MySQL 9.0.0
Source Code Documentation
ssl_init_callback.cc File Reference
#include <mysql/components/services/log_builtins.h>
#include <mysqld_error.h>
#include <sql/auth/auth_common.h>
#include <sql/mysqld.h>
#include <sql/options_mysqld.h>
#include <sql/sql_initialize.h>
#include <sql/ssl_init_callback.h>
#include <sql/sys_vars.h>
#include <sql/sys_vars_shared.h>
#include <tls_ciphers.h>

Macros

#define PFS_TRAILING_PROPERTIES
 

Functions

std::atomic_bool g_admin_ssl_configured (false)
 
std::string mysql_main_channel ("mysql_main")
 
std::string mysql_admin_channel ("mysql_admin")
 
bool validate_tls_version (const char *val)
 Helper method to validate values of –tls-version and –admin-tls-version. More...
 
static bool check_tls_version (sys_var *, THD *, set_var *var)
 
static bool check_admin_tls_version (sys_var *, THD *, set_var *var)
 
bool admin_tls_configured (sys_var *, THD *, enum_var_type)
 
bool validate_ciphers (const char *option, const char *val, TLS_version version)
 Helper method to validate values of –ssl-cipher and –admin-ssl-cipher. More...
 
static bool check_tls12_ciphers (sys_var *var, THD *, set_var *value)
 
static bool check_tls13_ciphers (sys_var *var, THD *, set_var *value)
 
static bool warn_self_signed_ca_certs (const char *ssl_ca, const char *ssl_capath)
 

Variables

bool opt_tls_certificates_enforced_validation {false}
 SSL context options. More...
 
static const char * opt_ssl_ca = nullptr
 
static const char * opt_ssl_key = nullptr
 
static const char * opt_ssl_cert = nullptr
 
static char * opt_ssl_capath = nullptr
 
static char * opt_ssl_cipher = nullptr
 
static char * opt_tls_ciphersuites = nullptr
 
static char * opt_ssl_crl = nullptr
 
static char * opt_ssl_crlpath = nullptr
 
static char * opt_tls_version = nullptr
 
static bool opt_ssl_session_cache_mode = true
 
static long opt_ssl_session_cache_timeout = 300
 
static PolyLock_mutex lock_ssl_ctx & LOCK_tls_ctx_options
 
static const char * opt_admin_ssl_ca = nullptr
 
static const char * opt_admin_ssl_key = nullptr
 
static const char * opt_admin_ssl_cert = nullptr
 
static const char * opt_admin_ssl_capath = nullptr
 
static const char * opt_admin_ssl_cipher = nullptr
 
static const char * opt_admin_tls_ciphersuites = nullptr
 
static const char * opt_admin_ssl_crl = nullptr
 
static const char * opt_admin_ssl_crlpath = nullptr
 
static const char * opt_admin_tls_version = nullptr
 
bool opt_admin_ssl_configured = false
 The configure time value of whether admin TLS used different config or not. More...
 
static PolyLock_mutex lock_admin_ssl_ctx & LOCK_admin_tls_ctx_options
 
static Sys_var_charptr Sys_ssl_ca ("ssl_ca", "CA file in PEM format (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_ca), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_capath ("ssl_capath", "CA directory (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_capath), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_tls_version ("tls_version", "TLS version, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version), CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls_version))
 
static Sys_var_charptr Sys_ssl_cert ("ssl_cert", "X509 cert in PEM format", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cert), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_cipher ("ssl_cipher", "SSL cipher to use", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers))
 
static Sys_var_charptr Sys_tls_ciphersuites ("tls_ciphersuites", "TLS v1.3 ciphersuite to use", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers))
 
static Sys_var_charptr Sys_ssl_key ("ssl_key", "X509 key in PEM format", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_key), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_crl ("ssl_crl", "CRL file in PEM format (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crl), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_charptr Sys_ssl_crlpath ("ssl_crlpath", "CRL directory (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crlpath), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx)
 
static Sys_var_bool Sys_var_opt_ssl_session_cache_mode ("ssl_session_cache_mode", "Is TLS session cache enabled or not", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_mode), CMD_LINE(OPT_ARG), DEFAULT(true), PFS_TRAILING_PROPERTIES)
 
static Sys_var_long Sys_var_opt_ssl_session_cache_timeout ("ssl_session_cache_timeout", "The timeout to expire sessions in the TLS session cache", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_timeout), CMD_LINE(REQUIRED_ARG), VALID_RANGE(0, 84600), DEFAULT(300), BLOCK_SIZE(1), PFS_TRAILING_PROPERTIES)
 
