1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
/*
* Copyright (c) 2018, 2025, Oracle and/or its affiliates.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License, version 2.0,
* as published by the Free Software Foundation.
*
* This program is designed to work with certain software (including
* but not limited to OpenSSL) that is licensed under separate terms,
* as designated in a particular file or component or in included license
* documentation. The authors of MySQL hereby grant you an additional
* permission to link the program and your derivative works with the
* separately licensed software that they have either included with
* the program or referenced in the documentation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License, version 2.0, for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// MySQL DB access module, for use by plugins and others
// For the module that implements interactive DB functionality see mod_db
#ifndef PLUGIN_X_CLIENT_XSSL_CONFIG_H_
#define PLUGIN_X_CLIENT_XSSL_CONFIG_H_
#include <cstring>
#include <string>
namespace xcl {
class Ssl_config {
public:
enum class Mode {
Ssl_disabled,
Ssl_preferred,
Ssl_required,
Ssl_verify_ca,
Ssl_verify_identity
};
enum class Mode_ssl_fips {
Ssl_fips_mode_off,
Ssl_fips_mode_on,
Ssl_fips_mode_strict,
};
public:
Ssl_config() = default;
Ssl_config(const std::string &ssl_key, const std::string &ssl_ca,
const std::string &ssl_ca_path, const std::string &ssl_cert,
const std::string &ssl_cipher, const std::string &ssl_crl,
const std::string &ssl_crl_path,
const std::string &ssl_tls_version, const Mode mode,
const Mode_ssl_fips ssl_fips_mode)
: m_key(ssl_key),
m_ca(ssl_ca),
m_ca_path(ssl_ca_path),
m_cert(ssl_cert),
m_cipher(ssl_cipher),
m_crl(ssl_crl),
m_crl_path(ssl_crl_path),
m_tls_version(ssl_tls_version),
m_mode(mode),
m_ssl_fips_mode(ssl_fips_mode) {}
bool is_configured() const { return Mode::Ssl_disabled != m_mode; }
bool does_mode_requires_ssl() const {
switch (m_mode) {
case Mode::Ssl_required: // fall-through
case Mode::Ssl_verify_ca: // fall-through
case Mode::Ssl_verify_identity:
return true;
default:
return false;
}
}
bool does_mode_requires_ca() const {
return Mode::Ssl_verify_ca == m_mode || Mode::Ssl_verify_identity == m_mode;
}
bool is_ca_configured() const {
if (m_ca.empty() && m_ca_path.empty()) return false;
return true;
}
std::string m_key;
std::string m_ca;
std::string m_ca_path;
std::string m_cert;
std::string m_cipher;
std::string m_crl;
std::string m_crl_path;
std::string m_tls_version;
Mode m_mode{Mode::Ssl_preferred};
Mode_ssl_fips m_ssl_fips_mode{Mode_ssl_fips::Ssl_fips_mode_off};
};
} // namespace xcl
#endif // PLUGIN_X_CLIENT_XSSL_CONFIG_H_
|
