MySQL  8.0.18
Source Code Documentation
SslAcceptorContext Class Reference

Class to encapsulate the Server SSL acceptor context. More...

#include <ssl_acceptor_context.h>

Classes

class  AutoLock
 The prefered way to read SSL parameters. More...
 

Public Types

typedef MyRcuLock< SslAcceptorContextSslAcceptorContextLockType
 An RCU lock type for SslAcceptorContext. More...
 

Public Member Functions

 ~SslAcceptorContext ()
 

Static Public Member Functions

static bool singleton_init (bool use_ssl_arg)
 Initialize the single instance of the acceptor. More...
 
static void singleton_deinit ()
 De-initialize the single instance of the acceptor. More...
 
static void singleton_flush (enum enum_ssl_init_error *error, bool force)
 Re-initialize the single instance of the acceptor. More...
 
static int show_ssl_ctx_sess_accept (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_accept_good (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_connect_good (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_accept_renegotiate (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_connect_renegotiate (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_cb_hits (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_hits (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_cache_full (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_misses (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_timeouts (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_number (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_connect (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_sess_get_cache_size (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_get_verify_mode (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_get_verify_depth (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_ctx_get_session_cache_mode (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_server_not_before (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_server_not_after (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_ca (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_capath (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_cert (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_key (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_cipher (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_tls_ciphersuites (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_tls_version (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_crl (THD *, SHOW_VAR *var, char *buff)
 
static int show_ssl_get_ssl_crlpath (THD *, SHOW_VAR *var, char *buff)
 
static bool have_ssl ()
 Check if SSL was initialized. More...
 
static void read_parameters (OptionalString *ca=nullptr, OptionalString *capath=nullptr, OptionalString *version=nullptr, OptionalString *cert=nullptr, OptionalString *cipher=nullptr, OptionalString *ciphersuites=nullptr, OptionalString *key=nullptr, OptionalString *crl=nullptr, OptionalString *crl_path=nullptr)
 A workaround for consumers that need to read the values. More...
 

Protected Member Functions

 SslAcceptorContext (bool use_ssl_arg, bool report_ssl_error=true, enum enum_ssl_init_error *out_error=nullptr)
 A protected constructor since it's only instantiated via the static functions. More...
 
 SslAcceptorContext (const SslAcceptorContext &)=delete
 Disable the copy constructor. More...
 
SslAcceptorContext operator= (const SslAcceptorContext)=delete
 Disable assignment operator. More...
 

Static Protected Member Functions

static ssl_artifacts_status auto_detect_ssl ()
 Try to auto-detect the SSL key material files. More...
 
static int warn_self_signed_ca ()
 Put up a warning in the error log if the CA used is self-signed. More...
 

Protected Attributes

struct st_VioSSLFd * ssl_acceptor_fd
 SSL_CTX barerer. More...
 
SSL * acceptor
 An SSL for ssl_acceptor_fd to allow access to parameters not in SSL_CTX to be available even if the current connection is not encrypted. More...
 
OptionalString current_ca_
 Copies of the current effective values for quick return via the status vars. More...
 
OptionalString current_capath_
 
OptionalString current_version_
 
OptionalString current_cert_
 
OptionalString current_cipher_
 
OptionalString current_ciphersuites_
 
OptionalString current_key_
 
OptionalString current_crl_
 
OptionalString current_crlpath_
 

Static Protected Attributes

static SslAcceptorContextLockTypelock = NULL
 singleton lock More...
 

Detailed Description

Class to encapsulate the Server SSL acceptor context.

Member Typedef Documentation

◆ SslAcceptorContextLockType

Constructor & Destructor Documentation

◆ ~SslAcceptorContext()

SslAcceptorContext::~SslAcceptorContext ( )

◆ SslAcceptorContext() [1/2]

SslAcceptorContext::SslAcceptorContext ( bool  use_ssl_arg,
bool  report_ssl_error = true,
enum enum_ssl_init_error *  out_error = nullptr 
)
protected

A protected constructor since it's only instantiated via the static functions.

Parameters
use_ssl_argdon't bother at all to try and construct an SSL_CTX and just make an empty SslAcceptorContext. Used to pass the –ssl option at startup.
report_ssl_errorreport any SSL errors resulting from trying to initialize the SSL_CTX to the server's error log.
[out]out_erroran optional slot to return the SSL_CTX initialization error location.

◆ SslAcceptorContext() [2/2]

SslAcceptorContext::SslAcceptorContext ( const SslAcceptorContext )
protecteddelete

Disable the copy constructor.

Member Function Documentation

◆ auto_detect_ssl()

ssl_artifacts_status SslAcceptorContext::auto_detect_ssl ( )
staticprotected

Try to auto-detect the SSL key material files.

Called by singleton_init

◆ have_ssl()

bool SslAcceptorContext::have_ssl ( )
static

Check if SSL was initialized.

retval true if the singleton holds a properly initialized SSL_CTX

◆ operator=()

SslAcceptorContext SslAcceptorContext::operator= ( const SslAcceptorContext  )
protecteddelete

Disable assignment operator.

◆ read_parameters()

void SslAcceptorContext::read_parameters ( OptionalString ca = nullptr,
OptionalString capath = nullptr,
OptionalString version = nullptr,
OptionalString cert = nullptr,
OptionalString cipher = nullptr,
OptionalString ciphersuites = nullptr,
OptionalString key = nullptr,
OptionalString crl = nullptr,
OptionalString crl_path = nullptr 
)
static

A workaround for consumers that need to read the values.

