mariadb/include/sslopt-longopts.h

#ifndef SSLOPT_LONGOPTS_INCLUDED
#define SSLOPT_LONGOPTS_INCLUDED

/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

  {"ssl", OPT_SSL_SSL,
   "Enable SSL for connection (automatically enabled with other flags).",
   &opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
  {"ssl-ca", OPT_SSL_CA,
   "CA file in PEM format (check OpenSSL docs, implies --ssl).",
   &opt_ssl_ca, &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-capath", OPT_SSL_CAPATH,
   "CA directory (check OpenSSL docs, implies --ssl).",
   &opt_ssl_capath, &opt_ssl_capath, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl).",
   &opt_ssl_cert, &opt_ssl_cert, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",
   &opt_ssl_cipher, &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl).",
   &opt_ssl_key, &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
#ifdef MYSQL_CLIENT
  {"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT,
   "Verify server's \"Common Name\" in its cert against hostname used "
   "when connecting. This option is disabled by default.",
   &opt_ssl_verify_server_cert, &opt_ssl_verify_server_cert,
   0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
#endif
#endif /* HAVE_OPENSSL */
#endif /* SSLOPT_LONGOPTS_INCLUDED */
WL#5016: Fix header file include guards Adding header include file guards to files that are missing such. 2009-09-23 23:32:31 +02:00			`#ifndef SSLOPT_LONGOPTS_INCLUDED`
			`#define SSLOPT_LONGOPTS_INCLUDED`

Updated/added copyright headers 2011-06-30 17:46:53 +02:00			`/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.`
Update copyright Fixed memory leak on shutdown (Affects the embedded version & MyODBC) 2001-12-06 13:10:51 +01:00
			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
Many files: Changed header to GPL version 2 only 2006-12-23 20:17:15 +01:00			`the Free Software Foundation; version 2 of the License.`
Update copyright Fixed memory leak on shutdown (Affects the embedded version & MyODBC) 2001-12-06 13:10:51 +01:00
			`This program is distributed in the hope that it will be useful,`
Import changeset 2000-07-31 21:29:14 +02:00			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
Update copyright Fixed memory leak on shutdown (Affects the embedded version & MyODBC) 2001-12-06 13:10:51 +01:00			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
Updated/added copyright headers 2011-06-30 17:46:53 +02:00			`Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */`
Import changeset 2000-07-31 21:29:14 +02:00
Backport of: ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0 Bug#13174: SHA2 function Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle Implement SHA2 functions. Chad added code to make it work with YaSSL. Also, he removed the (probable) bug of embedded server never using SSL-dependent functions. (libmysqld/Makefile.am didn't read ANY autoconf defs.) Function specification: SHA2( string cleartext, integer hash_length ) -> string hash, or NULL where hash_length is one of 224, 256, 384, or 512. If either is NULL or a length is unsupported, then the result is NULL. The resulting string is always the length of the hash_length parameter or is NULL. Include the canonical hash examples from the NIST in the test results. --- Polish and address concerns of reviewers. 2010-04-13 17:04:45 +02:00			`#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)`
Import changeset 2000-07-31 21:29:14 +02:00
Changed mysql, mysqladmin, mysqlshow, mysqldump, mysqlimport, mysqlcheck and myisamchk to use new my_getopt struct. 2002-04-02 19:29:53 +02:00			`{"ssl", OPT_SSL_SSL,`
WL#4738 streamline/simplify @@variable creation process Bug#16565 mysqld --help --verbose does not order variablesBug#20413 sql_slave_skip_counter is not shown in show variables Bug#20415 Output of mysqld --help --verbose is incomplete Bug#25430 variable not found in SELECT @@global.ft_max_word_len; Bug#32902 plugin variables don't know their names Bug#34599 MySQLD Option and Variable Reference need to be consistent in formatting! Bug#34829 No default value for variable and setting default does not raise error Bug#34834 ? Is accepted as a valid sql mode Bug#34878 Few variables have default value according to documentation but error occurs Bug#34883 ft_boolean_syntax cant be assigned from user variable to global var. Bug#37187 `INFORMATION_SCHEMA`.