summaryrefslogtreecommitdiff
path: root/sql
diff options
context:
space:
mode:
Diffstat (limited to 'sql')
-rw-r--r--sql/mysqld.cc63
-rw-r--r--sql/mysqld.h2
-rw-r--r--sql/sys_vars.cc33
3 files changed, 39 insertions, 59 deletions
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index 77736607e22..3484ff87da3 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -1504,8 +1504,8 @@ HANDLE smem_event_connect_request= 0;
my_bool opt_use_ssl = 0;
char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ssl_cert= NULL,
*opt_ssl_cipher= NULL, *opt_ssl_key= NULL, *opt_ssl_crl= NULL,
- *opt_ssl_crlpath= NULL;
-
+ *opt_ssl_crlpath= NULL, *opt_tls_version= NULL;
+long tls_version= 0;
static scheduler_functions thread_scheduler_struct, extra_thread_scheduler_struct;
scheduler_functions *thread_scheduler= &thread_scheduler_struct,
@@ -4865,7 +4865,8 @@ static void init_ssl()
ssl_acceptor_fd= new_VioSSLAcceptorFd(opt_ssl_key, opt_ssl_cert,
opt_ssl_ca, opt_ssl_capath,
opt_ssl_cipher, &error,
- opt_ssl_crl, opt_ssl_crlpath);
+ opt_ssl_crl, opt_ssl_crlpath,
+ tls_version);
DBUG_PRINT("info",("ssl_acceptor_fd: %p", ssl_acceptor_fd));
if (!ssl_acceptor_fd)
{
@@ -7922,16 +7923,6 @@ static int show_ssl_ctx_sess_accept_good(THD *thd, SHOW_VAR *var, char *buff,
return 0;
}
-static int show_ssl_ctx_sess_connect_good(THD *thd, SHOW_VAR *var, char *buff,
- enum enum_var_type scope)
-{
- var->type= SHOW_LONG;
- var->value= buff;
- *((long *)buff)= (!ssl_acceptor_fd ? 0 :
- SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context));
- return 0;
-}
-
static int show_ssl_ctx_sess_accept_renegotiate(THD *thd, SHOW_VAR *var,
char *buff,
enum enum_var_type scope)
@@ -7943,17 +7934,6 @@ static int show_ssl_ctx_sess_accept_renegotiate(THD *thd, SHOW_VAR *var,
return 0;
}
-static int show_ssl_ctx_sess_connect_renegotiate(THD *thd, SHOW_VAR *var,
- char *buff,
- enum enum_var_type scope)
-{
- var->type= SHOW_LONG;
- var->value= buff;
- *((long *)buff)= (!ssl_acceptor_fd ? 0 :
- SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context));
- return 0;
-}
-
static int show_ssl_ctx_sess_cb_hits(THD *thd, SHOW_VAR *var, char *buff,
enum enum_var_type scope)
{
@@ -8014,16 +7994,6 @@ static int show_ssl_ctx_sess_number(THD *thd, SHOW_VAR *var, char *buff,
return 0;
}
-static int show_ssl_ctx_sess_connect(THD *thd, SHOW_VAR *var, char *buff,
- enum enum_var_type scope)
-{
- var->type= SHOW_LONG;
- var->value= buff;
- *((long *)buff)= (!ssl_acceptor_fd ? 0 :
- SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context));
- return 0;
-}
-
static int show_ssl_ctx_sess_get_cache_size(THD *thd, SHOW_VAR *var,
char *buff,
enum enum_var_type scope)
@@ -8035,26 +8005,6 @@ static int show_ssl_ctx_sess_get_cache_size(THD *thd, SHOW_VAR *var,
return 0;
}
-static int show_ssl_ctx_get_verify_mode(THD *thd, SHOW_VAR *var, char *buff,
- enum enum_var_type scope)
-{
- var->type= SHOW_LONG;
- var->value= buff;
- *((long *)buff)= (!ssl_acceptor_fd ? 0 :
- SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context));
- return 0;
-}
-
-static int show_ssl_ctx_get_verify_depth(THD *thd, SHOW_VAR *var, char *buff,
- enum enum_var_type scope)
