diff options
| author | Georg Richter <georg@mariadb.com> | 2018-12-03 13:55:20 +0100 |
|---|---|---|
| committer | Georg Richter <georg@mariadb.com> | 2018-12-03 13:55:20 +0100 |
| commit | 0513237f82730cd54fa0aabf4a1b7513f0fc8779 (patch) | |
| tree | 0ce53850c6c2058909b1fd1dab45daeb502766f9 /include | |
| parent | 3728b11f879634a7ddab39cb951aedceadba80b1 (diff) | |
| download | mariadb-git-bb_mdev14101.tar.gz | |
MDEV-14101: Provide option to specify tls_version for client toolsbb_mdev14101
Diffstat (limited to 'include')
| -rw-r--r-- | include/sslopt-longopts.h | 5 | ||||
| -rw-r--r-- | include/sslopt-vars.h | 1 | ||||
| -rw-r--r-- | include/violite.h | 15 |
3 files changed, 17 insertions, 4 deletions
diff --git a/include/sslopt-longopts.h b/include/sslopt-longopts.h index e605d0134e7..e940e46816e 100644 --- a/include/sslopt-longopts.h +++ b/include/sslopt-longopts.h @@ -46,6 +46,11 @@ "Certificate revocation list path (implies --ssl).", &opt_ssl_crlpath, &opt_ssl_crlpath, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, + {"tls-version", OPT_TLS_VERSION, + "TLS protocol version for secure connection.", + &opt_tls_version, &opt_tls_version, 0, GET_STR, REQUIRED_ARG, + 0, 0, 0, 0, 0, 0}, + #ifdef MYSQL_CLIENT {"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT, "Verify server's \"Common Name\" in its cert against hostname used " diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index 8e669760faf..9f0d9ecc439 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -30,6 +30,7 @@ SSL_STATIC char *opt_ssl_cipher = 0; SSL_STATIC char *opt_ssl_key = 0; SSL_STATIC char *opt_ssl_crl = 0; SSL_STATIC char *opt_ssl_crlpath = 0; +SSL_STATIC char *opt_tls_version = 0; #ifdef MYSQL_CLIENT SSL_STATIC my_bool opt_ssl_verify_server_cert= 0; #endif diff --git a/include/violite.h b/include/violite.h index 5dcf27dbab1..182c80d04c2 100644 --- a/include/violite.h +++ b/include/violite.h @@ -51,6 +51,11 @@ enum enum_vio_io_event VIO_IO_EVENT_CONNECT }; +#define VIO_TLSv1_0 1 +#define VIO_TLSv1_1 2 +#define VIO_TLSv1_2 4 +#define VIO_TLSv1_3 8 + #define VIO_LOCALHOST 1U /* a localhost connection */ #define VIO_BUFFERED_READ 2U /* use buffered read */ #define VIO_READ_BUFFER_SIZE 16384U /* size of read buffer */ @@ -143,7 +148,8 @@ enum enum_ssl_init_error { SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, - SSL_INITERR_MEMFAIL, SSL_INITERR_DH, SSL_INITERR_LASTERR + SSL_INITERR_MEMFAIL, SSL_INITERR_DH, SSL_INITERR_PROTOCOL, + SSL_INITERR_LASTERR }; const char* sslGetErrString(enum enum_ssl_init_error err); @@ -162,9 +168,10 @@ struct st_VioSSLFd const char *crl_file, const char *crl_path); struct st_VioSSLFd *new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, - const char *ca_file,const char *ca_path, - const char *cipher, enum enum_ssl_init_error *error, - const char *crl_file, const char *crl_path); + const char *ca_file,const char *ca_path, + const char *cipher, enum enum_ssl_init_error *error, + const char *crl_file, const char *crl_path, + long tls_version); void free_vio_ssl_acceptor_fd(struct st_VioSSLFd *fd); #endif /* HAVE_OPENSSL */ |