MySQL 8.0.29
Source Code Documentation
sslopt-vars.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2022, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef SSLOPT_VARS_INCLUDED
24#define SSLOPT_VARS_INCLUDED
25
26/**
27 @file include/sslopt-vars.h
28*/
29
30#include <stddef.h>
31#include <stdio.h>
32#include <sys/types.h>
33#include <functional>
34
35#include "m_string.h"
36#include "my_getopt.h"
37#include "mysql.h"
38#include "template_utils.h"
39#include "typelib.h"
40
41#ifdef MYSQL_SERVER
42#error This header is supposed to be used only in the client
43#endif
44
45const char *ssl_mode_names_lib[] = {"DISABLED", "PREFERRED", "REQUIRED",
46 "VERIFY_CA", "VERIFY_IDENTITY", NullS};
48 ssl_mode_names_lib, nullptr};
49
50const char *ssl_fips_mode_names_lib[] = {"OFF", "ON", "STRICT", NullS};
52 "", ssl_fips_mode_names_lib, nullptr};
53
55static char *opt_ssl_ca = nullptr;
56static char *opt_ssl_capath = nullptr;
57static char *opt_ssl_cert = nullptr;
58static char *opt_ssl_cipher = nullptr;
59static char *opt_tls_ciphersuites = nullptr;
60static char *opt_ssl_key = nullptr;
61static char *opt_ssl_crl = nullptr;
62static char *opt_ssl_crlpath = nullptr;
63static char *opt_tls_version = nullptr;
65static bool ssl_mode_set_explicitly = false;
66static char *opt_ssl_session_data = nullptr;
68
69static inline int set_client_ssl_options(MYSQL *mysql) {
70 /*
71 Print a warning if explicitly defined combination of --ssl-mode other than
72 VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
73 */
76 fprintf(stderr,
77 "WARNING: no verification of server certificate will be done. "
78 "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
79 }
80
81 /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
85 else
86 mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, nullptr, nullptr,
94 return 1;
97 FILE *fi = fopen(opt_ssl_session_data, "rb");
98 char buff[4096], *bufptr = &buff[0];
99 size_t read = 0;
100
101 if (!fi) {
102 fprintf(stderr, "Error: Can't open the ssl session data file.\n");
103 return 1;
104 } else {
105 long file_length = sizeof(buff) - 1;
106 if (0 == fseek(fi, 0, SEEK_END)) {
107 file_length = ftell(fi);
108 if (file_length > 0)
109 file_length = std::min(file_length, 65536L);
110 else
111 file_length = sizeof(buff) - 1;
112 fseek(fi, 0, SEEK_SET);
113 }
114 if (file_length > (long)(sizeof(buff) - 1)) {
115 bufptr = (char *)malloc(file_length + 1);
116 if (bufptr)
117 bufptr[file_length] = 0;
118 else {
119 bufptr = &buff[0];
120 file_length = sizeof(buff) - 1;
121 }
122 }
123 read = fread(bufptr, 1, file_length, fi);
124 if (!read) {
125 fprintf(stderr, "Error: Can't read the ssl session data file.\n");
126 fclose(fi);
127 if (bufptr != &buff[0]) free(bufptr);
128 return 1;
129 }
130 assert(read <= (size_t)file_length);
131 bufptr[read] = 0;
132 fclose(fi);
133 }
134 int ret = 0;
136 if (bufptr != &buff[0]) free(bufptr);
137 return ret;
138 }
139 return 0;
140}
141
143 MYSQL *mysql, std::function<void(const char *)> report_error) {
147 "--ssl-session-data specified but the session was not reused.");
148 return true;
149 } else
150 return false;
151}
152
153#define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
154
155const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";
156
157#endif /* SSLOPT_VARS_INCLUDED */
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:125
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:290
bool read(T *ap, const GV &gv, const char *key)
Definition: sdi_impl.h:340
#define malloc(A)
Definition: lexyy.cc:914
#define free(A)
Definition: lexyy.cc:915
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: m_string.h:52
static MYSQL mysql
Definition: mysql.cc:153
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient.
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:8948
@ MYSQL_OPT_TLS_VERSION
Definition: mysql.h:204
@ MYSQL_OPT_SSL_FIPS_MODE
Definition: mysql.h:209
@ MYSQL_OPT_SSL_CRLPATH
Definition: mysql.h:195
@ MYSQL_OPT_SSL_SESSION_DATA
Definition: mysql.h:215
@ MYSQL_OPT_SSL_MODE
Definition: mysql.h:205
@ MYSQL_OPT_SSL_CRL
Definition: mysql.h:194
@ MYSQL_OPT_TLS_CIPHERSUITES
Definition: mysql.h:210
bool STDCALL mysql_get_ssl_session_reused(MYSQL *mysql)
Check if the current ssl session is reused.
Definition: client.cc:3525
bool STDCALL mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)
Definition: client.cc:3321
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:8326
@ SSL_MODE_PREFERRED
Definition: mysql.h:272
@ SSL_MODE_VERIFY_CA
Definition: mysql.h:274
@ SSL_FIPS_MODE_OFF
Definition: mysql.h:279
const std::string FILE("FILE")
static char * opt_ssl_session_data
Definition: sslopt-vars.h:66
static int set_client_ssl_options(MYSQL *mysql)
Definition: sslopt-vars.h:69
static bool opt_ssl_session_data_continue_on_failed_reuse
Definition: sslopt-vars.h:67
static char * opt_ssl_cipher
Definition: sslopt-vars.h:58
const char * ssl_mode_names_lib[]
Definition: sslopt-vars.h:45
static char * opt_ssl_ca
Definition: sslopt-vars.h:55
static char * opt_tls_version
Definition: sslopt-vars.h:63
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:155
static char * opt_ssl_capath
Definition: sslopt-vars.h:56
static char * opt_ssl_crlpath
Definition: sslopt-vars.h:62
TYPELIB ssl_fips_mode_typelib
Definition: sslopt-vars.h:51
static char * opt_tls_ciphersuites
Definition: sslopt-vars.h:59
const char * ssl_fips_mode_names_lib[]
Definition: sslopt-vars.h:50
static ulong opt_ssl_fips_mode
Definition: sslopt-vars.h:64
static uint opt_ssl_mode
Definition: sslopt-vars.h:54
static bool ssl_mode_set_explicitly
Definition: sslopt-vars.h:65
static char * opt_ssl_cert
Definition: sslopt-vars.h:57
TYPELIB ssl_mode_typelib
Definition: sslopt-vars.h:47
static char * opt_ssl_crl
Definition: sslopt-vars.h:61
static char * opt_ssl_key
Definition: sslopt-vars.h:60
static bool ssl_client_check_post_connect_ssl_setup(MYSQL *mysql, std::function< void(const char *)> report_error)
Definition: sslopt-vars.h:142
Definition: mysql.h:298
Definition: typelib.h:34
unsigned int uint
Definition: uca-dump.cc:29
#define array_elements(A)
Definition: validate_password_imp.cc:45