MySQL 8.3.0
Source Code Documentation
destination_ssl_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2023, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23*/
24
25#ifndef MYSQL_ROUTING_DESTINATION_TLS_CONTEXT_INCLUDED
26#define MYSQL_ROUTING_DESTINATION_TLS_CONTEXT_INCLUDED
27
29
30#include <chrono>
31#include <map>
32#include <mutex>
33#include <string>
34
36#include "ssl_mode.h" // SslVerify
37
38/**
39 * TlsClientContext per destination.
40 */
42 public:
43 DestinationTlsContext(bool session_cache_mode, size_t ssl_session_cache_size,
44 unsigned int ssl_session_cache_timeout)
45 : session_cache_mode_(session_cache_mode),
46 ssl_session_cache_size_(ssl_session_cache_size),
47 ssl_session_cache_timeout_(ssl_session_cache_timeout) {}
48
49 /**
50 * set SslVerify.
51 */
52 void verify(SslVerify ssl_verify);
53
54 /**
55 * set CA file.
56 */
57 void ca_file(const std::string &file);
58
59 /**
60 * set CA path.
61 */
62 void ca_path(const std::string &path);
63
64 /**
65 * set CRL file.
66 */
67 void crl_file(const std::string &file);
68
69 /**
70 * set CRL path.
71 */
72 void crl_path(const std::string &path);
73
74 /**
75 * set allowed EC curves.
76 */
77 void curves(const std::string &curves);
78
79 /**
80 * set allowed ciphers.
81 */
82 void ciphers(const std::string &ciphers);
83
84 /**
85 * set client-key and its cert.
86 */
87 void client_key_and_cert_file(std::string key, std::string cert);
88
89 /**
90 * get a TlsClientContent for a destination.
91 *
92 * If no TlsClientContext exists for the destination, creates a
93 * TlsClientContent based on:
94 *
95 * - verify()
96 * - ca_file()
97 * - ca_path()
98 * - crl_file()
99 * - crl_path()
100 * - curves()
101 * - ciphers()
102 *
103 * If that succeeds, it the resulting TlsClientContext is cached and a pointer
104 * to it is returned.
105 *
106 * If a TlsClientContext for the destination exists, a pointer to it is
107 * returned.
108 *
109 * @param dest_id unique identifier of a destination
110 * @param hostname name of the destination host
111 */
112 TlsClientContext *get(const std::string &dest_id,
113 const std::string &hostname);
114
115 private:
117 std::string ca_file_;
118 std::string ca_path_;
119 std::string crl_file_;
120 std::string crl_path_;
121 std::string curves_;
122 std::string ciphers_;
123
124 std::string cert_file_;
125 std::string key_file_;
126
127 std::map<std::string, std::unique_ptr<TlsClientContext>> tls_contexts_;
128
129 std::mutex mtx_;
130
131 bool session_cache_mode_{true};
132 size_t ssl_session_cache_size_{};
133 std::chrono::seconds ssl_session_cache_timeout_{std::chrono::seconds(0)};
134};
135
136#endif
TlsClientContext per destination.
Definition: destination_ssl_context.h:41
std::string curves_
Definition: destination_ssl_context.h:121
std::string crl_file_
Definition: destination_ssl_context.h:119
std::map< std::string, std::unique_ptr< TlsClientContext > > tls_contexts_
Definition: destination_ssl_context.h:127
std::mutex mtx_
Definition: destination_ssl_context.h:129
std::string ciphers_
Definition: destination_ssl_context.h:122
std::string ca_file_
Definition: destination_ssl_context.h:117
std::string key_file_
Definition: destination_ssl_context.h:125
std::string ca_path_
Definition: destination_ssl_context.h:118
DestinationTlsContext(bool session_cache_mode, size_t ssl_session_cache_size, unsigned int ssl_session_cache_timeout)
Definition: destination_ssl_context.h:43
std::string crl_path_
Definition: destination_ssl_context.h:120
std::string cert_file_
Definition: destination_ssl_context.h:124
Client TLS Context.
Definition: tls_client_context.h:42
static char * path
Definition: mysqldump.cc:148
Definition: os0file.h:88
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:114
void get(PSI_field *, PSI_longlong *) noexcept
Definition: pfs_plugin_column_bigint_v1_all_empty.cc:31
required string key
Definition: replication_asynchronous_connection_failover.proto:59
#define ROUTING_EXPORT
Definition: routing_export.h:15
SslVerify
Definition: ssl_mode.h:37
double seconds()
Definition: task.cc:309