1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
#ifndef _ma_tls_h_
#define _ma_tls_h_
enum enum_pvio_tls_type {
SSL_TYPE_DEFAULT=0,
#ifdef _WIN32
SSL_TYPE_SCHANNEL,
#endif
SSL_TYPE_OPENSSL,
SSL_TYPE_GNUTLS
};
#define PROTOCOL_SSLV3 0
#define PROTOCOL_TLS_1_0 1
#define PROTOCOL_TLS_1_1 2
#define PROTOCOL_TLS_1_2 3
#define PROTOCOL_TLS_1_3 4
#define PROTOCOL_UNKNOWN 5
#define PROTOCOL_MAX PROTOCOL_TLS_1_3
#define TLS_VERSION_LENGTH 64
extern char tls_library_version[TLS_VERSION_LENGTH];
typedef struct st_ma_pvio_tls {
void *data;
MARIADB_PVIO *pvio;
void *ssl;
} MARIADB_TLS;
/* Function prototypes */
/* ma_tls_start
initializes the ssl library
Parameter:
errmsg pointer to error message buffer
errmsg_len length of error message buffer
Returns:
0 success
1 if an error occurred
Notes:
On success the global variable ma_tls_initialized will be set to 1
*/
int ma_tls_start(char *errmsg, size_t errmsg_len);
/* ma_tls_end
unloads/deinitializes ssl library and unsets global variable
ma_tls_initialized
*/
void ma_tls_end(void);
/* ma_tls_init
creates a new SSL structure for a SSL connection and loads
client certificates
Parameters:
MYSQL a mysql structure
Returns:
void * a pointer to internal SSL structure
*/
void * ma_tls_init(MYSQL *mysql);
/* ma_tls_connect
performs SSL handshake
Parameters:
MARIADB_TLS MariaDB SSL container
Returns:
0 success
1 error
*/
my_bool ma_tls_connect(MARIADB_TLS *ctls);
/* ma_tls_read
reads up to length bytes from socket
Parameters:
ctls MariaDB SSL container
buffer read buffer
length buffer length
Returns:
0-n bytes read
-1 if an error occurred
*/
ssize_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
/* ma_tls_write
write buffer to socket
Parameters:
ctls MariaDB SSL container
buffer write buffer
length buffer length
Returns:
0-n bytes written
-1 if an error occurred
*/
ssize_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
/* ma_tls_close
closes SSL connection and frees SSL structure which was previously
created by ma_tls_init call
Parameters:
MARIADB_TLS MariaDB SSL container
Returns:
0 success
1 error
*/
my_bool ma_tls_close(MARIADB_TLS *ctls);
/* ma_tls_verify_server_cert
validation check of server certificate
Parameter:
MARIADB_TLS MariaDB SSL container
Returns:
ß success
1 error
*/
int ma_tls_verify_server_cert(MARIADB_TLS *ctls);
/* ma_tls_get_cipher
returns cipher for current ssl connection
Parameter:
MARIADB_TLS MariaDB SSL container
Returns:
cipher in use or
NULL on error
*/
const char *ma_tls_get_cipher(MARIADB_TLS *ssl);
/* ma_tls_get_finger_print
returns SHA1 finger print of server certificate
Parameter:
MARIADB_TLS MariaDB SSL container
fp buffer for fingerprint
fp_len buffer length
Returns:
actual size of finger print
*/
unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, char *fp, unsigned int fp_len);
/* ma_tls_get_protocol_version
returns protocol version number in use
Parameter:
MARIADB_TLS MariaDB SSL container
Returns:
protocol number
*/
int ma_tls_get_protocol_version(MARIADB_TLS *ctls);
const char *ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls);
int ma_pvio_tls_get_protocol_version_id(MARIADB_TLS *ctls);
/* Function prototypes */
MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
ssize_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
ssize_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
void ma_pvio_tls_end();
#endif /* _ma_tls_h_ */
|