diff options
| author | Ramil Kalimullin <ramil.kalimullin@oracle.com> | 2016-02-19 23:31:10 +0400 |
|---|---|---|
| committer | Ramil Kalimullin <ramil.kalimullin@oracle.com> | 2016-02-19 23:31:10 +0400 |
| commit | b3e9211e48a3fb586e88b0270a175d2348935424 (patch) | |
| tree | 6289051e87d89f272a9392d749ce580a83eb2743 | |
| parent | d9c541cb1be5b239787833d9d499067d44ea44d3 (diff) | |
| download | mariadb-git-b3e9211e48a3fb586e88b0270a175d2348935424.tar.gz | |
WL#9072: Backport WL#8785 to 5.5
| -rw-r--r-- | client/client_priv.h | 36 | ||||
| -rw-r--r-- | client/mysql.cc | 14 | ||||
| -rw-r--r-- | client/mysql_upgrade.c | 7 | ||||
| -rw-r--r-- | client/mysqladmin.cc | 7 | ||||
| -rw-r--r-- | client/mysqlcheck.c | 8 | ||||
| -rw-r--r-- | client/mysqldump.c | 9 | ||||
| -rw-r--r-- | client/mysqlimport.c | 8 | ||||
| -rw-r--r-- | client/mysqlshow.c | 10 | ||||
| -rw-r--r-- | client/mysqlslap.c | 8 | ||||
| -rw-r--r-- | client/mysqltest.cc | 12 | ||||
| -rw-r--r-- | include/sslopt-case.h | 15 | ||||
| -rw-r--r-- | include/sslopt-longopts.h | 5 | ||||
| -rw-r--r-- | include/sslopt-vars.h | 12 | ||||
| -rw-r--r-- | mysql-test/r/ssl_mode.result | 44 | ||||
| -rw-r--r-- | mysql-test/r/ssl_mode_no_ssl.result | 22 | ||||
| -rw-r--r-- | mysql-test/t/ssl_mode.test | 47 | ||||
| -rw-r--r-- | mysql-test/t/ssl_mode_no_ssl-master.opt | 1 | ||||
| -rw-r--r-- | mysql-test/t/ssl_mode_no_ssl.test | 41 |
18 files changed, 265 insertions, 41 deletions
diff --git a/client/client_priv.h b/client/client_priv.h index 593c37b030a..e53ced7e790 100644 --- a/client/client_priv.h +++ b/client/client_priv.h @@ -1,5 +1,5 @@ /* - Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -88,6 +88,7 @@ enum options_client OPT_DEFAULT_AUTH, OPT_DEFAULT_PLUGIN, OPT_ENABLE_CLEARTEXT_PLUGIN, + OPT_SSL_MODE, OPT_MAX_CLIENT_OPTION }; @@ -111,3 +112,36 @@ enum options_client */ #define PERFORMANCE_SCHEMA_DB_NAME "performance_schema" +/** + Wrapper for mysql_real_connect() that checks if SSL connection is establised. + + The function calls mysql_real_connect() first, then if given ssl_required==TRUE + argument (i.e. --ssl-mode=REQUIRED option used) checks current SSL chiper to + ensure that SSL is used for current connection. + Otherwise it returns NULL and sets errno to CR_SSL_CONNECTION_ERROR. + + All clients (except mysqlbinlog which disregards SSL options) use this function + instead of mysql_real_connect() to handle --ssl-mode=REQUIRED option. +*/ +MYSQL *mysql_connect_ssl_check(MYSQL *mysql_arg, const char *host, + const char *user, const char *passwd, + const char *db, uint port, + const char *unix_socket, ulong client_flag, + my_bool ssl_required __attribute__((unused))) +{ + MYSQL *mysql= mysql_real_connect(mysql_arg, host, user, passwd, db, port, + unix_socket, client_flag); +#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) + if (mysql && /* connection established. */ + ssl_required && /* --ssl-mode=REQUIRED. */ + !mysql_get_ssl_cipher(mysql)) /* non-SSL connection. */ + { + NET *net= &mysql->net; + net->last_errno= CR_SSL_CONNECTION_ERROR; + strmov(net->last_error, "--ssl-mode=REQUIRED option forbids non SSL connections"); + strmov(net->sqlstate, "HY000"); + return NULL; + } +#endif + return mysql; +} diff --git a/client/mysql.cc b/client/mysql.cc index 84f5f097f06..cdc2ab0d6e0 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1316,8 +1316,9 @@ sig_handler handle_sigint(int sig) } kill_mysql= mysql_init(kill_mysql); - if (!mysql_real_connect(kill_mysql,current_host, current_user, opt_password, - "", opt_mysql_port, opt_mysql_unix_port,0)) + if (!mysql_connect_ssl_check(kill_mysql, current_host, current_user, opt_password, + "", opt_mysql_port, opt_mysql_unix_port, 0, + opt_ssl_required)) { tee_fprintf(stdout, "Ctrl-C -- sorry, cannot connect to server to kill query, giving up ...