_file_;
127
128 std::map<std::string, std::unique_ptr<TlsClientContext>> tls_contexts_;
129
130 std::mutex mtx_;
131
132 bool session_cache_mode_{true};
133 size_t ssl_session_cache_size_{};
134 std::chrono::seconds ssl_session_cache_timeout_{std::chrono::seconds(0)};
135};
136
137#endif
TlsClientContext per destination.
Definition: destination_ssl_context.h:42
std::string curves_
Definition: destination_ssl_context.h:122
std::string crl_file_
Definition: destination_ssl_context.h:120
std::map< std::string, std::unique_ptr< TlsClientContext > > tls_contexts_
Definition: destination_ssl_context.h:128
std::mutex mtx_
Definition: destination_ssl_context.h:130
std::string ciphers_
Definition: destination_ssl_context.h:123
std::string ca_file_
Definition: destination_ssl_context.h:118
std::string key_file_
Definition: destination_ssl_context.h:126
std::string ca_path_
Definition: destination_ssl_context.h:119
DestinationTlsContext(bool session_cache_mode, size_t ssl_session_cache_size, unsigned int ssl_session_cache_timeout)
Definition: destination_ssl_context.h:44
std::string crl_path_
Definition: destination_ssl_context.h:121
std::string cert_file_
Definition: destination_ssl_context.h:125
Client TLS Context.
Definition: tls_client_context.h:43
static char * path
Definition: mysqldump.cc:149
Definition: os0file.h:89
static mysql_service_status_t get(THD **thd) noexcept
Definition: mysql_current_thread_reader_all_empty.cc:31
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:115
required string key
Definition: replication_asynchronous_connection_failover.proto:60
#define ROUTING_EXPORT
Definition: routing_export.h:15
SslVerify
Definition: ssl_mode.h:38
double seconds()
Definition: task.cc:310