MySQL  8.0.18
Source Code Documentation
sslopt-vars.h
Go to the documentation of this file.
1 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SSLOPT_VARS_INCLUDED
24 #define SSLOPT_VARS_INCLUDED
25 
26 /**
27  @file include/sslopt-vars.h
28 */
29 
30 #include <stdio.h>
31 
32 #include "m_string.h"
33 #include "my_inttypes.h"
34 #include "mysql.h"
35 #include "typelib.h"
36 
37 #if defined(HAVE_OPENSSL)
38 
39 #ifdef MYSQL_SERVER
40 #error This header is supposed to be used only in the client
41 #endif
42 
43 #include <stddef.h>
44 #include <stdio.h>
45 #include <sys/types.h>
46 
47 #include "m_string.h"
48 #include "my_inttypes.h"
49 #include "my_macros.h"
50 #include "mysql.h"
51 #include "typelib.h"
52 
53 const char *ssl_mode_names_lib[] = {"DISABLED", "PREFERRED", "REQUIRED",
54  "VERIFY_CA", "VERIFY_IDENTITY", NullS};
55 TYPELIB ssl_mode_typelib = {array_elements(ssl_mode_names_lib) - 1, "",
56  ssl_mode_names_lib, NULL};
57 
58 const char *ssl_fips_mode_names_lib[] = {"OFF", "ON", "STRICT", NullS};
59 TYPELIB ssl_fips_mode_typelib = {array_elements(ssl_fips_mode_names_lib) - 1,
60  "", ssl_fips_mode_names_lib, NULL};
61 
62 static uint opt_ssl_mode = SSL_MODE_PREFERRED;
63 static char *opt_ssl_ca = 0;
64 static char *opt_ssl_capath = 0;
65 static char *opt_ssl_cert = 0;
66 static char *opt_ssl_cipher = 0;
67 static char *opt_tls_ciphersuites = 0;
68 static char *opt_ssl_key = 0;
69 static char *opt_ssl_crl = 0;
70 static char *opt_ssl_crlpath = 0;
71 static char *opt_tls_version = 0;
73 static bool ssl_mode_set_explicitly = false;
74 
75 static inline int set_client_ssl_options(MYSQL *mysql) {
76  /*
77  Print a warning if explicitly defined combination of --ssl-mode other than
78  VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
79  */
80  if (ssl_mode_set_explicitly && opt_ssl_mode < SSL_MODE_VERIFY_CA &&
82  fprintf(stderr,
83  "WARNING: no verification of server certificate will be done. "
84  "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
85  }
86 
87  /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
88  if (opt_ssl_mode >= SSL_MODE_VERIFY_CA)
91  else
96  mysql_options(mysql, MYSQL_OPT_SSL_MODE, &opt_ssl_mode);
99  return 1;
101 
102  return 0;
103 }
104 
105 #define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
106 #else
107 #define SSL_SET_OPTIONS(mysql) \
108  do { \
109  } while (0)
110 #endif
111 
112 const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";
113 
114 #endif /* SSLOPT_VARS_INCLUDED */
static char * opt_ssl_cipher
Definition: ssl_acceptor_context.cc:49
Some common macros.
Definition: mysql.h:204
static char * opt_ssl_crl
Definition: ssl_acceptor_context.cc:50
static char * opt_ssl_crlpath
Definition: ssl_acceptor_context.cc:51
Some integer typedefs for easier portability.
ulong opt_ssl_fips_mode
Definition: mysqld.cc:1684
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:125
static char * opt_tls_version
Definition: ssl_acceptor_context.cc:51
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: m_string.h:50
Definition: mysql.h:210
Definition: mysql.h:269
static const char * opt_ssl_key
Definition: ssl_acceptor_context.cc:47
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient...
constexpr size_t array_elements(T(&)[N]) noexcept
Definition: my_macros.h:77
Definition: mysql.h:194
Definition: mysql.h:276
static const char * opt_ssl_cert
Definition: ssl_acceptor_context.cc:48
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:8159
unsigned int uint
Definition: uca-dump.cc:29
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:112
static const char * opt_ssl_ca
SSL context options.
Definition: ssl_acceptor_context.cc:46
Definition: typelib.h:34
static char * opt_ssl_capath
Definition: ssl_acceptor_context.cc:49
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:7579
static char * opt_tls_ciphersuites
Definition: ssl_acceptor_context.cc:50
Definition: mysql.h:209
Definition: mysql.h:205
Definition: mysql.h:271
#define NULL
Definition: types.h:55
static MYSQL mysql
Definition: mysql.cc:152
Definition: mysql.h:295
unsigned long ulong
Definition: my_inttypes.h:48
Definition: mysql.h:195
bool STDCALL mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)
Definition: client.cc:3255