`GLOBAL_VARIABLES`: inconsistent status Bug#40988 log_output_basic.test succeeded though syntactically false. Bug#41010 enum-style command-line options are not honoured (maria.maria-recover fails) Bug#42103 Setting key_buffer_size to a negative value may lead to very large allocations Bug#44691 Some plugins configured as MYSQL_PLUGIN_MANDATORY in can be disabled Bug#44797 plugins w/o command-line options have no disabling option in --help Bug#46314 string system variables don't support expressions Bug#46470 sys_vars.max_binlog_cache_size_basic_32 is broken Bug#46586 When using the plugin interface the type "set" for options caused a crash. Bug#47212 Crash in DBUG_PRINT in mysqltest.cc when trying to print octal number Bug#48758 mysqltest crashes on sys_vars.collation_server_basic in gcov builds Bug#49417 some complaints about mysqld --help --verbose output Bug#49540 DEFAULT value of binlog_format isn't the default value Bug#49640 ambiguous option '--skip-skip-myisam' (double skip prefix) Bug#49644 init_connect and \0 Bug#49645 init_slave and multi-byte characters Bug#49646 mysql --show-warnings crashes when server dies 2009-12-22 10:35:56 +01:00			`"Enable SSL for connection (automatically enabled with other flags).",`
Merge of mysql-5.1-bugteam into mysql-trunk-merge. 2010-06-11 03:30:49 +02:00			`&opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},`
Changed mysql, mysqladmin, mysqlshow, mysqldump, mysqlimport, mysqlcheck and myisamchk to use new my_getopt struct. 2002-04-02 19:29:53 +02:00			`{"ssl-ca", OPT_SSL_CA,`
consistency fix - all help texts for command-line options should end with a dot. 2003-06-13 10:59:02 +02:00			`"CA file in PEM format (check OpenSSL docs, implies --ssl).",`
Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Essentially, the problem is that large parts of the server were developed in simpler times (last decades, pre C99 standard) when strict aliasing and compilers supporting such optimizations were rare to non-existent. Thus, when compiling the server with a modern compiler that uses strict aliasing rules to perform optimizations, there are several places in the code that might trigger undefined behavior. As evinced by some recent bugs, GCC does a somewhat good of job misoptimizing such code, but on the other hand also gives warnings about suspicious code. One problem is that the warnings aren't always accurate, yet we can't afford to just shut them off as we might miss real cases. False-positive cases are aggravated mostly by casts that are likely to trigger undefined behavior. The solution is to start a cleanup process focused on fixing and reducing the amount of strict-aliasing related warnings produced by GCC and others compilers. A good deal of noise reduction can be achieved by just removing useless casts that are product of historical cruft and are likely to trigger undefined behavior if dereferenced. 2010-06-10 22:16:43 +02:00			`&opt_ssl_ca, &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,`
Changed mysql, mysqladmin, mysqlshow, mysqldump, mysqlimport, mysqlcheck and myisamchk to use new my_getopt struct. 2002-04-02 19:29:53 +02:00			`0, 0, 0, 0, 0, 0},`
			`{"ssl-capath", OPT_SSL_CAPATH,`
consistency fix - all help texts for command-line options should end with a dot. 2003-06-13 10:59:02 +02:00			`"CA directory (check OpenSSL docs, implies --ssl).",`
Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Essentially, the problem is that large parts of the server were developed in simpler times (last decades, pre C99 standard) when strict aliasing and compilers supporting such optimizations were rare to non-existent. Thus, when compiling the server with a modern compiler that uses strict aliasing rules to perform optimizations, there are several places in the code that might trigger undefined behavior. As evinced by some recent bugs, GCC does a somewhat good of job misoptimizing such code, but on the other hand also gives warnings about suspicious code. One problem is that the warnings aren't always accurate, yet we can't afford to just shut them off as we might miss real cases. False-positive cases are aggravated mostly by casts that are likely to trigger undefined behavior. The solution is to start a cleanup process focused on fixing and reducing the amount of strict-aliasing related warnings produced by GCC and others compilers. A good deal of noise reduction can be achieved by just removing useless casts that are product of historical cruft and are likely to trigger undefined behavior if dereferenced. 2010-06-10 22:16:43 +02:00			`&opt_ssl_capath, &opt_ssl_capath, 0, GET_STR, REQUIRED_ARG,`
Changed mysql, mysqladmin, mysqlshow, mysqldump, mysqlimport, mysqlcheck and myisamchk to use new my_getopt struct. 2002-04-02 19:29:53 +02:00			`0, 0, 0, 0, 0, 0},`
