MySQL 9.1.0
Source Code Documentation
sslopt-vars.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2024, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is designed to work with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have either included with
13 the program or referenced in the documentation.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef SSLOPT_VARS_INCLUDED
25#define SSLOPT_VARS_INCLUDED
26
27#include <stddef.h>
28#include <stdio.h>
29#include <sys/types.h>
30#include <functional>
31
32#ifdef MYSQL_SERVER
33#error This header is supposed to be used only in the client
34#endif
35
36#include "my_inttypes.h"
37#include "my_macros.h"
38#include "mysql.h"
39#include "nulls.h"
40#include "template_utils.h"
41#include "typelib.h"
42
43const char *ssl_mode_names_lib[] = {"DISABLED", "PREFERRED", "REQUIRED",
44 "VERIFY_CA", "VERIFY_IDENTITY", NullS};
46 ssl_mode_names_lib, nullptr};
47
48const char *ssl_fips_mode_names_lib[] = {"OFF", "ON", "STRICT", NullS};
50 "", ssl_fips_mode_names_lib, nullptr};
51
53static char *opt_ssl_ca = nullptr;
54static char *opt_ssl_capath = nullptr;
55static char *opt_ssl_cert = nullptr;
56static char *opt_ssl_cipher = nullptr;
57static char *opt_tls_ciphersuites = nullptr;
58static char *opt_ssl_key = nullptr;
59static char *opt_ssl_crl = nullptr;
60static char *opt_ssl_crlpath = nullptr;
61static char *opt_tls_version = nullptr;
63static bool ssl_mode_set_explicitly = false;
64static char *opt_ssl_session_data = nullptr;
66static char *opt_tls_sni_servername = nullptr;
67
68static inline int set_client_ssl_options(MYSQL *mysql) {
69 /*
70 Print a warning if explicitly defined combination of --ssl-mode other than
71 VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
72 */
75 fprintf(stderr,
76 "WARNING: no verification of server certificate will be done. "
77 "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
78 }
79
80 /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
87 } else {
90 }
95 if (opt_ssl_fips_mode > 0) {
97 if (mysql_errno(mysql) == CR_SSL_FIPS_MODE_ERR) return 1;
98 }
102 FILE *fi = fopen(opt_ssl_session_data, "rb");
103 char buff[4096], *bufptr = &buff[0];
104 size_t read = 0;
105
106 if (!fi) {
107 fprintf(stderr, "Error: Can't open the ssl session data file.\n");
108 return 1;
109 }
110 long file_length = sizeof(buff) - 1;
111 if (0 == fseek(fi, 0, SEEK_END)) {
112 file_length = ftell(fi);
113 if (file_length > 0)
114 file_length = std::min(file_length, 65536L);
115 else
116 file_length = sizeof(buff) - 1;
117 fseek(fi, 0, SEEK_SET);
118 }
119 if (file_length > (long)(sizeof(buff) - 1)) {
120 bufptr = (char *)malloc(file_length + 1);
121 if (bufptr)
122 bufptr[file_length] = 0;
123 else {
124 bufptr = &buff[0];
125 file_length = sizeof(buff) - 1;
126 }
127 }
128 read = fread(bufptr, 1, file_length, fi);
129 if (!read) {
130 fprintf(stderr, "Error: Can't read the ssl session data file.\n");
131 fclose(fi);
132 if (bufptr != &buff[0]) free(bufptr);
133 return 1;
134 }
135 assert(read <= (size_t)file_length);
136 bufptr[read] = 0;
137 fclose(fi);
138
139 int ret = 0;
141 if (bufptr != &buff[0]) free(bufptr);
142 return ret;
143 }
144 return 0;
145}
146
148 MYSQL *mysql, std::function<void(const char *)> report_error) {
152 "--ssl-session-data specified but the session was not reused.");
153 return true;
154 }
155 return false;
156}
157
158#define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
159
160const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";
161
162#endif /* SSLOPT_VARS_INCLUDED */
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:126
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:290
#define malloc(A)
Definition: lexyy.cc:914
#define free(A)
Definition: lexyy.cc:915
Some integer typedefs for easier portability.