static Sys_var_charptr Sys_admin_ssl_ca ("admin_ssl_ca", "CA file in PEM format (check OpenSSL docs) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_ca), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CA), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_ssl_capath ("admin_ssl_capath", "CA directory (check OpenSSL docs) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_capath), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CAPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_tls_version ("admin_tls_version", "TLS version for --admin-port, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_admin_tls_version), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_ssl_cert ("admin_ssl_cert", "X509 cert in PEM format for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cert), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CERT), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_ssl_cipher ("admin_ssl_cipher", "SSL cipher to use for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_tls_ciphersuites ("admin_tls_ciphersuites", "TLS v1.3 ciphersuite to use for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_ssl_key ("admin_ssl_key", "X509 key in PEM format for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_key), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_KEY), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_ssl_crl ("admin_ssl_crl", "CRL file in PEM format (check OpenSSL docs) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crl), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CRL), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured))
 
static Sys_var_charptr Sys_admin_ssl_crlpath ("admin_ssl_crlpath", "CRL directory (check OpenSSL docs) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crlpath), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CRLPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured))
 
Ssl_init_callback_server_main server_main_callback
 
Ssl_init_callback_server_admin server_admin_callback
 

Macro Definition Documentation

◆ PFS_TRAILING_PROPERTIES

#define PFS_TRAILING_PROPERTIES
Value:
static const int PARSE_EARLY
Definition: set_var.h:155
static Sys_var_ulong ON_UPDATE(nullptr))
static Sys_var_ulong NOT_IN_BINLOG
Definition: sys_vars.cc:4006
static Sys_var_ulong ON_CHECK(nullptr)
#define NO_MUTEX_GUARD
Definition: sys_vars.h:134

Function Documentation

◆ admin_tls_configured()

bool admin_tls_configured ( sys_var ,
THD ,
enum_var_type   
)

◆ check_admin_tls_version()

static bool check_admin_tls_version ( sys_var ,
THD ,
set_var var 
)
static

◆ check_tls12_ciphers()

static bool check_tls12_ciphers ( sys_var var,
THD ,
set_var value 
)
static

◆ check_tls13_ciphers()

static bool check_tls13_ciphers ( sys_var var,
THD ,
set_var value 
)
static

◆ check_tls_version()

static bool check_tls_version ( sys_var ,
THD ,
set_var var 
)
static

◆ g_admin_ssl_configured()

std::atomic_bool g_admin_ssl_configured ( false  )

◆ mysql_admin_channel()

std::string mysql_admin_channel ( "mysql_admin"  )

◆ mysql_main_channel()

std::string mysql_main_channel ( "mysql_main"  )

◆ validate_ciphers()

bool validate_ciphers ( const char *  option,
const char *  val,
TLS_version  version 
)

Helper method to validate values of –ssl-cipher and –admin-ssl-cipher.

◆ validate_tls_version()

bool validate_tls_version ( const char *  val)

Helper method to validate values of –tls-version and –admin-tls-version.

◆ warn_self_signed_ca_certs()

static bool warn_self_signed_ca_certs ( const char *  ssl_ca,
const char *  ssl_capath 
)
static

Variable Documentation

◆ LOCK_admin_tls_ctx_options

PolyLock_mutex lock_admin_ssl_ctx& LOCK_admin_tls_ctx_options
static

◆ LOCK_tls_ctx_options

PolyLock_mutex lock_ssl_ctx& LOCK_tls_ctx_options
static

◆ opt_admin_ssl_ca

const char* opt_admin_ssl_ca = nullptr
static

◆ opt_admin_ssl_capath

const char* opt_admin_ssl_capath = nullptr
static

◆ opt_admin_ssl_cert

const char* opt_admin_ssl_cert = nullptr
static

◆ opt_admin_ssl_cipher

const char* opt_admin_ssl_cipher = nullptr
static

◆ opt_admin_ssl_configured

bool opt_admin_ssl_configured = false

The configure time value of whether admin TLS used different config or not.

The value for this is determined during system variable update. True means that the ADMIN channel is using its own TLS configuration. False means that the ADMIN channel is reusing the main channel's TLS configuration. To put this value into effect (and update g_admin_ssl_configured) one needs to execute the "ALTER INSTANCE RELOAD TLS" SQL command.

◆ opt_admin_ssl_crl

const char* opt_admin_ssl_crl = nullptr
static

◆ opt_admin_ssl_crlpath

const char* opt_admin_ssl_crlpath = nullptr
static

◆ opt_admin_ssl_key

const char* opt_admin_ssl_key = nullptr
static

◆ opt_admin_tls_ciphersuites

const char* opt_admin_tls_ciphersuites = nullptr
static

◆ opt_admin_tls_version

const char* opt_admin_tls_version = nullptr
static

◆ opt_ssl_ca

const char* opt_ssl_ca = nullptr
static

◆ opt_ssl_capath

char* opt_ssl_capath = nullptr
static

◆ opt_ssl_cert

const char* opt_ssl_cert = nullptr
static

◆ opt_ssl_cipher

char* opt_ssl_cipher = nullptr
static

◆ opt_ssl_crl

char* opt_ssl_crl = nullptr
static

◆ opt_ssl_crlpath

char* opt_ssl_crlpath = nullptr
static

◆ opt_ssl_key

const char* opt_ssl_key = nullptr
static

◆ opt_ssl_session_cache_mode

bool opt_ssl_session_cache_mode = true
static

◆ opt_ssl_session_cache_timeout

long opt_ssl_session_cache_timeout = 300
static

◆ opt_tls_certificates_enforced_validation

bool opt_tls_certificates_enforced_validation {false}

SSL context options.

◆ opt_tls_ciphersuites

char* opt_tls_ciphersuites = nullptr
static

◆ opt_tls_version

char* opt_tls_version = nullptr
static

◆ server_admin_callback

Ssl_init_callback_server_admin server_admin_callback

◆ server_main_callback

Ssl_init_callback_server_main server_main_callback

◆ Sys_admin_ssl_ca

Sys_var_charptr Sys_admin_ssl_ca("admin_ssl_ca", "CA file in PEM format (check OpenSSL docs) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_ca), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CA), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_ca"  ,
"CA file in PEM format (check OpenSSL docs) for " "--admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_ca,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CA ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(nullptr ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_ssl_capath

Sys_var_charptr Sys_admin_ssl_capath("admin_ssl_capath", "CA directory (check OpenSSL docs) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_capath), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CAPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_capath"  ,
"CA directory (check OpenSSL docs) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_capath,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CAPATH ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(nullptr ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_ssl_cert

Sys_var_charptr Sys_admin_ssl_cert("admin_ssl_cert", "X509 cert in PEM format for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cert), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CERT), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_cert"  ,
"X509 cert in PEM format for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_cert,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CERT ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(nullptr ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_ssl_cipher

Sys_var_charptr Sys_admin_ssl_cipher("admin_ssl_cipher", "SSL cipher to use for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_cipher"  ,
"SSL cipher to use for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_cipher,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CIPHER ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls12_ciphers ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_ssl_crl

Sys_var_charptr Sys_admin_ssl_crl("admin_ssl_crl", "CRL file in PEM format (check OpenSSL docs) for " "--admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crl), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CRL), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_crl"  ,
"CRL file in PEM format (check OpenSSL docs) for " "--admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_crl,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CRL ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(nullptr ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_ssl_crlpath

Sys_var_charptr Sys_admin_ssl_crlpath("admin_ssl_crlpath", "CRL directory (check OpenSSL docs) for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_crlpath), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CRLPATH), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_crlpath"  ,
"CRL directory (check OpenSSL docs) for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_crlpath,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_CRLPATH ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(nullptr ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_ssl_key

Sys_var_charptr Sys_admin_ssl_key("admin_ssl_key", "X509 key in PEM format for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_ssl_key), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_KEY), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(nullptr), ON_UPDATE(admin_tls_configured)) ( "admin_ssl_key"  ,
"X509 key in PEM format for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_ssl_key,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_SSL_KEY ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(nullptr ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_tls_ciphersuites

Sys_var_charptr Sys_admin_tls_ciphersuites("admin_tls_ciphersuites", "TLS v1.3 ciphersuite to use for --admin-port", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers), ON_UPDATE(admin_tls_configured)) ( "admin_tls_ciphersuites"  ,
"TLS v1.3 ciphersuite to use for --admin-port ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_tls_ciphersuites,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_TLS_CIPHERSUITES ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls13_ciphers ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_admin_tls_version

Sys_var_charptr Sys_admin_tls_version("admin_tls_version", "TLS version for --admin-port, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_admin_tls_version), CMD_LINE(REQUIRED_ARG, OPT_ADMIN_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_admin_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_admin_tls_version), ON_UPDATE(admin_tls_configured)) ( "admin_tls_version"  ,
"TLS version for --admin-  port,
permitted values are TLSv1.2"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_admin_tls_version,
CMD_LINE(REQUIRED_ARG, OPT_ADMIN_TLS_VERSION ,
IN_FS_CHARSET  ,
"TLSv1.2"  ,
lock_admin_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_admin_tls_version ,
ON_UPDATE(admin_tls_configured  
)
static

◆ Sys_ssl_ca

Sys_var_charptr Sys_ssl_ca("ssl_ca", "CA file in PEM format (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_ca), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_ca"  ,
"CA file in PEM format (check OpenSSL docs)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_ca,
CMD_LINE(REQUIRED_ARG ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_capath

