MySQL 8.3.0
Source Code Documentation
tls_client_context.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2018, 2023, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23*/
24
25#ifndef MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
26#define MYSQL_HARNESS_TLS_CLIENT_CONTEXT_INCLUDED
27
29
30#include <chrono>
31#include <list>
32#include <mutex>
33#include <system_error>
34#include <vector>
35
38
39/**
40 * Client TLS Context.
41 */
43 public:
45 void operator()(SSL_SESSION *sess) { SSL_SESSION_free(sess); }
46 };
47 using SslSession = std::unique_ptr<SSL_SESSION, SslSessionDeleter>;
48
51 size_t session_cache_size = 0,
53
59
60 /**
61 * set cipher-list.
62 *
63 * for TLSv1.2-and-earlier ciphers.
64 *
65 * @param ciphers colon separated list of ciphers
66 *
67 * @note list is not filtered for unacceptable ciphers
68 *
69 * @see openssl ciphers
70 * @see cipher_suites()
71 */
72 stdx::expected<void, std::error_code> cipher_list(const std::string &ciphers);
73
74 /**
75 * set cipher-suites of TLSv1.3.
76 *
77 * openssl 1.1.1 added support for TLSv1.3 and move setting those ciphers
78 * to SSL_CTX_set_ciphersuites().
79 *
80 * @param ciphers colon separated list of ciphers. empty == empty, "DEFAULT"
81 * is the default-set
82 *
83 * @note list is not filtered for unacceptable ciphers
84 * @see openssl ciphers
85 * @see has_set_cipher_suites()
86 */
88 const std::string &ciphers);
89
90 /**
91 * verification of certificates.
92 */
94
95 /**
96 * verify hostname.
97 *
98 * @param server_host hostname or ip-address to match in the certificate.
99 */
101 const std::string &server_host);
102
103 /**
104 * add session.
105 */
106 stdx::expected<void, std::error_code> add_session(SSL_SESSION *sess);
107 /**
108 * remove session.
109 */
110 stdx::expected<void, std::error_code> remove_session(SSL_SESSION *sess);
111 /**
112 * get session.
113 */
115
116 private:
117 struct Sessions {
118 using SessionId = std::vector<uint8_t>;
119 using SessionData = std::pair<SessionId, SslSession>;
120
121 std::list<SessionData> sessions_;
122 std::mutex mtx_;
123 };
124 std::unique_ptr<Sessions> sessions_;
125
129};
130
131#endif
Client TLS Context.
Definition: tls_client_context.h:42
std::unique_ptr< Sessions > sessions_
Definition: tls_client_context.h:124
std::unique_ptr< SSL_SESSION, SslSessionDeleter > SslSession
Definition: tls_client_context.h:47
TlsClientContext & operator=(TlsClientContext &&)=default
TlsClientContext(TlsClientContext &&)=default
std::chrono::seconds session_cache_timeout_
Definition: tls_client_context.h:128
bool session_cache_mode_
Definition: tls_client_context.h:126
TlsClientContext(const TlsClientContext &)=delete
TlsClientContext & operator=(const TlsClientContext &)=delete
size_t session_cache_size_
Definition: tls_client_context.h:127
wraps SSL_CTX.
Definition: tls_context.h:84
std::vector< std::string > cipher_list() const
get current cipher-list.
Definition: tls_context.cc:392
Definition: expected.h:943
bool verify(const std::string &digest, const std::string &message, const std::string &public_key_content)
Verify a message signed by the private key pair of the provided public key.
Definition: ssl.cc:114
mode
Definition: file_handle.h:59
Definition: tls_client_context.h:117
std::list< SessionData > sessions_
Definition: tls_client_context.h:121
std::pair< SessionId, SslSession > SessionData
Definition: tls_client_context.h:119
std::mutex mtx_
Definition: tls_client_context.h:122
std::vector< uint8_t > SessionId
Definition: tls_client_context.h:118
Definition: tls_client_context.h:44
void operator()(SSL_SESSION *sess)
Definition: tls_client_context.h:45
double seconds()
Definition: task.cc:309
TlsVerify
Verification of Cerifiticates.
Definition: tls_context.h:61
#define HARNESS_TLS_EXPORT
Definition: tls_export.h:15