\n"); goto err; @@ -4457,9 +4458,10 @@ sql_real_connect(char *host,char *database,char *user,char *password, mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, (char*) &opt_enable_cleartext_plugin); - if (!mysql_real_connect(&mysql, host, user, password, - database, opt_mysql_port, opt_mysql_unix_port, - connect_flag | CLIENT_MULTI_STATEMENTS)) + if (!mysql_connect_ssl_check(&mysql, host, user, password, + database, opt_mysql_port, opt_mysql_unix_port, + connect_flag | CLIENT_MULTI_STATEMENTS, + opt_ssl_required)) { if (!silent || (mysql_errno(&mysql) != CR_CONN_HOST_ERROR && diff --git a/client/mysql_upgrade.c b/client/mysql_upgrade.c index fcbde2653e8..507df6f7843 100644 --- a/client/mysql_upgrade.c +++ b/client/mysql_upgrade.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -307,6 +307,7 @@ get_one_option(int optid, const struct my_option *opt, case OPT_DEFAULT_AUTH: /* --default-auth */ add_one_option(&conn_args, opt, argument); break; +#include <sslopt-case.h> } if (add_option) @@ -386,6 +387,10 @@ static int run_tool(char *tool_path, DYNAMIC_STRING *ds_res, ...) va_end(args); + /* If given --ssl-mode=REQUIRED propagate it to the tool. */ + if (opt_ssl_required) + dynstr_append(&ds_cmdline, "--ssl-mode=REQUIRED"); + #ifdef __WIN__ dynstr_append(&ds_cmdline, "\""); #endif diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc index e8bb4a1a27c..f0ae2c12137 100644 --- a/client/mysqladmin.cc +++ b/client/mysqladmin.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -518,8 +518,9 @@ static my_bool sql_connect(MYSQL *mysql, uint wait) for (;;) { - if (mysql_real_connect(mysql,host,user,opt_password,NullS,tcp_port, - unix_port, CLIENT_REMEMBER_OPTIONS)) + if (mysql_connect_ssl_check(mysql, host, user, opt_password, NullS, + tcp_port, unix_port, + CLIENT_REMEMBER_OPTIONS, opt_ssl_required)) { mysql->reconnect= 1; if (info) diff --git a/client/mysqlcheck.c b/client/mysqlcheck.c index 0d5570434e4..a564e871281 100644 --- a/client/mysqlcheck.c +++ b/client/mysqlcheck.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -894,8 +894,10 @@ static int dbConnect(char *host, char *user, char *passwd) (char *) &opt_enable_cleartext_plugin); mysql_options(&mysql_connection, MYSQL_SET_CHARSET_NAME, default_charset); - if (!(sock = mysql_real_connect(&mysql_connection, host, user, passwd, - NULL, opt_mysql_port, opt_mysql_unix_port, 0))) + if (!(sock = mysql_connect_ssl_check(&mysql_connection, host, user, passwd, + NULL, opt_mysql_port, + opt_mysql_unix_port, 0, + opt_ssl_required))) { DBerror(&mysql_connection, "when trying to connect"); return 1; diff --git a/client/mysqldump.c b/client/mysqldump.c index 6bb249134e8..6c4fec313c5 100644 --- a/client/mysqldump.c +++ b/client/mysqldump.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1498,9 +1498,10 @@ static int connect_to_db(char *host, char *user,char *passwd) mysql_options(&mysql_connection, MYSQL_ENABLE_CLEARTEXT_PLUGIN, (char *) &opt_enable_cleartext_plugin); - if (!(mysql= mysql_real_connect(&mysql_connection,host,user,passwd, - NULL,opt_mysql_port,opt_mysql_unix_port, - 0))) + if (!