1 /*
2 Copyright (c) 2015, 2021, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23 */
24
25 #include "client_priv.h"
26 #include <vector>
27 #include "mysql_connection_options.h"
28 #include "sslopt-vars.h"
29 #include "instance_callback.h"
30
31 using namespace Mysql::Tools::Base::Options;
32
create_options()33 void Mysql_connection_options::Ssl_options::create_options()
34 {
35 Instance_callback<void, char*, Mysql_connection_options::Ssl_options>
36 callback(this, &Mysql_connection_options::Ssl_options::mode_option_callback);
37
38 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
39 this->create_new_option(&this->m_ssl_mode_string, "ssl-mode",
40 "SSL connection mode.")
41 #ifdef MYSQL_CLIENT
42 ->add_callback(new Instance_callback<void, char*,
43 Mysql_connection_options::Ssl_options>(
44 this, &Mysql_connection_options::Ssl_options::mode_option_callback))
45 #endif
46 ;
47 this->create_new_option(&::opt_ssl_ca, "ssl-ca", "CA file in PEM format.")
48 ->add_callback(new Instance_callback<void, char*,
49 Mysql_connection_options::Ssl_options>(
50 this, &Mysql_connection_options::Ssl_options::ca_option_callback));
51 this->create_new_option(&::opt_ssl_capath, "ssl-capath", "CA directory.")
52 ->add_callback(new Instance_callback<void, char*,
53 Mysql_connection_options::Ssl_options>(
54 this, &Mysql_connection_options::Ssl_options::ca_option_callback));
55 this->create_new_option(&::opt_ssl_cert, "ssl-cert",
56 "X509 cert in PEM format.");
57 this->create_new_option(&::opt_ssl_cipher, "ssl-cipher",
58 "SSL cipher to use.");
59 this->create_new_option(&::opt_ssl_key, "ssl-key",
60 "X509 key in PEM format.");
61 this->create_new_option(&::opt_ssl_crl, "ssl-crl",
62 "Certificate revocation list.");
63 this->create_new_option(&::opt_ssl_crlpath, "ssl-crlpath",
64 "Certificate revocation list path.");
65 this->create_new_option(&::opt_tls_version, "tls-version",
66 "TLS version to use.");
67
68 #ifdef MYSQL_CLIENT
69 this->create_new_option(&this->m_ssl, "ssl",
70 "Deprecated. Use ssl-mode instead.")
71 ->add_callback(new Instance_callback<void, char*,
72 Mysql_connection_options::Ssl_options>(
73 this, &Mysql_connection_options::Ssl_options::use_ssl_option_callback));
74
75 this->create_new_option(&this->m_ssl_verify_server_cert, "ssl-verify-server-cert",
76 "Deprecated. Use ssl-mode=VERIFY_IDENTITY instead.")
77 ->add_callback(new Instance_callback<void, char*,
78 Mysql_connection_options::Ssl_options>(
79 this,
80 &Mysql_connection_options::Ssl_options::ssl_verify_server_cert_callback));
81
82 #endif
83 #endif /* HAVE_OPENSSL */
84 }
85
86
ca_option_callback(char * argument MY_ATTRIBUTE ((unused)))87 void Mysql_connection_options::Ssl_options::ca_option_callback(
88 char *argument MY_ATTRIBUTE((unused)))
89 {
90 if (!ssl_mode_set_explicitly)
91 ::opt_ssl_mode= SSL_MODE_VERIFY_CA;
92 }
93
94
mode_option_callback(char * argument)95 void Mysql_connection_options::Ssl_options::mode_option_callback(
96 char *argument)
97 {
98 ::opt_ssl_mode= find_type_or_exit(argument, &ssl_mode_typelib, "ssl-mode");
99 ssl_mode_set_explicitly= true;
100 }
101
102
apply_for_connection(MYSQL * connection)103 void Mysql_connection_options::Ssl_options::apply_for_connection(
104 MYSQL* connection)
105 {
106 SSL_SET_OPTIONS(connection);
107 }
108
109
use_ssl_option_callback(char * argument MY_ATTRIBUTE ((unused)))110 void Mysql_connection_options::Ssl_options::use_ssl_option_callback(
111 char *argument MY_ATTRIBUTE((unused)))
112 {
113 CLIENT_WARN_DEPRECATED("--ssl", "--ssl-mode");
114 if (!opt_use_ssl_arg)
115 opt_ssl_mode= SSL_MODE_DISABLED;
116 else if (opt_ssl_mode < SSL_MODE_REQUIRED)
117 opt_ssl_mode= SSL_MODE_REQUIRED;
118 }
119
120
ssl_verify_server_cert_callback(char * argument MY_ATTRIBUTE ((unused)))121 void Mysql_connection_options::Ssl_options::ssl_verify_server_cert_callback(
122 char *argument MY_ATTRIBUTE((unused)))
123 {
124 CLIENT_WARN_DEPRECATED("--ssl-verify-server-cert",
125 "--ssl-mode=VERIFY_IDENTITY");
126 if (!opt_ssl_verify_server_cert_arg)
127 {
128 if (opt_ssl_mode >= SSL_MODE_VERIFY_IDENTITY)
129 opt_ssl_mode= SSL_MODE_VERIFY_CA;
130 }
131 else
132 opt_ssl_mode= SSL_MODE_VERIFY_IDENTITY;
133 }