summaryrefslogtreecommitdiffstats
path: root/libmariadb/include/ma_tls.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--libmariadb/include/ma_tls.h161
1 files changed, 161 insertions, 0 deletions
diff --git a/libmariadb/include/ma_tls.h b/libmariadb/include/ma_tls.h
new file mode 100644
index 00000000..9ce49e7c
--- /dev/null
+++ b/libmariadb/include/ma_tls.h
@@ -0,0 +1,161 @@
+#ifndef _ma_tls_h_
+#define _ma_tls_h_
+
+enum enum_pvio_tls_type {
+ SSL_TYPE_DEFAULT=0,
+#ifdef _WIN32
+ SSL_TYPE_SCHANNEL,
+#endif
+ SSL_TYPE_OPENSSL,
+ SSL_TYPE_GNUTLS
+};
+
+#define PROTOCOL_SSLV3 0
+#define PROTOCOL_TLS_1_0 1
+#define PROTOCOL_TLS_1_1 2
+#define PROTOCOL_TLS_1_2 3
+#define PROTOCOL_TLS_1_3 4
+#define PROTOCOL_UNKNOWN 5
+#define PROTOCOL_MAX PROTOCOL_TLS_1_3
+
+#define TLS_VERSION_LENGTH 64
+extern char tls_library_version[TLS_VERSION_LENGTH];
+
+typedef struct st_ma_pvio_tls {
+ void *data;
+ MARIADB_PVIO *pvio;
+ void *ssl;
+} MARIADB_TLS;
+
+/* Function prototypes */
+
+/* ma_tls_start
+ initializes the ssl library
+ Parameter:
+ errmsg pointer to error message buffer
+ errmsg_len length of error message buffer
+ Returns:
+ 0 success
+ 1 if an error occurred
+ Notes:
+ On success the global variable ma_tls_initialized will be set to 1
+*/
+int ma_tls_start(char *errmsg, size_t errmsg_len);
+
+/* ma_tls_end
+ unloads/deinitializes ssl library and unsets global variable
+ ma_tls_initialized
+*/
+void ma_tls_end(void);
+
+/* ma_tls_init
+ creates a new SSL structure for a SSL connection and loads
+ client certificates
+
+ Parameters:
+ MYSQL a mysql structure
+ Returns:
+ void * a pointer to internal SSL structure
+*/
+void * ma_tls_init(MYSQL *mysql);
+
+/* ma_tls_connect
+ performs SSL handshake
+ Parameters:
+ MARIADB_TLS MariaDB SSL container
+ Returns:
+ 0 success
+ 1 error
+*/
+my_bool ma_tls_connect(MARIADB_TLS *ctls);
+
+/* ma_tls_read
+ reads up to length bytes from socket
+ Parameters:
+ ctls MariaDB SSL container
+ buffer read buffer
+ length buffer length
+ Returns:
+ 0-n bytes read
+ -1 if an error occurred
+*/
+ssize_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
+
+/* ma_tls_write
+ write buffer to socket
+ Parameters:
+ ctls MariaDB SSL container
+ buffer write buffer
+ length buffer length
+ Returns:
+ 0-n bytes written
+ -1 if an error occurred
+*/
+ssize_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
+
+/* ma_tls_close
+ closes SSL connection and frees SSL structure which was previously
+ created by ma_tls_init call
+ Parameters:
+ MARIADB_TLS MariaDB SSL container
+ Returns:
+ 0 success
+ 1 error
+*/
+my_bool ma_tls_close(MARIADB_TLS *ctls);
+
+/* ma_tls_verify_server_cert
+ validation check of server certificate
+ Parameter:
+ MARIADB_TLS MariaDB SSL container
+ Returns:
+ ß success
+ 1 error
+*/
+int ma_tls_verify_server_cert(MARIADB_TLS *ctls);
+
+/* ma_tls_get_cipher
+ returns cipher for current ssl connection
+ Parameter:
+ MARIADB_TLS MariaDB SSL container
+ Returns:
+ cipher in use or
+ NULL on error
+*/
+const char *ma_tls_get_cipher(MARIADB_TLS *ssl);
+
+/* ma_tls_get_finger_print
+ returns SHA1 finger print of server certificate
+ Parameter:
+ MARIADB_TLS MariaDB SSL container
+ fp buffer for fingerprint
+ fp_len buffer length
+ Returns:
+ actual size of finger print
+*/
+unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, char *fp, unsigned int fp_len);
+
+/* ma_tls_get_protocol_version
+ returns protocol version number in use
+ Parameter:
+ MARIADB_TLS MariaDB SSL container
+ Returns:
+ protocol number
+*/
+int ma_tls_get_protocol_version(MARIADB_TLS *ctls);
+const char *ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls);
+int ma_pvio_tls_get_protocol_version_id(MARIADB_TLS *ctls);
+
+/* Function prototypes */
+MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
+my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
+ssize_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
+ssize_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
+my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
+int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
+const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
+my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
+my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
+void ma_pvio_tls_end();
+
+#endif /* _ma_tls_h_ */