mysql-server/latest/sslopt-vars_8h_source.html

 /* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
    as published by the Free Software Foundation.

    This program is also distributed with certain software (including
    but not limited to OpenSSL) that is licensed under separate terms,
    as designated in a particular file or component or in included license
    documentation.  The authors of MySQL hereby grant you an additional
    permission to link the program and your derivative works with the
    separately licensed software that they have included with MySQL.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License, version 2.0, for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */

 #ifndef SSLOPT_VARS_INCLUDED
 #define SSLOPT_VARS_INCLUDED

 /**
   @file include/sslopt-vars.h
 */

 #include <stdio.h>

 #include "m_string.h"
 #include "my_inttypes.h"
 #include "mysql.h"
 #include "typelib.h"

 #if defined(HAVE_OPENSSL)

 #ifdef MYSQL_SERVER
 #error This header is supposed to be used only in the client
 #endif

 #include <stddef.h>
 #include <stdio.h>
 #include <sys/types.h>

 #include "m_string.h"
 #include "my_inttypes.h"
 #include "my_macros.h"
 #include "mysql.h"
 #include "typelib.h"

 const char *ssl_mode_names_lib[] = {"DISABLED",  "PREFERRED",       "REQUIRED",
                                     "VERIFY_CA", "VERIFY_IDENTITY", NullS};
 TYPELIB ssl_mode_typelib = {array_elements(ssl_mode_names_lib) - 1, "",
                             ssl_mode_names_lib, NULL};

 const char *ssl_fips_mode_names_lib[] =
 #ifndef HAVE_WOLFSSL
     {"OFF", "ON", "STRICT",
 #else
     {"OFF",
 #endif
      NullS};
 TYPELIB ssl_fips_mode_typelib = {array_elements(ssl_fips_mode_names_lib) - 1,
                                  "", ssl_fips_mode_names_lib, NULL};

 static uint opt_ssl_mode = SSL_MODE_PREFERRED;
 static char *opt_ssl_ca = 0;
 static char *opt_ssl_capath = 0;
 static char *opt_ssl_cert = 0;
 static char *opt_ssl_cipher = 0;
 static char *opt_tls_ciphersuites = 0;
 static char *opt_ssl_key = 0;
 static char *opt_ssl_crl = 0;
 static char *opt_ssl_crlpath = 0;
 static char *opt_tls_version = 0;
 static ulong opt_ssl_fips_mode = SSL_FIPS_MODE_OFF;
 static bool ssl_mode_set_explicitly = false;

 static inline int set_client_ssl_options(MYSQL *mysql) {
   /*
     Print a warning if explicitly defined combination of --ssl-mode other than
     VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
   */
   if (ssl_mode_set_explicitly && opt_ssl_mode < SSL_MODE_VERIFY_CA &&
       (opt_ssl_ca || opt_ssl_capath)) {
     fprintf(stderr,
             "WARNING: no verification of server certificate will be done. "
             "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
   }

   /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
   if (opt_ssl_mode >= SSL_MODE_VERIFY_CA)
     mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath,
                   opt_ssl_cipher);
   else
     mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, NULL, NULL, opt_ssl_cipher);
   mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
   mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
   mysql_options(mysql, MYSQL_OPT_TLS_VERSION, opt_tls_version);
   mysql_options(mysql, MYSQL_OPT_SSL_MODE, &opt_ssl_mode);
   mysql_options(mysql, MYSQL_OPT_SSL_FIPS_MODE, &opt_ssl_fips_mode);
   if (opt_ssl_fips_mode > 0 && mysql_errno(mysql) == CR_SSL_FIPS_MODE_ERR)
     return 1;
   mysql_options(mysql, MYSQL_OPT_TLS_CIPHERSUITES, opt_tls_ciphersuites);

   return 0;
 }

 #define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
 #else
 #define SSL_SET_OPTIONS(mysql) \
   do {                         \
   } while (0)
 #endif

 const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";

 #endif /* SSLOPT_VARS_INCLUDED */
opt_ssl_cipher
static char * opt_ssl_cipher
Definition: ssl_acceptor_context.cc:49

my_macros.h
Some common macros.

MYSQL_OPT_TLS_VERSION
Definition: mysql.h:205

opt_ssl_crl
static char * opt_ssl_crl
Definition: ssl_acceptor_context.cc:50

opt_ssl_crlpath
static char * opt_ssl_crlpath
Definition: ssl_acceptor_context.cc:51

my_inttypes.h
Some integer typedefs for easier portability.

opt_ssl_fips_mode
ulong opt_ssl_fips_mode
Definition: mysqld.cc:1686

CR_SSL_FIPS_MODE_ERR
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:125

opt_tls_version
static char * opt_tls_version
Definition: ssl_acceptor_context.cc:51

NULL
Sergei Dialog Client Authentication NULL
Definition: dialog.cc:352

NullS
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: m_string.h:49

m_string.h

MYSQL_OPT_TLS_CIPHERSUITES
Definition: mysql.h:211

SSL_MODE_PREFERRED
Definition: mysql.h:268

opt_ssl_key
static const char * opt_ssl_key
Definition: ssl_acceptor_context.cc:47

mysql.h
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient...

array_elements
constexpr size_t array_elements(T(&)[N]) noexcept
Definition: my_macros.h:77

MYSQL_OPT_SSL_CRL
Definition: mysql.h:195

SSL_FIPS_MODE_OFF
Definition: mysql.h:275

opt_ssl_cert
static const char * opt_ssl_cert
Definition: ssl_acceptor_context.cc:48

mysql_errno
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:8004

uint
unsigned int uint
Definition: uca-dump.cc:29

SSL_SET_OPTIONS_ERROR
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:118

opt_ssl_ca
static const char * opt_ssl_ca
SSL context options.
Definition: ssl_acceptor_context.cc:46

fprintf
fprintf(outf, "   %%time     sec   #call ms/call  %%calls  weight   stack  name\)

TYPELIB
Definition: typelib.h:34

opt_ssl_capath
static char * opt_ssl_capath
Definition: ssl_acceptor_context.cc:49

mysql_options
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:7466

opt_tls_ciphersuites
static char * opt_tls_ciphersuites
Definition: ssl_acceptor_context.cc:50

MYSQL_OPT_SSL_FIPS_MODE
Definition: mysql.h:210

MYSQL_OPT_SSL_MODE
Definition: mysql.h:206

SSL_MODE_VERIFY_CA
Definition: mysql.h:270

mysql
static MYSQL mysql
Definition: mysql.cc:150

typelib.h

MYSQL
Definition: mysql.h:294

ulong
unsigned long ulong
Definition: my_inttypes.h:48

MYSQL_OPT_SSL_CRLPATH
Definition: mysql.h:196

mysql_ssl_set
bool STDCALL mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)
Definition: client.cc:3234