MySQL 8.3.0
Source Code Documentation
sslopt-vars.h
Go to the documentation of this file.
1/* Copyright (c) 2000, 2023, Oracle and/or its affiliates.
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License, version 2.0,
5 as published by the Free Software Foundation.
6
7 This program is also distributed with certain software (including
8 but not limited to OpenSSL) that is licensed under separate terms,
9 as designated in a particular file or component or in included license
10 documentation. The authors of MySQL hereby grant you an additional
11 permission to link the program and your derivative works with the
12 separately licensed software that they have included with MySQL.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License, version 2.0, for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef SSLOPT_VARS_INCLUDED
24#define SSLOPT_VARS_INCLUDED
25
26/**
27 @file include/sslopt-vars.h
28*/
29
30#include <stddef.h>
31#include <stdio.h>
32#include <sys/types.h>
33#include <functional>
34
35#ifdef MYSQL_SERVER
36#error This header is supposed to be used only in the client
37#endif
38
39#include "my_inttypes.h"
40#include "my_macros.h"
41#include "mysql.h"
42#include "nulls.h"
43#include "template_utils.h"
44#include "typelib.h"
45
46const char *ssl_mode_names_lib[] = {"DISABLED", "PREFERRED", "REQUIRED",
47 "VERIFY_CA", "VERIFY_IDENTITY", NullS};
49 ssl_mode_names_lib, nullptr};
50
51const char *ssl_fips_mode_names_lib[] = {"OFF", "ON", "STRICT", NullS};
53 "", ssl_fips_mode_names_lib, nullptr};
54
56static char *opt_ssl_ca = nullptr;
57static char *opt_ssl_capath = nullptr;
58static char *opt_ssl_cert = nullptr;
59static char *opt_ssl_cipher = nullptr;
60static char *opt_tls_ciphersuites = nullptr;
61static char *opt_ssl_key = nullptr;
62static char *opt_ssl_crl = nullptr;
63static char *opt_ssl_crlpath = nullptr;
64static char *opt_tls_version = nullptr;
66static bool ssl_mode_set_explicitly = false;
67static char *opt_ssl_session_data = nullptr;
69static char *opt_tls_sni_servername = nullptr;
70
71static inline int set_client_ssl_options(MYSQL *mysql) {
72 /*
73 Print a warning if explicitly defined combination of --ssl-mode other than
74 VERIFY_CA or VERIFY_IDENTITY with explicit --ssl-ca or --ssl-capath values.
75 */
78 fprintf(stderr,
79 "WARNING: no verification of server certificate will be done. "
80 "Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.\n");
81 }
82
83 /* Set SSL parameters: key, cert, ca, capath, cipher, clr, clrpath. */
90 } else {
93 }
98 if (opt_ssl_fips_mode > 0) {
100 if (mysql_errno(mysql) == CR_SSL_FIPS_MODE_ERR) return 1;
101 }
105 FILE *fi = fopen(opt_ssl_session_data, "rb");
106 char buff[4096], *bufptr = &buff[0];
107 size_t read = 0;
108
109 if (!fi) {
110 fprintf(stderr, "Error: Can't open the ssl session data file.\n");
111 return 1;
112 }
113 long file_length = sizeof(buff) - 1;
114 if (0 == fseek(fi, 0, SEEK_END)) {
115 file_length = ftell(fi);
116 if (file_length > 0)
117 file_length = std::min(file_length, 65536L);
118 else
119 file_length = sizeof(buff) - 1;
120 fseek(fi, 0, SEEK_SET);
121 }
122 if (file_length > (long)(sizeof(buff) - 1)) {
123 bufptr = (char *)malloc(file_length + 1);
124 if (bufptr)
125 bufptr[file_length] = 0;
126 else {
127 bufptr = &buff[0];
128 file_length = sizeof(buff) - 1;
129 }
130 }
131 read = fread(bufptr, 1, file_length, fi);
132 if (!read) {
133 fprintf(stderr, "Error: Can't read the ssl session data file.\n");
134 fclose(fi);
135 if (bufptr != &buff[0]) free(bufptr);
136 return 1;
137 }
138 assert(read <= (size_t)file_length);
139 bufptr[read] = 0;
140 fclose(fi);
141
142 int ret = 0;
144 if (bufptr != &buff[0]) free(bufptr);
145 return ret;
146 }
147 return 0;
148}
149
151 MYSQL *mysql, std::function<void(const char *)> report_error) {
155 "--ssl-session-data specified but the session was not reused.");
156 return true;
157 }
158 return false;
159}
160
161#define SSL_SET_OPTIONS(mysql) set_client_ssl_options(mysql)
162
163const char *SSL_SET_OPTIONS_ERROR = "Failed to set ssl related options.\n";
164
165#endif /* SSLOPT_VARS_INCLUDED */
#define CR_SSL_FIPS_MODE_ERR
Definition: errmsg.h:125
static bool report_error(THD *thd, int error_code, Sql_condition::enum_severity_level level, Args... args)
Definition: error_handler.cc:290
#define malloc(A)
Definition: lexyy.cc:914
#define free(A)
Definition: lexyy.cc:915
Some integer typedefs for easier portability.
