MySQL 8.1.0
Source Code Documentation
sslopt-longopts.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23/**
24 @file include/sslopt-longopts.h
25*/
26
27#ifndef MYSQL_SERVER
28{"ssl-mode",
29 OPT_SSL_MODE,
30 "SSL connection mode.",
31 nullptr,
32 nullptr,
33 nullptr,
34 GET_STR,
35 REQUIRED_ARG,
36 0,
37 0,
38 0,
39 nullptr,
40 0,
41 nullptr},
42#else
43{"ssl",
44 OPT_SSL_SSL,
45 "If set to ON, this option enforces that SSL is established before client "
46 "attempts to authenticate to the server. To disable client SSL capabilities "
47 "use --ssl=OFF.",
48 &opt_use_ssl,
49 &opt_use_ssl,
50 0,
51 GET_BOOL,
52 OPT_ARG,
53 1,
54 0,
55 0,
56 0,
57 0,
58 0},
59#endif
60 {"ssl-ca",
61 OPT_SSL_CA,
62 "CA file in PEM format.",
63 &opt_ssl_ca,
64 &opt_ssl_ca,
65 nullptr,
66 GET_STR,
67 REQUIRED_ARG,
68 0,
69 0,
70 0,
71 nullptr,
72 0,
73 nullptr},
74 {"ssl-capath",
75 OPT_SSL_CAPATH,
76 "CA directory.",
77 &opt_ssl_capath,
78 &opt_ssl_capath,
79 nullptr,
80 GET_STR,
81 REQUIRED_ARG,
82 0,
83 0,
84 0,
85 nullptr,
86 0,
87 nullptr},
88 {"ssl-cert",
89 OPT_SSL_CERT,
90 "X509 cert in PEM format.",
91 &opt_ssl_cert,
92 &opt_ssl_cert,
93 nullptr,
94 GET_STR,
95 REQUIRED_ARG,
96 0,
97 0,
98 0,
99 nullptr,
100 0,
101 nullptr},
102 {"ssl-cipher",
103 OPT_SSL_CIPHER,
104 "SSL cipher to use.",
105 &opt_ssl_cipher,
106 &opt_ssl_cipher,
107 nullptr,
108 GET_STR,
109 REQUIRED_ARG,
110 0,
111 0,
112 0,
113 nullptr,
114 0,
115 nullptr},
116 {"ssl-key",
117 OPT_SSL_KEY,
118 "X509 key in PEM format.",
119 &opt_ssl_key,
120 &opt_ssl_key,
121 nullptr,
122 GET_STR,
123 REQUIRED_ARG,
124 0,
125 0,
126 0,
127 nullptr,
128 0,
129 nullptr},
130 {"ssl-crl",
131 OPT_SSL_CRL,
132 "Certificate revocation list.",
133 &opt_ssl_crl,
134 &opt_ssl_crl,
135 nullptr,
136 GET_STR,
137 REQUIRED_ARG,
138 0,
139 0,
140 0,
141 nullptr,
142 0,
143 nullptr},
144 {"ssl-crlpath",
145 OPT_SSL_CRLPATH,
146 "Certificate revocation list path.",
147 &opt_ssl_crlpath,
148 &opt_ssl_crlpath,
149 nullptr,
150 GET_STR,
151 REQUIRED_ARG,
152 0,
153 0,
154 0,
155 nullptr,
156 0,
157 nullptr},
158 {"tls-version",
159 OPT_TLS_VERSION,
160 "TLS version to use, "
161#ifdef HAVE_TLSv13
162 "permitted values are: TLSv1.2, TLSv1.3",
163#else
164 "permitted values are: TLSv1.2",
165#endif
166 &opt_tls_version,
167 &opt_tls_version,
168 nullptr,
169 GET_STR,
170 REQUIRED_ARG,
171 0,
172 0,
173 0,
174 nullptr,
175 0,
176 nullptr},
177 {"ssl-fips-mode",
178 OPT_SSL_FIPS_MODE,
179 "SSL FIPS mode (applies only for OpenSSL); "
180 "permitted values are: OFF, ON, STRICT",
181 nullptr,
182 nullptr,
183 nullptr,
184 GET_STR,
185 REQUIRED_ARG,
186 0,
187 0,
188 0,
189 nullptr,
190 0,
191 nullptr},
192 {"tls-ciphersuites",
193 OPT_TLS_CIPHERSUITES,
194 "TLS v1.3 cipher to use.",
195 &opt_tls_ciphersuites,
196 &opt_tls_ciphersuites,
197 nullptr,
198 GET_STR,
199 REQUIRED_ARG,
200 0,
201 0,
202 0,
203 nullptr,
204 0,
205 nullptr},
206 {"ssl-session-data",
207 OPT_SSL_SESSION_DATA,
208 "Session data file to use to enable ssl session reuse",
