112 lines
3.3 KiB
C++
112 lines
3.3 KiB
C++
/*
|
|
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License, version 2.0,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is also distributed with certain software (including
|
|
* but not limited to OpenSSL) that is licensed under separate terms,
|
|
* as designated in a particular file or component or in included license
|
|
* documentation. The authors of MySQL hereby grant you an additional
|
|
* permission to link the program and your derivative works with the
|
|
* separately licensed software that they have included with MySQL.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License, version 2.0, for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
// MySQL DB access module, for use by plugins and others
|
|
// For the module that implements interactive DB functionality see mod_db
|
|
|
|
#ifndef PLUGIN_X_CLIENT_XSSL_CONFIG_H_
|
|
#define PLUGIN_X_CLIENT_XSSL_CONFIG_H_
|
|
|
|
#include <cstring>
|
|
#include <string>
|
|
|
|
namespace xcl {
|
|
|
|
class Ssl_config {
|
|
public:
|
|
enum class Mode {
|
|
Ssl_disabled,
|
|
Ssl_preferred,
|
|
Ssl_required,
|
|
Ssl_verify_ca,
|
|
Ssl_verify_identity
|
|
};
|
|
|
|
enum class Mode_ssl_fips {
|
|
Ssl_fips_mode_off,
|
|
Ssl_fips_mode_on,
|
|
Ssl_fips_mode_strict,
|
|
};
|
|
|
|
public:
|
|
Ssl_config() = default;
|
|
|
|
Ssl_config(const std::string &ssl_key, const std::string &ssl_ca,
|
|
const std::string &ssl_ca_path, const std::string &ssl_cert,
|
|
const std::string &ssl_cipher, const std::string &ssl_crl,
|
|
const std::string &ssl_crl_path,
|
|
const std::string &ssl_tls_version, const Mode mode,
|
|
const Mode_ssl_fips ssl_fips_mode)
|
|
: m_key(ssl_key),
|
|
m_ca(ssl_ca),
|
|
m_ca_path(ssl_ca_path),
|
|
m_cert(ssl_cert),
|
|
m_cipher(ssl_cipher),
|
|
m_crl(ssl_crl),
|
|
m_crl_path(ssl_crl_path),
|
|
m_tls_version(ssl_tls_version),
|
|
m_mode(mode),
|
|
m_ssl_fips_mode(ssl_fips_mode) {}
|
|
|
|
bool is_configured() const { return Mode::Ssl_disabled != m_mode; }
|
|
|
|
bool does_mode_requires_ssl() const {
|
|
switch (m_mode) {
|
|
case Mode::Ssl_required: // fall-through
|
|
case Mode::Ssl_verify_ca: // fall-through
|
|
case Mode::Ssl_verify_identity:
|
|
return true;
|
|
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
|
|
bool does_mode_requires_ca() const {
|
|
return Mode::Ssl_verify_ca == m_mode || Mode::Ssl_verify_identity == m_mode;
|
|
}
|
|
|
|
bool is_ca_configured() const {
|
|
if (m_ca.empty() && m_ca_path.empty()) return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
std::string m_key;
|
|
std::string m_ca;
|
|
std::string m_ca_path;
|
|
std::string m_cert;
|
|
std::string m_cipher;
|
|
std::string m_crl;
|
|
std::string m_crl_path;
|
|
std::string m_tls_version;
|
|
|
|
Mode m_mode{Mode::Ssl_preferred};
|
|
Mode_ssl_fips m_ssl_fips_mode{Mode_ssl_fips::Ssl_fips_mode_off};
|
|
};
|
|
|
|
} // namespace xcl
|
|
|
|
#endif // PLUGIN_X_CLIENT_XSSL_CONFIG_H_
|