MySQL  8.0.22
Source Code Documentation
xcom_ssl_transport.cc File Reference
#include <assert.h>
#include <stdlib.h>
#include <openssl/dh.h>
#include <openssl/opensslv.h>
#include <openssl/x509v3.h>
#include "xcom/xcom_profile.h"
#include "my_compiler.h"
#include "openssl/engine.h"
#include "xcom/task_debug.h"
#include "xcom/x_platform.h"
#include "xcom/xcom_ssl_transport.h"

Macros

#define SSL_MODE_OPTIONS_COUNT   (sizeof(ssl_mode_options) / sizeof(*ssl_mode_options))
 
#define SSL_MODE_FIPS_OPTIONS_COUNT   (sizeof(ssl_fips_mode_options) / sizeof(*ssl_fips_mode_options))
 
#define TLS_VERSION_OPTION_SIZE   256
 
#define SSL_CIPHER_LIST_SIZE   4096
 
#define TLS_VERSIONS_COUNTS   (sizeof(tls_version_name_list) / sizeof(*tls_version_name_list))
 
#define OPENSSL_ERROR_LENGTH   512
 

Functions

static DH * get_dh2048 (void)
 
static long process_tls_version (const char *tls_version)
 
static int PasswordCallBack (char *passwd, int sz, int rw, void *userdata)
 
static int configure_ssl_algorithms (SSL_CTX *ssl_ctx, const char *cipher, const char *tls_version, const char *tls_ciphersuites)
 
static int configure_ssl_fips_mode (const uint fips_mode)
 
static int configure_ssl_ca (SSL_CTX *ssl_ctx, const char *ca_file, const char *ca_path)
 
static int configure_ssl_revocation (SSL_CTX *ssl_ctx, const char *crl_file, const char *crl_path)
 
static int configure_ssl_keys (SSL_CTX *ssl_ctx, const char *key_file, const char *cert_file)
 
static int init_ssl (const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *crl_file, const char *crl_path, const char *cipher, const char *tls_version, const char *tls_ciphersuites, SSL_CTX *ssl_ctx)
 
int xcom_use_ssl ()
 
int xcom_get_ssl_mode (const char *mode)
 
int xcom_set_ssl_mode (int mode)
 
int xcom_get_ssl_fips_mode (const char *mode)
 
int xcom_set_ssl_fips_mode (int mode)
 
int xcom_init_ssl (const char *server_key_file, const char *server_cert_file, const char *client_key_file, const char *client_cert_file, const char *ca_file, const char *ca_path, const char *crl_file, const char *crl_path, const char *cipher, const char *tls_version, const char *tls_ciphersuites)
 
void xcom_cleanup_ssl ()
 
void xcom_destroy_ssl ()
 
int ssl_verify_server_cert (SSL *ssl, const char *server_hostname)
 

Variables

static const char * ssl_mode_options []
 
static const char * ssl_fips_mode_options [] = {"OFF", "ON", "STRICT"}
 
static const char * tls_ciphers_list
 
static const char * tls_cipher_blocked
 
static unsigned char dh2048_p []
 
static unsigned char dh2048_g [] = {0x05}
 
static char * ssl_pw = NULL
 
static int ssl_mode = SSL_DISABLED
 
static int ssl_fips_mode = SSL_FIPS_MODE_OFF
 
static int ssl_init_done = 0
 
SSL_CTX * server_ctx = NULL
 
SSL_CTX * client_ctx = NULL
 

Macro Definition Documentation

◆ OPENSSL_ERROR_LENGTH

#define OPENSSL_ERROR_LENGTH   512

◆ SSL_CIPHER_LIST_SIZE

#define SSL_CIPHER_LIST_SIZE   4096

◆ SSL_MODE_FIPS_OPTIONS_COUNT

#define SSL_MODE_FIPS_OPTIONS_COUNT   (sizeof(ssl_fips_mode_options) / sizeof(*ssl_fips_mode_options))

