MySQL  8.0.16
Source Code Documentation
sslopt-vars.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SSLOPT_VARS_INCLUDED
24 #define SSLOPT_VARS_INCLUDED
25 
26 /**
27  @file include/sslopt-vars.h
28 */
29 
30 #include <stdio.h>
31 
32 #include "m_string.h"
33 #include "my_inttypes.h"
34 #include "mysql.h"
35 #include "typelib.h"
36 
37 #if defined(HAVE_OPENSSL)
38 
39 #ifdef MYSQL_SERVER
40 #error This header is supposed to be used only in the client
41 #endif
42 
43 #include <stddef.h>
44 #include <stdio.h>
45 #include <sys/types.h>
46 
47 #include "m_string.h"
48 #include "my_inttypes.h"
49 #include "my_macros.h"
50 #include "mysql.h"
51 #include "typelib.h"
52 
53 const char *ssl_mode_names_lib[] = {"DISABLED", "PREFERRED", "REQUIRED",
54  "VERIFY_CA", "VERIFY_IDENTITY", NullS};
55 TYPELIB ssl_mode_typelib = {array_elements(ssl_mode_names_lib) - 1, "",
56  ssl_mode_names_lib, NULL};
57 
58 const char *ssl_fips_mode_names_lib[] =
59 #ifndef HAVE_WOLFSSL
60  {"OFF", "ON", "STRICT",
61 #else
62  {"OFF",
63 #endif
64  NullS};
65 TYPELIB ssl_fips_mode_typelib = {array_elements(ssl_fips_mode_names_lib) - 1,
66  "", ssl_fips_mode_names_lib, NULL};
67 
68 static uint opt_ssl_mode = SSL_MODE_PREFERRED;
69 static char *opt_ssl_ca = 0;
70 static char *opt_ssl_capath = 0;
71 static char *opt_ssl_cert = 0;
72 static char *opt_ssl_cipher = 0;
73 static char *opt_tls_ciphersuites = 0;
74 static char *opt_ssl_key = 0;
75 static char *opt_ssl_crl = 0;
76 static char *opt_ssl_crlpath = 0;
77 static char *opt_tls_version = 0;
79 static bool ssl_mode_set_explicitly = false;
80 
81 static inline int set_client_ssl_options(MYSQL *mysql) {
82  /*
83  Print a warning if explicitly defined combination of --ssl-mode other than
84  VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
85  */
86  if (ssl_mode_set_explicitly && opt_ssl_mode < SSL_MODE_VERIFY_CA &&
88  fprintf(stderr,
89  "WARNING: no verification of server certificate will be done. "
90  "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
91  }
92 
93  /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
94  if (opt_ssl_mode >= SSL_MODE_VERIFY_CA)
97  else
102  mysql_options(mysql, MYSQL_OPT_SSL_MODE, &opt_ssl_mode);
105  return 1;
107 
108  return 0;
109 }
110 
111 #define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
112 #else
113 #define SSL_SET_OPTIONS(mysql) \
114  do { \
115  } while (0)
116 #endif
117 
118 const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";
119 
120 #endif /* SSLOPT_VARS_INCLUDED */
static char * opt_ssl_cipher
Definition: ssl_acceptor_context.cc:47
Some common macros.
Definition: mysql.h:205
static char * opt_ssl_crl
Definition: ssl_acceptor_context.cc:48
static char * opt_ssl_crlpath
Definition: ssl_acceptor_context.cc:48
Some integer typedefs for easier portability.
ulong opt_ssl_fips_mode
Definition: mysqld.cc:1596
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:125
static char * opt_tls_version
Definition: ssl_acceptor_context.cc:49
Sergei Dialog Client Authentication NULL
Definition: dialog.cc:352
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: m_string.h:49
Definition: mysql.h:211
static char * opt_ssl_capath
Definition: ssl_acceptor_context.cc:46
Definition: mysql.h:268
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient...
constexpr size_t array_elements(T(&)[N]) noexcept
Definition: my_macros.h:77
Definition: mysql.h:195
static char * opt_ssl_ca
SSL context options.
Definition: ssl_acceptor_context.cc:46
Definition: mysql.h:275
static char * opt_ssl_cert
Definition: ssl_acceptor_context.cc:46
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:7901
unsigned int uint
Definition: uca-dump.cc:29
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:118
static char * opt_ssl_key
Definition: ssl_acceptor_context.cc:48
fprintf(outf, " %%time sec #call ms/call %%calls weight stack name\)
Definition: typelib.h:34
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:7379
static char * opt_tls_ciphersuites
Definition: ssl_acceptor_context.cc:47
Definition: mysql.h:210
Definition: mysql.h:206
Definition: mysql.h:270
static MYSQL mysql
Definition: mysql.cc:150
Definition: mysql.h:294
unsigned long ulong
Definition: my_inttypes.h:46
Definition: mysql.h:196
bool STDCALL mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)
Definition: client.cc:3154