mirror of
https://github.com/MariaDB/server.git
synced 2025-01-26 16:54:15 +01:00
83 lines
3.9 KiB
C
83 lines
3.9 KiB
C
#ifndef SSLOPT_VARS_INCLUDED
|
|
#define SSLOPT_VARS_INCLUDED
|
|
|
|
/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
|
|
|
|
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
|
|
#ifdef SSL_VARS_NOT_STATIC
|
|
#define SSL_STATIC
|
|
#else
|
|
#define SSL_STATIC static
|
|
#endif
|
|
SSL_STATIC my_bool opt_use_ssl = 1;
|
|
SSL_STATIC char *opt_ssl_ca = 0;
|
|
SSL_STATIC char *opt_ssl_capath = 0;
|
|
SSL_STATIC char *opt_ssl_cert = 0;
|
|
SSL_STATIC char *opt_ssl_cipher = 0;
|
|
SSL_STATIC char *opt_ssl_key = 0;
|
|
SSL_STATIC char *opt_ssl_crl = 0;
|
|
SSL_STATIC char *opt_ssl_crlpath = 0;
|
|
SSL_STATIC char *opt_tls_version = 0;
|
|
#ifdef MYSQL_CLIENT
|
|
SSL_STATIC char *opt_ssl_fp = 0;
|
|
SSL_STATIC char *opt_ssl_fplist = 0;
|
|
SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
|
|
|
|
#define SET_SSL_OPTS(M) \
|
|
do { \
|
|
if (opt_use_ssl) \
|
|
{ \
|
|
mysql_ssl_set((M), opt_ssl_key, opt_ssl_cert, opt_ssl_ca, \
|
|
opt_ssl_capath, opt_ssl_cipher); \
|
|
mysql_options((M), MYSQL_OPT_SSL_CRL, opt_ssl_crl); \
|
|
mysql_options((M), MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); \
|
|
mysql_options((M), MARIADB_OPT_TLS_VERSION, opt_tls_version); \
|
|
mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp); \
|
|
mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \
|
|
} \
|
|
else \
|
|
opt_ssl_verify_server_cert= 0; \
|
|
mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT, \
|
|
&opt_ssl_verify_server_cert); \
|
|
} while(0)
|
|
|
|
/*
|
|
let's disable opt_ssl_verify_server_cert if neither CA nor FP and
|
|
nor password were specified and the protocol is TCP.
|
|
*/
|
|
#define SET_SSL_OPTS_WITH_CHECK(M) \
|
|
do { \
|
|
if (opt_use_ssl && opt_ssl_verify_server_cert==2 && \
|
|
!(opt_ssl_ca && opt_ssl_ca[0]) && \
|
|
!(opt_ssl_capath && opt_ssl_capath[0]) && \
|
|
!(opt_ssl_fp && opt_ssl_fp[0]) && \
|
|
!(opt_ssl_fplist && opt_ssl_fplist[0]) && \
|
|
!(opt_password && opt_password[0]) && \
|
|
opt_protocol == MYSQL_PROTOCOL_TCP) \
|
|
{ \
|
|
fprintf(stderr, "WARNING: option --ssl-verify-server-cert is " \
|
|
"disabled, because of an insecure passwordless login.\n");\
|
|
opt_ssl_verify_server_cert= 0; \
|
|
} \
|
|
SET_SSL_OPTS(M); \
|
|
} while (0)
|
|
|
|
#endif
|
|
#else
|
|
#define SET_SSL_OPTS(M) do { } while(0)
|
|
#define SET_SSL_OPTS_WITH_CHECK(M) do { } while(0)
|
|
#endif
|
|
#endif /* SSLOPT_VARS_INCLUDED */
|