This is a temporary workaround for the subsystems that are trying to access the mysql protocol TLS context parameters. TODO: to be removed once these migrate to access the system variables.

To use pass a non-null pointer to an std::string to any of the args to receive a copy of the relevant value that you will then need to dispose of.

Parameters
[out]ca
[out]capath
[out]version
[out]cert
[out]cipher
[out]ciphersuites
[out]key
[out]crl
[out]crl_path

◆ show_ssl_ctx_get_session_cache_mode()

int SslAcceptorContext::show_ssl_ctx_get_session_cache_mode ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_get_verify_depth()

int SslAcceptorContext::show_ssl_ctx_get_verify_depth ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_get_verify_mode()

int SslAcceptorContext::show_ssl_ctx_get_verify_mode ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_accept()

int SslAcceptorContext::show_ssl_ctx_sess_accept ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_accept_good()

int SslAcceptorContext::show_ssl_ctx_sess_accept_good ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_accept_renegotiate()

int SslAcceptorContext::show_ssl_ctx_sess_accept_renegotiate ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_cache_full()

int SslAcceptorContext::show_ssl_ctx_sess_cache_full ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_cb_hits()

int SslAcceptorContext::show_ssl_ctx_sess_cb_hits ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_connect()

int SslAcceptorContext::show_ssl_ctx_sess_connect ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_connect_good()

int SslAcceptorContext::show_ssl_ctx_sess_connect_good ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_connect_renegotiate()

int SslAcceptorContext::show_ssl_ctx_sess_connect_renegotiate ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_get_cache_size()

int SslAcceptorContext::show_ssl_ctx_sess_get_cache_size ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_hits()

int SslAcceptorContext::show_ssl_ctx_sess_hits ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_misses()

int SslAcceptorContext::show_ssl_ctx_sess_misses ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_number()

int SslAcceptorContext::show_ssl_ctx_sess_number ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_ctx_sess_timeouts()

int SslAcceptorContext::show_ssl_ctx_sess_timeouts ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_server_not_after()

int SslAcceptorContext::show_ssl_get_server_not_after ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_server_not_before()

int SslAcceptorContext::show_ssl_get_server_not_before ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_ca()

int SslAcceptorContext::show_ssl_get_ssl_ca ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_capath()

int SslAcceptorContext::show_ssl_get_ssl_capath ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_cert()

int SslAcceptorContext::show_ssl_get_ssl_cert ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_cipher()

int SslAcceptorContext::show_ssl_get_ssl_cipher ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_crl()

int SslAcceptorContext::show_ssl_get_ssl_crl ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_crlpath()

int SslAcceptorContext::show_ssl_get_ssl_crlpath ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_ssl_key()

int SslAcceptorContext::show_ssl_get_ssl_key ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_tls_ciphersuites()

int SslAcceptorContext::show_ssl_get_tls_ciphersuites ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ show_ssl_get_tls_version()

int SslAcceptorContext::show_ssl_get_tls_version ( THD ,
SHOW_VAR var,
char *  buff 
)
static

◆ singleton_deinit()

void SslAcceptorContext::singleton_deinit ( )
static

De-initialize the single instance of the acceptor.

◆ singleton_flush()

void SslAcceptorContext::singleton_flush ( enum enum_ssl_init_error *  error,
bool  force 
)
static

Re-initialize the single instance of the acceptor.

Parameters
[out]error
forceactivate the SSL settings even if this will lead to disabling SSL

◆ singleton_init()

bool SslAcceptorContext::singleton_init ( bool  use_ssl_arg)
static

Initialize the single instance of the acceptor.

Parameters
use_ssl_argPass false if you don't want the actual SSL context created (as in when SSL is initially disabled)
Return values
truefailure to init
falseinitialized ok

◆ warn_self_signed_ca()

int SslAcceptorContext::warn_self_signed_ca ( )
staticprotected

Put up a warning in the error log if the CA used is self-signed.

Called by singleton_init

Member Data Documentation

◆ acceptor

SSL* SslAcceptorContext::acceptor
protected

An SSL for ssl_acceptor_fd to allow access to parameters not in SSL_CTX to be available even if the current connection is not encrypted.

◆ current_ca_

OptionalString SslAcceptorContext::current_ca_
protected

Copies of the current effective values for quick return via the status vars.

◆ current_capath_

OptionalString SslAcceptorContext::current_capath_
protected

◆ current_cert_

OptionalString SslAcceptorContext::current_cert_
protected

◆ current_cipher_

OptionalString SslAcceptorContext::current_cipher_
protected

◆ current_ciphersuites_

OptionalString SslAcceptorContext::current_ciphersuites_
protected

◆ current_crl_

OptionalString SslAcceptorContext::current_crl_
protected

◆ current_crlpath_

OptionalString SslAcceptorContext::current_crlpath_
protected

◆ current_key_

OptionalString SslAcceptorContext::current_key_
protected

◆ current_version_

OptionalString SslAcceptorContext::current_version_
protected

◆ lock

SslAcceptorContext::SslAcceptorContextLockType * SslAcceptorContext::lock = NULL
staticprotected

singleton lock

◆ ssl_acceptor_fd

struct st_VioSSLFd* SslAcceptorContext::ssl_acceptor_fd
protected

SSL_CTX barerer.


The documentation for this class was generated from the following files: