MySQL 8.3.0
Source Code Documentation
ssl_init_callback.h
Go to the documentation of this file.
1/* Copyright (c) 2020, 2023, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef SSL_INIT_CALLBACK_INCLUDED
24#define SSL_INIT_CALLBACK_INCLUDED
25
26#include <atomic>
27#include <string>
28
29#include <sql/auth/auth_common.h> /* ssl_artifacts_status */
30
31extern std::atomic_bool g_admin_ssl_configured;
32
33extern std::string mysql_main_channel;
34extern std::string mysql_admin_channel;
36
37/** helper class to deal with optionally empty strings */
39 public:
41 OptionalString(const char *s) : value_(s ? s : ""), empty_(!s) {}
42 ~OptionalString() = default;
43 OptionalString(const OptionalString &) = default;
44
45 const char *c_str() const { return empty_ ? nullptr : value_.c_str(); }
46 OptionalString &assign(const char *s) {
47 value_.assign(s ? s : "");
48 empty_ = !s;
49 return *this;
50 }
51
52 private:
53 std::string value_;
54 bool empty_;
55};
56
57/* Class to encasulate callbacks for init/reinit */
59 public:
62 OptionalString *cipher,
63 OptionalString *ciphersuites,
65 OptionalString *crl_path,
67 long *session_cache_timeout) = 0;
68
69 virtual bool provision_certs() = 0;
70
71 virtual bool warn_self_signed_ca() = 0;
72
73 virtual ~Ssl_init_callback() = default;
74};
75
76/**
77 Class to encasulate callbacks for init/reinit
78 for client server connection port
79*/
81 public:
84 OptionalString *cipher, OptionalString *ciphersuites,
86 OptionalString *crl_path, bool *session_cache_mode,
87 long *session_cache_timeout) override;
88
89 bool provision_certs() override;
90
91 bool warn_self_signed_ca() override;
92
93 ~Ssl_init_callback_server_main() override = default;
94
95 private:
97};
98
99/**
100 Class to encasulate callbacks for init/reinit
101 for admin connection port
102*/
104 public:
107 OptionalString *cipher, OptionalString *ciphersuites,
109 OptionalString *crl_path, bool *session_cache_mode,
110 long *session_cache_timeout) override;
111
112 bool provision_certs() override {
113 /*
114 No automatic provisioning. Always return
115 success to fallback to system variables.
116 */
117 return false;
118 }
119
120 bool warn_self_signed_ca() override;
121
123};
124
127
128/**
129 Helper method to validate values of --tls-version and --admin-tls-version
130*/
131bool validate_tls_version(const char *val);
132
133enum class TLS_version { TLSv12 = 0, TLSv13 };
134/**
135 Helper method to validate values of --ssl-cipher and --admin-ssl-cipher
136*/
137void validate_ciphers(const char *option, const char *val, TLS_version version);
138#endif // !SSL_INIT_CALLBACK_INCLUDED
ssl_artifacts_status
Definition: auth_common.h:894
Kerberos Client Authentication nullptr
Definition: auth_kerberos_client_plugin.cc:250
helper class to deal with optionally empty strings
Definition: ssl_init_callback.h:38
OptionalString & assign(const char *s)
Definition: ssl_init_callback.h:46
~OptionalString()=default
OptionalString(const char *s)
Definition: ssl_init_callback.h:41
std::string value_
Definition: ssl_init_callback.h:53
OptionalString(const OptionalString &)=default
bool empty_
Definition: ssl_init_callback.h:54
OptionalString()
Definition: ssl_init_callback.h:40
const char * c_str() const
Definition: ssl_init_callback.h:45
Class to encasulate callbacks for init/reinit for admin connection port.
Definition: ssl_init_callback.h:103
bool warn_self_signed_ca() override
Definition: ssl_init_callback.cc:495
~Ssl_init_callback_server_admin() override=default
void read_parameters(OptionalString *ca, OptionalString *capath, OptionalString *version, OptionalString *cert, OptionalString *cipher, OptionalString *ciphersuites, OptionalString *key, OptionalString *crl, OptionalString *crl_path, bool *session_cache_mode, long *session_cache_timeout) override
Definition: ssl_init_callback.cc:470
bool provision_certs() override
Definition: ssl_init_callback.h:112
Class to encasulate callbacks for init/reinit for client server connection port.
Definition: ssl_init_callback.h:80
bool provision_certs() override
Definition: ssl_init_callback.cc:451
bool warn_self_signed_ca() override
Definition: ssl_init_callback.cc:463
~Ssl_init_callback_server_main() override=default
void read_parameters(OptionalString *ca, OptionalString *capath, OptionalString *version, OptionalString *cert, OptionalString *cipher, OptionalString *ciphersuites, OptionalString *key, OptionalString *crl, OptionalString *crl_path, bool *session_cache_mode, long *session_cache_timeout) override
Definition: ssl_init_callback.cc:392
ssl_artifacts_status auto_detect_ssl()
Definition: ssl_init_callback.cc:412
Definition: ssl_init_callback.h:58
virtual void read_parameters(OptionalString *ca, OptionalString *capath, OptionalString *version, OptionalString *cert, OptionalString *cipher, OptionalString *ciphersuites, OptionalString *key, OptionalString *crl, OptionalString *crl_path, bool *session_cache_mode, long *session_cache_timeout)=0
virtual bool warn_self_signed_ca()=0
virtual bool provision_certs()=0
virtual ~Ssl_init_callback()=default
required string key
Definition: replication_asynchronous_connection_failover.proto:59
required uint64 version
Definition: replication_group_member_actions.proto:40
std::string mysql_admin_channel
std::string mysql_main_channel
Ssl_init_callback_server_admin server_admin_callback
Definition: ssl_init_callback.cc:501
bool opt_tls_certificates_enforced_validation
SSL context options.
Definition: ssl_init_callback.cc:42
void validate_ciphers(const char *option, const char *val, TLS_version version)
Helper method to validate values of –ssl-cipher and –admin-ssl-cipher.
Definition: ssl_init_callback.cc:93
TLS_version
Definition: ssl_init_callback.h:133
bool validate_tls_version(const char *val)
Helper method to validate values of –tls-version and –admin-tls-version.
Definition: ssl_init_callback.cc:72
std::atomic_bool g_admin_ssl_configured
Ssl_init_callback_server_main server_main_callback
Definition: ssl_init_callback.cc:500