Skip to content

Commit dad63f0

Browse files
Bogdan Degtyariovsilvakid
Bogdan Degtyariov
authored and
silvakid
committed
Added ssl-enable, ssl-ca and ssl-ca-path options into XAPI
1 parent ecae40c commit dad63f0

File tree

4 files changed

+212
-36
lines changed

4 files changed

+212
-36
lines changed

include/mysql_xapi.h

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -334,7 +334,9 @@ typedef enum mysqlx_opt_type_enum
334334
MYSQLX_OPT_USER = 3,
335335
MYSQLX_OPT_PWD = 4,
336336
MYSQLX_OPT_DB = 5,
337-
MYSQLX_OPT_SSL_ENABLE = 6
337+
MYSQLX_OPT_SSL_ENABLE = 6,
338+
MYSQLX_OPT_SSL_CA = 7,
339+
MYSQLX_OPT_SSL_CA_PATH = 8
338340
}
339341
mysqlx_opt_type_t;
340342

xapi/mysqlx.cc

Lines changed: 43 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1716,17 +1716,29 @@ mysqlx_session_option_set(mysqlx_session_options_t *opt, mysqlx_opt_type_t type,
17161716
char_data = "";
17171717
opt->set_database(char_data);
17181718
break;
1719-
case MYSQLX_OPT_SSL_ENABLE:
17201719
#ifdef WITH_SSL
1720+
case MYSQLX_OPT_SSL_ENABLE:
17211721
uint_data = va_arg(args, unsigned int);
17221722
opt->set_tls(uint_data > 0);
1723+
break;
1724+
case MYSQLX_OPT_SSL_CA:
1725+
char_data = va_arg(args, char*);
1726+
opt->set_ssl_ca(char_data);
1727+
break;
1728+
case MYSQLX_OPT_SSL_CA_PATH:
1729+
char_data = va_arg(args, char*);
1730+
opt->set_ssl_ca_path(char_data);
1731+
break;
17231732
#else
1733+
case MYSQLX_OPT_SSL_ENABLE:
1734+
case MYSQLX_OPT_SSL_CA:
1735+
case MYSQLX_OPT_SSL_CA_PATH:
17241736
opt->set_diagnostic(
17251737
"Can not create TLS session - this connector is built"
17261738
" without TLS support.", 0
17271739
);
1740+
break;
17281741
#endif
1729-
break;
17301742
default:
17311743
opt->set_diagnostic("Invalid option value", 0);
17321744
rc = RESULT_ERROR;
@@ -1737,7 +1749,7 @@ mysqlx_session_option_set(mysqlx_session_options_t *opt, mysqlx_opt_type_t type,
17371749
SAFE_EXCEPTION_END(opt, RESULT_ERROR)
17381750
}
17391751

1740-
#define CHAR_OUTPUT_BUF(V) V = va_arg(args, char*); \
1752+
#define CHECK_OUTPUT_BUF(V, T) V = va_arg(args, T); \
17411753
if (V == NULL) \
17421754
{ \
17431755
opt->set_diagnostic(MYSQLX_ERROR_OUTPUT_BUFFER_NULL, 0); \
@@ -1759,25 +1771,48 @@ mysqlx_session_option_get(mysqlx_session_options_t *opt, mysqlx_opt_type_t type,
17591771
switch(type)
17601772
{
17611773
case MYSQLX_OPT_HOST:
1762-
CHAR_OUTPUT_BUF(char_data)
1774+
CHECK_OUTPUT_BUF(char_data, char*)
17631775
strcpy(char_data, opt->get_host().data());
17641776
break;
17651777
case MYSQLX_OPT_PORT:
1766-
uint_data = va_arg(args, unsigned int*);
1778+
CHECK_OUTPUT_BUF(uint_data, unsigned int*)
17671779
*uint_data = opt->get_port();
17681780
break;
17691781
case MYSQLX_OPT_USER:
1770-
CHAR_OUTPUT_BUF(char_data)
1782+
CHECK_OUTPUT_BUF(char_data, char*)
17711783
strcpy(char_data, opt->get_user().data());
17721784
break;
17731785
case MYSQLX_OPT_PWD:
1774-
CHAR_OUTPUT_BUF(char_data)
1786+
CHECK_OUTPUT_BUF(char_data, char*)
17751787
strcpy(char_data, opt->get_password().data());
17761788
break;
17771789
case MYSQLX_OPT_DB:
1778-
CHAR_OUTPUT_BUF(char_data)
1790+
CHECK_OUTPUT_BUF(char_data, char*)
17791791
strcpy(char_data, opt->get_db().data());
17801792
break;
1793+
#ifdef WITH_SSL
1794+
case MYSQLX_OPT_SSL_ENABLE:
1795+
CHECK_OUTPUT_BUF(uint_data, unsigned int*)
1796+
*uint_data = opt->get_tls().use_tls() ? 1 : 0;
1797+
break;
1798+
case MYSQLX_OPT_SSL_CA:
1799+
CHECK_OUTPUT_BUF(char_data, char*)
1800+
strcpy(char_data, opt->get_tls().get_ca().data());
1801+
break;
1802+
case MYSQLX_OPT_SSL_CA_PATH:
1803+
CHECK_OUTPUT_BUF(char_data, char*)
1804+
strcpy(char_data, opt->get_tls().get_ca_path().data());
1805+
break;
1806+
#else
1807+
case MYSQLX_OPT_SSL_ENABLE:
1808+
case MYSQLX_OPT_SSL_CA:
1809+
case MYSQLX_OPT_SSL_CA_PATH:
1810+
opt->set_diagnostic(
1811+
"Can not create TLS session - this connector is built"
1812+
" without TLS support.", 0
1813+
);
1814+
break;
1815+
#endif
17811816
default:
17821817
opt->set_diagnostic("Invalid option value", 0);
17831818
rc = RESULT_ERROR;