◆ SSL_MODE_OPTIONS_COUNT

#define SSL_MODE_OPTIONS_COUNT   (sizeof(ssl_mode_options) / sizeof(*ssl_mode_options))

◆ TLS_VERSION_OPTION_SIZE

#define TLS_VERSION_OPTION_SIZE   256

◆ TLS_VERSIONS_COUNTS

#define TLS_VERSIONS_COUNTS   (sizeof(tls_version_name_list) / sizeof(*tls_version_name_list))

Function Documentation

◆ configure_ssl_algorithms()

static int configure_ssl_algorithms ( SSL_CTX *  ssl_ctx,
const char *  cipher,
const char *  tls_version,
const char *  tls_ciphersuites 
)
static

◆ configure_ssl_ca()

static int configure_ssl_ca ( SSL_CTX *  ssl_ctx,
const char *  ca_file,
const char *  ca_path 
)
static

◆ configure_ssl_fips_mode()

static int configure_ssl_fips_mode ( const uint  fips_mode)
static

◆ configure_ssl_keys()

static int configure_ssl_keys ( SSL_CTX *  ssl_ctx,
const char *  key_file,
const char *  cert_file 
)
static

◆ configure_ssl_revocation()

static int configure_ssl_revocation ( SSL_CTX *  ssl_ctx,
const char *  crl_file,
const char *  crl_path 
)
static

◆ get_dh2048()

static DH* get_dh2048 ( void  )
static

◆ init_ssl()

static int init_ssl ( const char *  key_file,
const char *  cert_file,
const char *  ca_file,
const char *  ca_path,
const char *  crl_file,
const char *  crl_path,
const char *  cipher,
const char *  tls_version,
const char *  tls_ciphersuites,
SSL_CTX *  ssl_ctx 
)
static

◆ PasswordCallBack()

static int PasswordCallBack ( char *  passwd,
int  sz,
int  rw,
void *  userdata 
)
static

◆ process_tls_version()

static long process_tls_version ( const char *  tls_version)
static

◆ ssl_verify_server_cert()

int ssl_verify_server_cert ( SSL *  ssl,
const char *  server_hostname 
)

◆ xcom_cleanup_ssl()

void xcom_cleanup_ssl ( )

◆ xcom_destroy_ssl()

void xcom_destroy_ssl ( )

◆ xcom_get_ssl_fips_mode()

int xcom_get_ssl_fips_mode ( const char *  mode)

◆ xcom_get_ssl_mode()

int xcom_get_ssl_mode ( const char *  mode)

◆ xcom_init_ssl()

int xcom_init_ssl ( const char *  server_key_file,
const char *  server_cert_file,
const char *  client_key_file,
const char *  client_cert_file,
const char *  ca_file,
const char *  ca_path,
const char *  crl_file,
const char *  crl_path,
const char *  cipher,
const char *  tls_version,
const char *  tls_ciphersuites 
)

◆ xcom_set_ssl_fips_mode()

int xcom_set_ssl_fips_mode ( int  mode)

◆ xcom_set_ssl_mode()

int xcom_set_ssl_mode ( int  mode)

◆ xcom_use_ssl()

int xcom_use_ssl ( )

