-
Notifications
You must be signed in to change notification settings - Fork 4k
/
Copy pathssl_acceptor_context_data.h
216 lines (173 loc) · 6.7 KB
/
ssl_acceptor_context_data.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
/* Copyright (c) 2020, 2024, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is designed to work with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have either included with
the program or referenced in the documentation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#ifndef SSL_ACCEPTOR_CONTEXT_DATA_INCLUDED
#define SSL_ACCEPTOR_CONTEXT_DATA_INCLUDED
#include <string>
#include "my_rcu_lock.h" /* MyRcuLock */
#include "openssl/ossl_typ.h" /* SSL */
#include "sql/ssl_init_callback.h" /* Ssl_init_callback */
#include "violite.h" /* st_VioSSLFd, enum_ssl_init_error */
class Ssl_acceptor_context_container;
class TLS_channel;
class Lock_and_access_ssl_acceptor_context;
/**
Properties exposed by Ssl Acceptor context
Note: Add new value before "last" and update
Ssl_acceptor_context_propert_type_names.
*/
enum class Ssl_acceptor_context_property_type {
accept_renegotiates = 0,
accepts,
callback_cache_hits,
client_connects,
connect_renegotiates,
ctx_verify_depth,
ctx_verify_mode,
current_tls_ca,
current_tls_capath,
current_tls_cert,
current_tls_cipher,
current_tls_ciphersuites,
current_tls_crl,
current_tls_crlpath,
current_tls_key,
current_tls_version,
finished_accepts,
finished_connects,
server_not_after,
server_not_before,
session_cache_hits,
session_cache_misses,
session_cache_mode,
session_cache_overflows,
session_cache_size,
session_cache_timeouts,
used_session_cache_entries,
session_cache_timeout,
last
};
/**
Note: Add new value before "last" and update
Ssl_acceptor_context_propert_type_names.
*/
/**
Fetch a string representation of SSL acceptor context property
@param [in] property_type Property type
@returns name of the property
*/
std::string Ssl_ctx_property_name(
Ssl_acceptor_context_property_type property_type);
/**
Increment operator for Ssl_acceptor_context_type
Used by iterator
@param [in,out] property_type Current position in Ssl_acceptor_context_type
@returns incremented value for property_type
*/
Ssl_acceptor_context_property_type &operator++(
Ssl_acceptor_context_property_type &property_type);
/**
Container of SSL Acceptor context data
*/
class Ssl_acceptor_context_data final {
public:
/**
Ctor
@param [in] channel Name of the channel
@param [in] callbacks TLS context initialization callbacks
to get values of various options and
perform validation
@param [in] report_ssl_error Report any SSL errors resulting from trying
to initialize the SSL_CTX to error log
@param [out] out_error An optional slot to return SSL_CTX
initialization error information
*/
Ssl_acceptor_context_data(std::string channel, Ssl_init_callback *callbacks,
bool report_ssl_error = true,
enum enum_ssl_init_error *out_error = nullptr);
/** Destructor */
~Ssl_acceptor_context_data();
protected:
/* Disable copy/assignment */
Ssl_acceptor_context_data(const Ssl_acceptor_context_data &) = delete;
Ssl_acceptor_context_data operator=(const Ssl_acceptor_context_data &) =
delete;
/* Disable move constructs */
Ssl_acceptor_context_data(Ssl_acceptor_context_data &&) = delete;
Ssl_acceptor_context_data operator=(Ssl_acceptor_context_data &&) = delete;
/**
Fetch given property from underlying TLS context
@param [in] property_type Property to be fetched
@returns Value of property for given context. Empty in case of failure.
*/
std::string show_property(
Ssl_acceptor_context_property_type property_type) const;
/** TLS context validity */
bool have_ssl() const { return ssl_acceptor_fd_ != nullptr; }
/** Get channel name */
const char *channel_name() const { return channel_.c_str(); }
/** Get Acceptor context */
operator struct st_VioSSLFd *() { return ssl_acceptor_fd_; }
/** Get SSL handle */
operator SSL *() { return acceptor_; }
/** Get current CA */
const char *current_ca() const { return current_ca_.c_str(); }
/** Get current CA Path */
const char *current_capath() const { return current_capath_.c_str(); }
/** Get current Certificate */
const char *current_cert() const { return current_cert_.c_str(); }
/** Get current Key */
const char *current_key() const { return current_key_.c_str(); }
/** Get current CRL certificate */
const char *current_crl() const { return current_crl_.c_str(); }
/** Get current CRL Path */
const char *current_crlpath() const { return current_crlpath_.c_str(); }
/** Get current TLS version */
const char *current_version() const { return current_version_.c_str(); }
/** Get current TLSv1.2 ciphers */
const char *current_cipher() const { return current_cipher_.c_str(); }
/** Get current TLSv1.3 ciphers */
const char *current_ciphersuites() const {
return current_ciphersuites_.c_str();
}
private:
/** Channel name */
std::string channel_;
/** SSL_CTX barerer */
struct st_VioSSLFd *ssl_acceptor_fd_;
/**
An SSL for @ref ssl_acceptor_fd_ to allow access to parameters not in
SSL_CTX to be available even if the current connection is not
encrypted.
*/
SSL *acceptor_;
/**
Copies of the current effective values for quick return via the
status vars
*/
OptionalString current_ca_, current_capath_, current_version_, current_cert_,
current_cipher_, current_ciphersuites_, current_key_, current_crl_,
current_crlpath_;
long current_tls_session_cache_timeout_;
bool current_tls_session_cache_mode_;
/* F.R.I.E.N.D.S. */
friend class Ssl_acceptor_context_container;
friend class TLS_channel;
friend class Lock_and_access_ssl_acceptor_context;
};
#endif // SSL_ACCEPTOR_CONTEXT_DATA_INCLUDED