1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
/* Copyright (c) 2020, 2025, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is designed to work with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have either included with
the program or referenced in the documentation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
#ifndef SSL_ACCEPTOR_CONTEXT_OPERATOR
#define SSL_ACCEPTOR_CONTEXT_OPERATOR
#include <my_rcu_lock.h> /* MyRcuLock */
#include "sql/ssl_acceptor_context_data.h" /** Ssl_acceptor_context_data */
/* Types of supported contexts */
enum class Ssl_acceptor_context_type {
context_server_main = 0,
context_server_admin,
context_last
};
class Lock_and_access_ssl_acceptor_context;
class TLS_channel;
/** TLS context access protector */
class Ssl_acceptor_context_container {
protected:
Ssl_acceptor_context_container(Ssl_acceptor_context_data *data);
~Ssl_acceptor_context_container();
void switch_data(Ssl_acceptor_context_data *new_data);
using Ssl_acceptor_context_data_lock = MyRcuLock<Ssl_acceptor_context_data>;
Ssl_acceptor_context_data_lock *lock_;
/* F.R.I.E.N.D.S. */
friend class Lock_and_access_ssl_acceptor_context;
friend class TLS_channel;
};
extern Ssl_acceptor_context_container *mysql_main;
extern Ssl_acceptor_context_container *mysql_admin;
/** TLS context manager */
class TLS_channel {
public:
/**
Initialize the single instance of the acceptor
@param [out] out Object initialized by the function
@param [in] channel Name of the channel
@param [in] use_ssl_arg Pass false if you don't want the actual
SSL context created
(as in when SSL is initially disabled)
@param [in] callbacks Handle to the initialization callback object
@param [in] db_init Whether database is being initialized or not
@returns Initialization status
@retval true failure to init
@retval false initialized ok
*/
static bool singleton_init(Ssl_acceptor_context_container **out,
std::string channel, bool use_ssl_arg,
Ssl_init_callback *callbacks, bool db_init);
/**
De-initialize the single instance of the acceptor
@param [in] container TLS acceptor context object
*/
static void singleton_deinit(Ssl_acceptor_context_container *container);
/**
Re-initialize the single instance of the acceptor
@param [in,out] container TLS acceptor context object
@param [in] channel Name of the channel
@param [in] callbacks Handle to the initialization callback object
@param [out] error SSL Error information
@param [in] force Activate the SSL settings even if this will lead
to disabling SSL
*/
static void singleton_flush(Ssl_acceptor_context_container *container,
std::string channel, Ssl_init_callback *callbacks,
enum enum_ssl_init_error *error, bool force);
};
using Ssl_acceptor_context_data_lock = MyRcuLock<Ssl_acceptor_context_data>;
/** TLS context access wrapper for ease of use */
class Lock_and_access_ssl_acceptor_context {
public:
Lock_and_access_ssl_acceptor_context(Ssl_acceptor_context_container *context)
: read_lock_(context->lock_) {}
~Lock_and_access_ssl_acceptor_context() = default;
/** Access protected @ref Ssl_acceptor_context_data */
operator const Ssl_acceptor_context_data *() {
const Ssl_acceptor_context_data *c = read_lock_;
return c;
}
/**
Access to the SSL_CTX from the protected @ref Ssl_acceptor_context_data
*/
operator SSL_CTX *() {
const Ssl_acceptor_context_data *c = read_lock_;
return c->ssl_acceptor_fd_->ssl_context;
}
/**
Access to the SSL from the protected @ref Ssl_acceptor_context_data
*/
operator SSL *() {
const Ssl_acceptor_context_data *c = read_lock_;
return c->acceptor_;
}
/**
Access to st_VioSSLFd from the protected @ref Ssl_acceptor_context_data
*/
operator struct st_VioSSLFd *() {
const Ssl_acceptor_context_data *c = read_lock_;
return c->ssl_acceptor_fd_;
}
/**
Fetch given property from underlying TLS context
@param [in] property_type Property to be fetched
@returns Value of property for given context. Empty in case of failure.
*/
std::string show_property(Ssl_acceptor_context_property_type property_type);
/**
Fetch channel name
@returns Name of underlying channel
*/
std::string channel_name();
/**
TLS context validity
@returns Validity of TLS context
@retval true Valid
@retval false Invalid
*/
bool have_ssl();
private:
/** Read lock over TLS context */
Ssl_acceptor_context_data_lock::ReadLock read_lock_;
};
bool have_ssl();
#endif // SSL_ACCEPTOR_CONTEXT_OPERATOR
|
