MySQL 8.0.32
Source Code Documentation
tls_client_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2022, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23*/
24
25#ifndef MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
26#define MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
27
28#include "mysql/harness/tls_context.h"
29
30#include <system_error>
31
32#include "mysql/harness/stdx/expected.h"
33#include "mysql/harness/tls_export.h"
34
35/**
36 * Client TLS Context.
37 */
38class HARNESS_TLS_EXPORT TlsClientContext : public TlsContext {
39 public:
40 TlsClientContext(TlsVerify mode = TlsVerify::PEER);
41
42 /**
43 * set cipher-list.
44 *
45 * for TLSv1.2-and-earlier ciphers.
46 *
47 * @param ciphers colon separated list of ciphers
48 *
49 * @note list is not filtered for unacceptable ciphers
50 *
51 * @see openssl ciphers
52 * @see cipher_suites()
53 */
54 stdx::expected<void, std::error_code> cipher_list(const std::string &ciphers);
55
56 /**
57 * set cipher-suites of TLSv1.3.
58 *
59 * openssl 1.1.1 added support for TLSv1.3 and move setting those ciphers
60 * to SSL_CTX_set_ciphersuites().
61 *
62 * @param ciphers colon separated list of ciphers. empty == empty, "DEFAULT"
63 * is the default-set
64 *
65 * @note list is not filtered for unacceptable ciphers
66 * @see openssl ciphers
67 * @see has_set_cipher_suites()
68 */
69 stdx::expected<void, std::error_code> cipher_suites(
70 const std::string &ciphers);
71
72 /**
73 * verification of certificates.
74 */
75 stdx::expected<void, std::error_code> verify(TlsVerify verify);
76
77 /**
78 * verify hostname.
79 *
80 * @param server_host hostname or ip-address to match in the certificate.
81 */
82 stdx::expected<void, std::error_code> verify_hostname(
83 const std::string &server_host);
84};
85
86#endif
TlsClientContext
Client TLS Context.
Definition: tls_client_context.h:38
TlsContext
wraps SSL_CTX.
Definition: tls_context.h:85
TlsContext::cipher_list
std::vector< std::string > cipher_list() const
get current cipher-list.
Definition: tls_context.cc:356
stdx::expected
Definition: expected.h:943
oci::ssl::verify
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:114
stdx::io::mode
mode
Definition: file_handle.h:59
tls_context.h
TlsVerify
TlsVerify
Verification of Cerifiticates.
Definition: tls_context.h:61
TlsVerify::PEER
@ PEER
tls_export.h
HARNESS_TLS_EXPORT
#define HARNESS_TLS_EXPORT
Definition: tls_export.h:15