Sys_var_charptr Sys_ssl_capath("ssl_capath", "CA directory (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_capath), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_capath"  ,
"CA directory (check OpenSSL docs)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_capath,
CMD_LINE(REQUIRED_ARG ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_cert

Sys_var_charptr Sys_ssl_cert("ssl_cert", "X509 cert in PEM format", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cert), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_cert"  ,
"X509 cert in PEM format"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_cert,
CMD_LINE(REQUIRED_ARG ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_cipher

Sys_var_charptr Sys_ssl_cipher("ssl_cipher", "SSL cipher to use", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_cipher), CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls12_ciphers)) ( "ssl_cipher"  ,
"SSL cipher to use"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_cipher,
CMD_LINE(REQUIRED_ARG, OPT_SSL_CIPHER ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls12_ciphers  
)
static

◆ Sys_ssl_crl

Sys_var_charptr Sys_ssl_crl("ssl_crl", "CRL file in PEM format (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crl), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_crl"  ,
"CRL file in PEM format (check OpenSSL docs)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_crl,
CMD_LINE(REQUIRED_ARG ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_crlpath

Sys_var_charptr Sys_ssl_crlpath("ssl_crlpath", "CRL directory (check OpenSSL docs)", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_crlpath), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_crlpath"  ,
"CRL directory (check OpenSSL docs)"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_crlpath,
CMD_LINE(REQUIRED_ARG ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_ssl_key

Sys_var_charptr Sys_ssl_key("ssl_key", "X509 key in PEM format", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_key), CMD_LINE(REQUIRED_ARG), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx) ( "ssl_key"  ,
"X509 key in PEM format"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_key,
CMD_LINE(REQUIRED_ARG ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx 
)
static

◆ Sys_tls_ciphersuites

Sys_var_charptr Sys_tls_ciphersuites("tls_ciphersuites", "TLS v1.3 ciphersuite to use", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_ciphersuites), CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES), IN_FS_CHARSET, DEFAULT(nullptr), &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls13_ciphers)) ( "tls_ciphersuites"  ,
"TLS v1.3 ciphersuite to use"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_tls_ciphersuites,
CMD_LINE(REQUIRED_ARG, OPT_TLS_CIPHERSUITES ,
IN_FS_CHARSET  ,
DEFAULT(nullptr ,
lock_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls13_ciphers  
)
static

◆ Sys_tls_version

Sys_var_charptr Sys_tls_version("tls_version", "TLS version, permitted values are TLSv1.2", PERSIST_AS_READONLY GLOBAL_VAR(opt_tls_version), CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION), IN_FS_CHARSET, "TLSv1.2", &lock_ssl_ctx, NOT_IN_BINLOG, ON_CHECK(check_tls_version)) ( "tls_version"  ,
"TLS  version,
permitted values are TLSv1.2"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_tls_version,
CMD_LINE(REQUIRED_ARG, OPT_TLS_VERSION ,
IN_FS_CHARSET  ,
"TLSv1.2"  ,
lock_ssl_ctx,
NOT_IN_BINLOG  ,
ON_CHECK(check_tls_version  
)
static

◆ Sys_var_opt_ssl_session_cache_mode

Sys_var_bool Sys_var_opt_ssl_session_cache_mode("ssl_session_cache_mode", "Is TLS session cache enabled or not", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_mode), CMD_LINE(OPT_ARG), DEFAULT(true), PFS_TRAILING_PROPERTIES) ( "ssl_session_cache_mode"  ,
"Is TLS session cache enabled or not"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_session_cache_mode,
CMD_LINE(OPT_ARG ,
DEFAULT(true)  ,
PFS_TRAILING_PROPERTIES   
)
static

◆ Sys_var_opt_ssl_session_cache_timeout

Sys_var_long Sys_var_opt_ssl_session_cache_timeout("ssl_session_cache_timeout", "The timeout to expire sessions in the TLS session cache", PERSIST_AS_READONLY GLOBAL_VAR(opt_ssl_session_cache_timeout), CMD_LINE(REQUIRED_ARG), VALID_RANGE(0, 84600), DEFAULT(300), BLOCK_SIZE(1), PFS_TRAILING_PROPERTIES) ( "ssl_session_cache_timeout"  ,
"The timeout to expire sessions in the TLS session cache"  ,
PERSIST_AS_READONLY   GLOBAL_VARopt_ssl_session_cache_timeout,
CMD_LINE(REQUIRED_ARG ,
VALID_RANGE(0, 84600)  ,
DEFAULT(300)  ,
BLOCK_SIZE(1)  ,
PFS_TRAILING_PROPERTIES   
)
static