209 &opt_ssl_session_data,
210 &opt_ssl_session_data,
211 nullptr,
212 GET_STR,
213 REQUIRED_ARG,
214 0,
215 0,
216 0,
217 nullptr,
218 0,
219 nullptr},
220 {"ssl-session-data-continue-on-failed-reuse",
221 OPT_SSL_SESSION_DATA_CONTINUE_ON_FAILED_REUSE,
222 "If set to ON, this option will allow connection to succeed even if "
223 "session data cannot be reused.",
224 &opt_ssl_session_data_continue_on_failed_reuse,
225 &opt_ssl_session_data_continue_on_failed_reuse,
226 nullptr,
227 GET_BOOL,
228 OPT_ARG,
229 0,
230 0,
231 0,
232 nullptr,
233 0,
234 nullptr},
235 {"tls-sni-servername",
236 OPT_TLS_SNI_SERVERNAME,
237 "The SNI server name to pass to server",
238 &opt_tls_sni_servername,
239 &opt_tls_sni_servername,
240 nullptr,
241 GET_STR,
242 REQUIRED_ARG,
243 0,
244 0,
245 0,
246 nullptr,
247 0,
248 nullptr},
OPT_TLS_SNI_SERVERNAME
@ OPT_TLS_SNI_SERVERNAME
Definition: client_priv.h:186
OPT_SSL_CIPHER
@ OPT_SSL_CIPHER
Definition: client_priv.h:77
OPT_SSL_CRL
@ OPT_SSL_CRL
Definition: client_priv.h:158
OPT_SSL_CERT
@ OPT_SSL_CERT
Definition: client_priv.h:74
OPT_SSL_SSL
@ OPT_SSL_SSL
Definition: client_priv.h:72
OPT_TLS_CIPHERSUITES
@ OPT_TLS_CIPHERSUITES
Definition: client_priv.h:173
OPT_TLS_VERSION
@ OPT_TLS_VERSION
Definition: client_priv.h:169
OPT_SSL_SESSION_DATA
@ OPT_SSL_SESSION_DATA
Definition: client_priv.h:182
OPT_SSL_CRLPATH
@ OPT_SSL_CRLPATH
Definition: client_priv.h:159
OPT_SSL_MODE
@ OPT_SSL_MODE
Definition: client_priv.h:170
OPT_SSL_CAPATH
@ OPT_SSL_CAPATH
Definition: client_priv.h:76
OPT_SSL_FIPS_MODE
@ OPT_SSL_FIPS_MODE
Definition: client_priv.h:172
OPT_SSL_KEY
@ OPT_SSL_KEY
Definition: client_priv.h:73
OPT_SSL_CA
@ OPT_SSL_CA
Definition: client_priv.h:75
OPT_SSL_SESSION_DATA_CONTINUE_ON_FAILED_REUSE
@ OPT_SSL_SESSION_DATA_CONTINUE_ON_FAILED_REUSE
Definition: client_priv.h:183
OPT_ARG
@ OPT_ARG
Definition: my_getopt.h:80
REQUIRED_ARG
@ REQUIRED_ARG
Definition: my_getopt.h:80
GET_STR
#define GET_STR
Definition: my_getopt.h:51
GET_BOOL
#define GET_BOOL
Definition: my_getopt.h:44
opt_use_ssl
bool opt_use_ssl
Definition: mysqld.cc:1955
opt_ssl_session_data
static char * opt_ssl_session_data
Definition: sslopt-vars.h:67
opt_ssl_session_data_continue_on_failed_reuse
static bool opt_ssl_session_data_continue_on_failed_reuse
Definition: sslopt-vars.h:68
opt_ssl_cipher
static char * opt_ssl_cipher
Definition: sslopt-vars.h:59
opt_ssl_ca
static char * opt_ssl_ca
Definition: sslopt-vars.h:56
opt_tls_version
static char * opt_tls_version
Definition: sslopt-vars.h:64
opt_ssl_capath
static char * opt_ssl_capath
Definition: sslopt-vars.h:57
opt_ssl_crlpath
static char * opt_ssl_crlpath
Definition: sslopt-vars.h:63
opt_tls_ciphersuites
static char * opt_tls_ciphersuites
Definition: sslopt-vars.h:60
opt_tls_sni_servername
static char * opt_tls_sni_servername
Definition: sslopt-vars.h:69
opt_ssl_cert
static char * opt_ssl_cert
Definition: sslopt-vars.h:58
opt_ssl_crl
static char * opt_ssl_crl
Definition: sslopt-vars.h:62
opt_ssl_key
static char * opt_ssl_key
Definition: sslopt-vars.h:61