Bug #1039: tmpdir and datadir not available via @@ system variable syntax Bug #19606: ssl variables are not displayed in show variables Bug #19616: log_queries_not_using_indexes is not listed in show variables Make basedir, datadir, tmpdir, log_queries_not_using_indexes, ssl_ca, ssl_capath, ssl_cert, ssl_cipher, and ssl_key all available both from SHOW VARIABLES and as @@variables. As a side-effect of this change, log_queries_not_using_indexes can be changed at runtime (but only globally, not per-connection). 2006-05-09 01:38:45 +02:00			`{"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl).",`
Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Essentially, the problem is that large parts of the server were developed in simpler times (last decades, pre C99 standard) when strict aliasing and compilers supporting such optimizations were rare to non-existent. Thus, when compiling the server with a modern compiler that uses strict aliasing rules to perform optimizations, there are several places in the code that might trigger undefined behavior. As evinced by some recent bugs, GCC does a somewhat good of job misoptimizing such code, but on the other hand also gives warnings about suspicious code. One problem is that the warnings aren't always accurate, yet we can't afford to just shut them off as we might miss real cases. False-positive cases are aggravated mostly by casts that are likely to trigger undefined behavior. The solution is to start a cleanup process focused on fixing and reducing the amount of strict-aliasing related warnings produced by GCC and others compilers. A good deal of noise reduction can be achieved by just removing useless casts that are product of historical cruft and are likely to trigger undefined behavior if dereferenced. 2010-06-10 22:16:43 +02:00			`&opt_ssl_cert, &opt_ssl_cert, 0, GET_STR, REQUIRED_ARG,`
Bug #1039: tmpdir and datadir not available via @@ system variable syntax Bug #19606: ssl variables are not displayed in show variables Bug #19616: log_queries_not_using_indexes is not listed in show variables Make basedir, datadir, tmpdir, log_queries_not_using_indexes, ssl_ca, ssl_capath, ssl_cert, ssl_cipher, and ssl_key all available both from SHOW VARIABLES and as @@variables. As a side-effect of this change, log_queries_not_using_indexes can be changed at runtime (but only globally, not per-connection). 2006-05-09 01:38:45 +02:00			`0, 0, 0, 0, 0, 0},`
consistency fix - all help texts for command-line options should end with a dot. 2003-06-13 10:59:02 +02:00			`{"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",`
Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Essentially, the problem is that large parts of the server were developed in simpler times (last decades, pre C99 standard) when strict aliasing and compilers supporting such optimizations were rare to non-existent. Thus, when compiling the server with a modern compiler that uses strict aliasing rules to perform optimizations, there are several places in the code that might trigger undefined behavior. As evinced by some recent bugs, GCC does a somewhat good of job misoptimizing such code, but on the other hand also gives warnings about suspicious code. One problem is that the warnings aren't always accurate, yet we can't afford to just shut them off as we might miss real cases. False-positive cases are aggravated mostly by casts that are likely to trigger undefined behavior. The solution is to start a cleanup process focused on fixing and reducing the amount of strict-aliasing related warnings produced by GCC and others compilers. A good deal of noise reduction can be achieved by just removing useless casts that are product of historical cruft and are likely to trigger undefined behavior if dereferenced. 2010-06-10 22:16:43 +02:00			`&opt_ssl_cipher, &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,`
Changed mysql, mysqladmin, mysqlshow, mysqldump, mysqlimport, mysqlcheck and myisamchk to use new my_getopt struct. 2002-04-02 19:29:53 +02:00			`0, 0, 0, 0, 0, 0},`
Bug #1039: tmpdir and datadir not available via @@ system variable syntax Bug #19606: ssl variables are not displayed in show variables Bug #19616: log_queries_not_using_indexes is not listed in show variables Make basedir, datadir, tmpdir, log_queries_not_using_indexes, ssl_ca, ssl_capath, ssl_cert, ssl_cipher, and ssl_key all available both from SHOW VARIABLES and as @@variables. As a side-effect of this change, log_queries_not_using_indexes can be changed at runtime (but only globally, not per-connection). 2006-05-09 01:38:45 +02:00			`{"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl).",`
Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Essentially, the problem is that large parts of the server were developed in simpler times (last decades, pre C99 standard) when strict aliasing and compilers supporting such optimizations were rare to non-existent. Thus, when compiling the server with a modern compiler that uses strict aliasing rules to perform optimizations, there are several places in the code that might trigger undefined behavior. As evinced by some recent bugs, GCC does a somewhat good of job misoptimizing such code, but on the other hand also gives warnings about suspicious code. One problem is that the warnings aren't always accurate, yet we can't afford to just shut them off as we might miss real cases. False-positive cases are aggravated mostly by casts that are likely to trigger undefined behavior. The solution is to start a cleanup process focused on fixing and reducing the amount of strict-aliasing related warnings produced by GCC and others compilers. A good deal of noise reduction can be achieved by just removing useless casts that are product of historical cruft and are likely to trigger undefined behavior if dereferenced. 2010-06-10 22:16:43 +02:00			`&opt_ssl_key, &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,`
Bug #1039: tmpdir and datadir not available via @@ system variable syntax Bug #19606: ssl variables are not displayed in show variables Bug #19616: log_queries_not_using_indexes is not listed in show variables Make basedir, datadir, tmpdir, log_queries_not_using_indexes, ssl_ca, ssl_capath, ssl_cert, ssl_cipher, and ssl_key all available both from SHOW VARIABLES and as @@variables. As a side-effect of this change, log_queries_not_using_indexes can be changed at runtime (but only globally, not per-connection). 2006-05-09 01:38:45 +02:00			`0, 0, 0, 0, 0, 0},`
Bug#17208 SSL: client does not verify server certificate - Add new function 'ssl_verify_server_cert' which is used if we are connecting to the server with SSL. It will compare the hostname in the server's cert against the hostname that we used when connecting to the server. Will reject the connection if hostname does not match. - Add new option "OPT_SSL_VERIFY_SERVER_CERT" to be passed to mysql_options which will turn on checking of servers cert. - Add new argument "ssl-verify-server-cert" to all mysql* clients which will activate the above option. - Generate a new server cert with 1024 bits that has "localhost" as the server name. 2006-04-18 17:58:27 +02:00			`#ifdef MYSQL_CLIENT`
			`{"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT,`
Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations. Essentially, the problem is that large parts of the server were developed in simpler times (last decades, pre C99 standard) when strict aliasing and compilers supporting such optimizations were rare to non-existent. Thus, when compiling the server with a modern compiler that uses strict aliasing rules to perform optimizations, there are several places in the code that might trigger undefined behavior. As evinced by some recent bugs, GCC does a somewhat good of job misoptimizing such code, but on the other hand also gives warnings about suspicious code. One problem is that the warnings aren't always accurate, yet we can't afford to just shut them off as we might miss real cases. False-positive cases are aggravated mostly by casts that are likely to trigger undefined behavior. The solution is to start a cleanup process focused on fixing and reducing the amount of strict-aliasing related warnings produced by GCC and others compilers. A good deal of noise reduction can be achieved by just removing useless casts that are product of historical cruft and are likely to trigger undefined behavior if dereferenced. 2010-06-10 22:16:43 +02:00			`"Verify server's \"Common Name\" in its cert against hostname used "`
			`"when connecting. This option is disabled by default.",`
			`&opt_ssl_verify_server_cert, &opt_ssl_verify_server_cert,`
Merge of mysql-5.1-bugteam into mysql-trunk-merge. 2010-06-11 03:30:49 +02:00			`0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},`
Bug#17208 SSL: client does not verify server certificate - Add new function 'ssl_verify_server_cert' which is used if we are connecting to the server with SSL. It will compare the hostname in the server's cert against the hostname that we used when connecting to the server. Will reject the connection if hostname does not match. - Add new option "OPT_SSL_VERIFY_SERVER_CERT" to be passed to mysql_options which will turn on checking of servers cert. - Add new argument "ssl-verify-server-cert" to all mysql* clients which will activate the above option. - Generate a new server cert with 1024 bits that has "localhost" as the server name. 2006-04-18 17:58:27 +02:00			`#endif`
Import changeset 2000-07-31 21:29:14 +02:00			`#endif /* HAVE_OPENSSL */`
WL#5016: Fix header file include guards Adding header include file guards to files that are missing such. 2009-09-23 23:32:31 +02:00			`#endif /* SSLOPT_LONGOPTS_INCLUDED */`