Some common macros.
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient.
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:9194
@ MYSQL_OPT_SSL_CIPHER
Definition: mysql.h:194
@ MYSQL_OPT_TLS_SNI_SERVERNAME
Definition: mysql.h:217
@ MYSQL_OPT_SSL_CA
Definition: mysql.h:192
@ MYSQL_OPT_TLS_VERSION
Definition: mysql.h:205
@ MYSQL_OPT_SSL_KEY
Definition: mysql.h:190
@ MYSQL_OPT_SSL_FIPS_MODE
Definition: mysql.h:210
@ MYSQL_OPT_SSL_CRLPATH
Definition: mysql.h:196
@ MYSQL_OPT_SSL_CERT
Definition: mysql.h:191
@ MYSQL_OPT_SSL_SESSION_DATA
Definition: mysql.h:216
@ MYSQL_OPT_SSL_MODE
Definition: mysql.h:206
@ MYSQL_OPT_SSL_CAPATH
Definition: mysql.h:193
@ MYSQL_OPT_SSL_CRL
Definition: mysql.h:195
@ MYSQL_OPT_TLS_CIPHERSUITES
Definition: mysql.h:211
bool STDCALL mysql_get_ssl_session_reused(MYSQL *mysql)
Check if the current ssl session is reused.
Definition: client.cc:3621
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:8554
@ SSL_MODE_PREFERRED
Definition: mysql.h:274
@ SSL_MODE_VERIFY_CA
Definition: mysql.h:276
@ SSL_FIPS_MODE_OFF
Definition: mysql.h:281
const std::string FILE("FILE")
Definition: instrumented_condition_variable.h:32
stdx::expected< size_t, std::error_code > read(SyncReadStream &stream, const MutableBufferSequence &buffers)
Definition: buffer.h:835
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: nulls.h:33
static char * opt_ssl_session_data
Definition: sslopt-vars.h:64
static int set_client_ssl_options(MYSQL *mysql)
Definition: sslopt-vars.h:68
static bool opt_ssl_session_data_continue_on_failed_reuse
Definition: sslopt-vars.h:65
static char * opt_ssl_cipher
Definition: sslopt-vars.h:56
const char * ssl_mode_names_lib[]
Definition: sslopt-vars.h:43
static char * opt_ssl_ca
Definition: sslopt-vars.h:53
static char * opt_tls_version
Definition: sslopt-vars.h:61
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:160
static char * opt_ssl_capath
Definition: sslopt-vars.h:54
static char * opt_ssl_crlpath
Definition: sslopt-vars.h:60
TYPELIB ssl_fips_mode_typelib
Definition: sslopt-vars.h:49
static char * opt_tls_ciphersuites
Definition: sslopt-vars.h:57
const char * ssl_fips_mode_names_lib[]
Definition: sslopt-vars.h:48
static char * opt_tls_sni_servername
Definition: sslopt-vars.h:66
static ulong opt_ssl_fips_mode
Definition: sslopt-vars.h:62
static uint opt_ssl_mode
Definition: sslopt-vars.h:52
static bool ssl_mode_set_explicitly
Definition: sslopt-vars.h:63
static char * opt_ssl_cert
Definition: sslopt-vars.h:55
TYPELIB ssl_mode_typelib
Definition: sslopt-vars.h:45
static char * opt_ssl_crl
Definition: sslopt-vars.h:59
static char * opt_ssl_key
Definition: sslopt-vars.h:58
static bool ssl_client_check_post_connect_ssl_setup(MYSQL *mysql, std::function< void(const char *)> report_error)
Definition: sslopt-vars.h:147
Definition: mysql.h:300
Definition: typelib.h:35
#define array_elements(A)
Definition: validate_password_imp.cc:50