-{
- var->type= SHOW_LONG;
- var->value= buff;
- *((long *)buff)= (!ssl_acceptor_fd ? 0 :
- SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context));
- return 0;
-}
-
static int show_ssl_ctx_get_session_cache_mode(THD *thd, SHOW_VAR *var,
char *buff,
enum enum_var_type scope)
@@ -8542,13 +8492,8 @@ SHOW_VAR status_vars[]= {
{"Ssl_callback_cache_hits", (char*) &show_ssl_ctx_sess_cb_hits, SHOW_SIMPLE_FUNC},
{"Ssl_cipher", (char*) &show_ssl_get_cipher, SHOW_SIMPLE_FUNC},
{"Ssl_cipher_list", (char*) &show_ssl_get_cipher_list, SHOW_SIMPLE_FUNC},
- {"Ssl_client_connects", (char*) &show_ssl_ctx_sess_connect, SHOW_SIMPLE_FUNC},
- {"Ssl_connect_renegotiates", (char*) &show_ssl_ctx_sess_connect_renegotiate, SHOW_SIMPLE_FUNC},
- {"Ssl_ctx_verify_depth", (char*) &show_ssl_ctx_get_verify_depth, SHOW_SIMPLE_FUNC},
- {"Ssl_ctx_verify_mode", (char*) &show_ssl_ctx_get_verify_mode, SHOW_SIMPLE_FUNC},
{"Ssl_default_timeout", (char*) &show_ssl_get_default_timeout, SHOW_SIMPLE_FUNC},
{"Ssl_finished_accepts", (char*) &show_ssl_ctx_sess_accept_good, SHOW_SIMPLE_FUNC},
- {"Ssl_finished_connects", (char*) &show_ssl_ctx_sess_connect_good, SHOW_SIMPLE_FUNC},
{"Ssl_server_not_after", (char*) &show_ssl_get_server_not_after, SHOW_SIMPLE_FUNC},
{"Ssl_server_not_before", (char*) &show_ssl_get_server_not_before, SHOW_SIMPLE_FUNC},
{"Ssl_session_cache_hits", (char*) &show_ssl_ctx_sess_hits, SHOW_SIMPLE_FUNC},
diff --git a/sql/mysqld.h b/sql/mysqld.h
index b02bd9fb1f6..3a1109a69b2 100644
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@@ -588,6 +588,7 @@ extern int32 thread_count, service_thread_count;
extern char *opt_ssl_ca, *opt_ssl_capath, *opt_ssl_cert, *opt_ssl_cipher,
*opt_ssl_key, *opt_ssl_crl, *opt_ssl_crlpath;
+extern long tls_version;
extern MYSQL_PLUGIN_IMPORT pthread_key(THD*, THR_THD);
@@ -650,6 +651,7 @@ enum options_mysqld
OPT_WSREP_SYNC_WAIT,
#endif /* WITH_WSREP */
OPT_MYSQL_COMPATIBILITY,
+ OPT_TLS_VERSION,
OPT_MYSQL_TO_BE_IMPLEMENTED,
OPT_which_is_always_the_last
};
diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
index 391772d1191..4b8e6eca8b8 100644
--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@@ -3198,6 +3198,39 @@ static Sys_var_charptr Sys_ssl_crlpath(
READ_ONLY GLOBAL_VAR(opt_ssl_crlpath), SSL_OPT(OPT_SSL_CRLPATH),
IN_FS_CHARSET, DEFAULT(0));
+static const char *tls_version_names[]=
+{
+ "TLSv1.0", "TLSv1.1",
+#ifdef TLS1_2_VERSION
+ "TLSv1.2",
+#endif
+#ifdef TLS1_3_VERSION
+ "TLSv1.3",
+#endif
+ 0
+};
+
+export bool tls_version_string_representation(THD *thd, sql_mode_t sql_mode,
+ LEX_STRING *ls)
+{
+ set_to_string(thd, ls, tls_version, tls_version_names);
+ return ls->str == 0;
+}
+
+static Sys_var_set Sys_tls_version(
+ "tls_version",
+ "TLS protocol version for secure connections.",
+ READ_ONLY GLOBAL_VAR(tls_version), CMD_LINE(REQUIRED_ARG),
+ tls_version_names,
+ DEFAULT(VIO_TLSv1_0 | VIO_TLSv1_1
+#ifdef TLS1_2_VERSION
+ | VIO_TLSv1_2
+#endif
+#ifdef TLS1_3_VERSION
+ | VIO_TLSv1_3
+#endif
+ ));
+
static Sys_var_mybool Sys_standard_compliant_cte(
"standard_compliant_cte",
"Allow only CTEs compliant to SQL standard",
View Lorry Controller Status