xapi/mysqlx_cc_internal.h

Lines changed: 72 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -366,6 +366,7 @@ typedef struct mysqlx_session_options_struct : public Mysqlx_diag,
366366
/* The pointer is used because TCPIP options
367367
can only be set in the constructor */
368368
cdk::ds::TCPIP *m_tcp;
369+
cdk::connection::TLS::Options m_tls_options;
369370

370371
public:
371372
mysqlx_session_options_struct() : m_tcp(NULL)
@@ -388,9 +389,10 @@ typedef struct mysqlx_session_options_struct : public Mysqlx_diag,
388389
if (db)
389390
set_database(*db);
390391

391-
#ifdef WITH_SSL
392+
// This call must be made at all times because SSL is enabled by default
392393
set_tls(ssl_enable);
393-
#else
394+
395+
#ifndef WITH_SSL
394396
if (ssl_enable)
395397
set_diagnostic(
396398
"Can not create TLS session - this connector is built"
@@ -401,6 +403,7 @@ typedef struct mysqlx_session_options_struct : public Mysqlx_diag,
401403

402404
mysqlx_session_options_struct(const std::string &conn_str) : m_tcp(NULL)
403405
{
406+
set_tls(false);
404407
parser::parse_conn_str(conn_str, *this);
405408
}
406409

@@ -434,30 +437,88 @@ typedef struct mysqlx_session_options_struct : public Mysqlx_diag,
434437
m_port = port;
435438
}
436439

440+
std::string get_host() { return m_host; }
441+
unsigned int get_port() { return m_port; }
442+
std::string get_user() { return m_usr; }
443+
std::string get_password() { return m_pwd; }
444+
std::string get_db() { return m_db; }
445+
446+
void set_use_tls(bool tls)
447+
{
448+
if (tls)
449+
set_tls(m_tls_options);
450+
else
451+
set_tls(false);
452+
}
453+
454+
void set_ssl_ca(const string &ca)
455+
{
456+
m_tls_options.set_ca(ca);
457+
set_tls(m_tls_options);
458+
}
459+
460+
void set_ssl_ca_path(const string &ca_path)
461+
{
462+
m_tls_options.set_ca_path(ca_path);
463+
set_tls(m_tls_options);
464+
}
465+
466+
void set_ssl_key(const string &key)
467+
{
468+
m_tls_options.set_key(key);
469+
set_tls(m_tls_options);
470+
}
471+
437472
// Implementing URI_Processor interface
438473
void path(const std::string &path)
439-
{ set_database(path); }
474+
{
475+
set_database(path);
476+
}
440477

441478
void key_val(const std::string& key)
442479
{
443-
if (key.compare("ssl-enable") == 0)
480+
if (key.find("ssl-", 0) == 0)
444481
{
445482
#ifdef WITH_SSL
446-
set_tls(true);
483+
if (key.compare("ssl-enable") == 0)
484+
{
485+
set_tls(true);
486+
}
447487
#else
448488
set_diagnostic(
449489
"Can not create TLS session - this connector is built"
450490
" without TLS support.", 0
451-
);
491+
);
452492
#endif
453493
}
454494
}
455495

456-
std::string get_host() { return m_host; }
457-
unsigned int get_port() { return m_port; }
458-
std::string get_user() { return m_usr; }
459-
std::string get_password() { return m_pwd; }
460-
std::string get_db() { return m_db; }
496+
void key_val(const std::string& key, const std::string& val)
497+
{
498+
if (key.find("ssl-", 0) == 0)
499+
{
500+
#ifdef WITH_SSL
501+
if (key.compare("ssl-ca") == 0)
502+
{
503+
set_ssl_ca(val);
504+
}
505+
else if (key.compare("ssl-ca-path") == 0)
506+
{
507+
set_ssl_ca_path(val);
508+
}
509+
else if (key.compare("ssl-key") == 0)
510+
{
511+
set_ssl_key(val);
512+
}
513+
#else
514+
set_diagnostic(
515+
"Can not create TLS session - this connector is built"
516+
" without TLS support.", 0
517+
);
518+
#endif
519+
}
520+
}
521+
461522

462523
~mysqlx_session_options_struct()
463524
{

0 commit comments

Comments
 (0)