MySQL NDB Cluster API Developer Guide
The functions described in this section were added in NDB 8.3 to support Transport Layer Security for communications between nodes. Also included in this section is information about two data structures used by some of these functions.
For additional information about TLS support in NDB Cluster, see TLS Link Encryption for NDB Cluster.
Frees a linked list of certificate descriptions.
void ndb_mgm_cert_table_free
(
struct ndb_mgm_cert_table **list
)
A linked list of
ndb_mgm_cert_table
certificate descriptions
none
Connects to a management server. This function wraps a
call to
ndb_mgm_connect(),
followed by a call to
ndb_mgm_start_tls().
The user must first have called
ndb_mgm_set_ssl_ctx()
before invoking this function.
Unlike the case with
ndb_mgm_connect(),
ndb_mgm_connect_tls() cannot be
called on a handle which is already connected; such an
attempt fails with error
NDB_MGM_ALREADY_CONNECTED.
int ndb_mgm_connect_tls
(
NdbMgmHandle handle,
int no_retries,
int retry_delay_in_seconds,
int verbose,
int tls_req_level
)
Management server handle
(NdbMgmHandle).
Number of times to make connection attempts
(0 means connect once).
How long to wait before performing each retry for a connection.
Print out reports regarding connect retries.
This parameter can take either of the following two values:
CLIENT_TLS_RELAXED: TLS
authentication failures still result in
errors, but a missing certificate or server
refusal results in a succesful cleartext
connection.
CLIENT_TLS_STRICT: Any
failure to establish TLS is treated as an
error, and the connection is closed.
none
Get server TLS statistics
int ndb_mgm_get_tls_stats
(
NdbMgmHandle handle,
struct ndb_mgm_tls_stats *result
)
Management server handle
(NdbMgmHandle).
Pointer to
ndb_mgm_tls_stats
structure holding result data
0 on success, -1
on error.
Checks whether a connected handle is using TLS.
int ndb_mgm_has_tls
(
NdbMgmHandle handle
)
Management server handle
(NdbMgmHandle).
1 if the handle is using TLS;
0 if it is not.
Queries TLS certificates of connected MGM clients
int ndb_mgm_list_certs
(
NdbMgmHandle handle,
struct ndb_mgm_cert_table **list
)
Management server handle
(NdbMgmHandle).
Address of a pointer to an
ndb_mgm_cert_table
structure.
One of the following values:
> 0: The total number of
linked descriptions.
0: Success, but with no TLS
connections to report.
-1: Error.
Set an SSL context structure (CTX) for a handle.
int ndb_mgm_set_ssl_ctx
(
NdbMgmHandle handle,
struct ssl_ctx_st *ctx
)
Management server handle
(NdbMgmHandle).
SSL_ctx to be used for TLS and
HTTPS connections
0 on success, -1
if CTX has already been set
Start TLS by upgrading an open, unencrypted connection to a secure one.
int ndb_mgm_start_tls
(
NdbMgmHandle handle
)
Management server handle
(NdbMgmHandle).
0 on success
ndb_mgm_cert_table is a linked
structure describing a TLS client session.
struct ndb_mgm_cert_table
{
Uint64 session_id;
char *peer_address;
char *cert_serial;
char *cert_name;
char *cert_expires;
struct ndb_mgm_cert_table *next;
}
TLS session ID
Host making the connection
Certificate serial number
Certificate name
Certificate expiration date
Pointer to the next
ndb_mgm_cert_table
in the list
The ndb_mgm_tls_stats struct stores
server statistics relating to TLS.
struct ndb_mgm_tls_stats
{
Uint32 accepted;
Uint32 upgraded;
Uint32 current;
Uint32 tls;
Uint32 authfail;
}
Total number of client connections accepted
Number of client connections upgraded to TLS
Total number of current open client sessions
Number of current open client sessions using TLS
Total number of authorization failures