Some common macros.
This file defines the client API to MySQL and also the ABI of the dynamically linked libmysqlclient.
unsigned int STDCALL mysql_errno(MYSQL *mysql)
Definition: client.cc:9108
@ MYSQL_OPT_SSL_CIPHER
Definition: mysql.h:191
@ MYSQL_OPT_TLS_SNI_SERVERNAME
Definition: mysql.h:214
@ MYSQL_OPT_SSL_CA
Definition: mysql.h:189
@ MYSQL_OPT_TLS_VERSION
Definition: mysql.h:202
@ MYSQL_OPT_SSL_KEY
Definition: mysql.h:187
@ MYSQL_OPT_SSL_FIPS_MODE
Definition: mysql.h:207
@ MYSQL_OPT_SSL_CRLPATH
Definition: mysql.h:193
@ MYSQL_OPT_SSL_CERT
Definition: mysql.h:188
@ MYSQL_OPT_SSL_SESSION_DATA
Definition: mysql.h:213
@ MYSQL_OPT_SSL_MODE
Definition: mysql.h:203
@ MYSQL_OPT_SSL_CAPATH
Definition: mysql.h:190
@ MYSQL_OPT_SSL_CRL
Definition: mysql.h:192
@ MYSQL_OPT_TLS_CIPHERSUITES
Definition: mysql.h:208
bool STDCALL mysql_get_ssl_session_reused(MYSQL *mysql)
Check if the current ssl session is reused.
Definition: client.cc:3556
int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option, const void *arg)
Definition: client.cc:8468
@ SSL_MODE_PREFERRED
Definition: mysql.h:271
@ SSL_MODE_VERIFY_CA
Definition: mysql.h:273
@ SSL_FIPS_MODE_OFF
Definition: mysql.h:278
const std::string FILE("FILE")
Definition: instrumented_condition_variable.h:31
std::enable_if_t< is_mutable_buffer_sequence< MutableBufferSequence >::value, stdx::expected< size_t, std::error_code > > read(SyncReadStream &stream, const MutableBufferSequence &buffers)
Definition: buffer.h:836
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: nulls.h:32
static char * opt_ssl_session_data
Definition: sslopt-vars.h:67
static int set_client_ssl_options(MYSQL *mysql)
Definition: sslopt-vars.h:71
static bool opt_ssl_session_data_continue_on_failed_reuse
Definition: sslopt-vars.h:68
static char * opt_ssl_cipher
Definition: sslopt-vars.h:59
const char * ssl_mode_names_lib[]
Definition: sslopt-vars.h:46
static char * opt_ssl_ca
Definition: sslopt-vars.h:56
static char * opt_tls_version
Definition: sslopt-vars.h:64
const char * SSL_SET_OPTIONS_ERROR
Definition: sslopt-vars.h:163
static char * opt_ssl_capath
Definition: sslopt-vars.h:57
static char * opt_ssl_crlpath
Definition: sslopt-vars.h:63
TYPELIB ssl_fips_mode_typelib
Definition: sslopt-vars.h:52
static char * opt_tls_ciphersuites
Definition: sslopt-vars.h:60
const char * ssl_fips_mode_names_lib[]
Definition: sslopt-vars.h:51
static char * opt_tls_sni_servername
Definition: sslopt-vars.h:69
static ulong opt_ssl_fips_mode
Definition: sslopt-vars.h:65
static uint opt_ssl_mode
Definition: sslopt-vars.h:55
static bool ssl_mode_set_explicitly
Definition: sslopt-vars.h:66
static char * opt_ssl_cert
Definition: sslopt-vars.h:58
TYPELIB ssl_mode_typelib
Definition: sslopt-vars.h:48
static char * opt_ssl_crl
Definition: sslopt-vars.h:62
static char * opt_ssl_key
Definition: sslopt-vars.h:61
static bool ssl_client_check_post_connect_ssl_setup(MYSQL *mysql, std::function< void(const char *)> report_error)
Definition: sslopt-vars.h:150
Definition: mysql.h:297
Definition: typelib.h:34
#define array_elements(A)
Definition: validate_password_imp.cc:47