Variable Documentation

◆ client_ctx

SSL_CTX* client_ctx = NULL

◆ dh2048_g

unsigned char dh2048_g[] = {0x05}
static

◆ dh2048_p

unsigned char dh2048_p[]
static
Initial value:
= {
0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37,
0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C,
0xC6, 0xAF, 0xDA, 0x8B, 0x26, 0xE6, 0x1A, 0x74, 0x5E, 0x64, 0xCB, 0xE2,
0x08, 0xF1, 0x09, 0xE3, 0xAF, 0xBB, 0x54, 0x29, 0x2D, 0x97, 0xF4, 0x59,
0xE6, 0x26, 0x83, 0x1F, 0x55, 0xCD, 0x1B, 0x57, 0x55, 0x42, 0x6C, 0xE7,
0xB7, 0xDA, 0x6E, 0xD8, 0x6D, 0xEE, 0xB1, 0x4F, 0xA4, 0xD7, 0xF5, 0x41,
0xE1, 0xB4, 0x0B, 0xE1, 0x98, 0x16, 0xE2, 0xED, 0x16, 0xCF, 0x18, 0x7D,
0x3F, 0x25, 0xC3, 0x82, 0x59, 0xBD, 0xF4, 0x8F, 0x57, 0xCA, 0x3E, 0x19,
0xE4, 0xF5, 0x44, 0xE0, 0xCC, 0x80, 0xB3, 0x10, 0x91, 0x18, 0x0D, 0x64,
0x59, 0x0A, 0x43, 0xF7, 0xFC, 0xCA, 0x01, 0xE8, 0x14, 0x04, 0xF2, 0xCD,
0xA9, 0x2A, 0x3C, 0xF3, 0xA5, 0x2A, 0x83, 0xD8, 0x66, 0x9F, 0xC9, 0x2C,
0xC9, 0x4F, 0x44, 0x05, 0x5E, 0x5E, 0x00, 0x47, 0x22, 0x0A, 0xE6, 0xB0,
0x87, 0xA5, 0x74, 0x3B, 0xE4, 0xA3, 0xFC, 0x2D, 0xDC, 0x49, 0xF2, 0xE1,
0x80, 0x0D, 0x06, 0x71, 0x7A, 0x77, 0x3A, 0xA9, 0x66, 0x70, 0x3B, 0xBA,
0x8D, 0x2E, 0x60, 0x5A, 0x39, 0xF7, 0x2D, 0xD3, 0xF5, 0x53, 0x47, 0x6E,
0x57, 0x13, 0x01, 0x87, 0xF9, 0xDE, 0x4D, 0x20, 0x92, 0xBE, 0xD7, 0x1E,
0xE0, 0x20, 0x0C, 0x60, 0xC8, 0xCA, 0x35, 0x58, 0x7D, 0x3F, 0x59, 0xEE,
0xFB, 0x67, 0x7D, 0x64, 0x7D, 0x8E, 0x77, 0x6C, 0x61, 0x44, 0x8A, 0x8C,
0x4D, 0xF0, 0x12, 0xD4, 0xA4, 0xEA, 0x17, 0x75, 0x66, 0x49, 0x6C, 0xCF,
0x14, 0x28, 0xC6, 0x9A, 0x3C, 0x71, 0xFD, 0xB8, 0x3A, 0x6C, 0xE3, 0xA3,
0xA6, 0x06, 0x5A, 0xA6, 0xF0, 0x7A, 0x00, 0x15, 0xA5, 0x5A, 0x64, 0x66,
0x00, 0x05, 0x85, 0xB7}

◆ server_ctx

SSL_CTX* server_ctx = NULL

◆ ssl_fips_mode

int ssl_fips_mode = SSL_FIPS_MODE_OFF
static

◆ ssl_fips_mode_options

const char* ssl_fips_mode_options[] = {"OFF", "ON", "STRICT"}
static

◆ ssl_init_done

int ssl_init_done = 0
static

◆ ssl_mode

int ssl_mode = SSL_DISABLED
static

◆ ssl_mode_options

const char* ssl_mode_options[]
static
Initial value:
= {"DISABLED", "PREFERRED", "REQUIRED",
"VERIFY_CA", "VERIFY_IDENTITY"}

◆ ssl_pw

char* ssl_pw = NULL
static

◆ tls_cipher_blocked

const char* tls_cipher_blocked
static
Initial value:
=
"!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!DES:!RC2:!RC4:!PSK:"
"!DHE-DSS-DES-CBC3-SHA:!DHE-RSA-DES-CBC3-SHA:"
"!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:"
"!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:"

◆ tls_ciphers_list

const char* tls_ciphers_list
static