(mysql= mysql_connect_ssl_check(&mysql_connection, host, user, + passwd, NULL, opt_mysql_port, + opt_mysql_unix_port, 0, + opt_ssl_required))) { DB_error(&mysql_connection, "when trying to connect"); DBUG_RETURN(1); diff --git a/client/mysqlimport.c b/client/mysqlimport.c index f71111f7e9e..416159abd81 100644 --- a/client/mysqlimport.c +++ b/client/mysqlimport.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -449,9 +449,9 @@ static MYSQL *db_connect(char *host, char *database, (char*)&opt_enable_cleartext_plugin); mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset); - if (!(mysql_real_connect(mysql,host,user,passwd, - database,opt_mysql_port,opt_mysql_unix_port, - 0))) + if (!(mysql_connect_ssl_check(mysql, host, user, passwd, database, + opt_mysql_port, opt_mysql_unix_port, + 0, opt_ssl_required))) { ignore_errors=0; /* NO RETURN FROM db_error */ db_error(mysql); diff --git a/client/mysqlshow.c b/client/mysqlshow.c index 6cbbc5e2463..4d1df00c8fd 100644 --- a/client/mysqlshow.c +++ b/client/mysqlshow.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -139,10 +139,10 @@ int main(int argc, char **argv) mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, (char*)&opt_enable_cleartext_plugin); - if (!(mysql_real_connect(&mysql,host,user,opt_password, - (first_argument_uses_wildcards) ? "" : - argv[0],opt_mysql_port,opt_mysql_unix_port, - 0))) + if (!(mysql_connect_ssl_check(&mysql, host, user, opt_password, + (first_argument_uses_wildcards) ? "" : + argv[0], opt_mysql_port, opt_mysql_unix_port, + 0, opt_ssl_required))) { fprintf(stderr,"%s: %s\n",my_progname,mysql_error(&mysql)); exit(1); diff --git a/client/mysqlslap.c b/client/mysqlslap.c index 8c50898fb01..eb2b577948c 100644 --- a/client/mysqlslap.c +++ b/client/mysqlslap.c @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -355,9 +355,9 @@ int main(int argc, char **argv) (char*) &opt_enable_cleartext_plugin); if (!opt_only_print) { - if (!(mysql_real_connect(&mysql, host, user, opt_password, - NULL, opt_mysql_port, - opt_mysql_unix_port, connect_flags))) + if (!(mysql_connect_ssl_check(&mysql, host, user, opt_password, + NULL, opt_mysql_port, opt_mysql_unix_port, + connect_flags, opt_ssl_required))) { fprintf(stderr,"%s: Error when connecting to server: %s\n", my_progname,mysql_error(&mysql)); diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 78dcdd77659..79d448cf811 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -5281,8 +5281,9 @@ void safe_connect(MYSQL* mysql, const char *name, const char *host, verbose_msg("Connecting to server %s:%d (socket %s) as '%s'" ", connection '%s', attempt %d ...", host, port, sock, user, name, failed_attempts); - while(!mysql_real_connect(mysql, host,user, pass, db, port, sock, - CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS)) + while(!mysql_connect_ssl_check(mysql, host,user, pass, db, port, sock, + CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS, + opt_ssl_required)) { /* Connect failed @@ -5382,8 +5383,9 @@ int connect_n_handle_errors(struct st_command *command, dynstr_append_mem(ds, ";\n", 2); } - while (!mysql_real_connect(con, host, user, pass, db, port, sock ? sock: 0, - CLIENT_MULTI_STATEMENTS)) + while (!mysql_connect_ssl_check(con, host, user, pass, db, port, + sock ? sock: 0, CLIENT_MULTI_STATEMENTS, + opt_ssl_required)) { /* If we have used up all our connections check whether this diff --git a/include/sslopt-case.h b/include/sslopt-case.h index 2da5ff317e1..57702b3b352 100644 --- a/include/sslopt-case.h +++ b/include/sslopt-case.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_CASE_INCLUDED #define SSLOPT_CASE_INCLUDED -/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,5 +28,18 @@ */ opt_use_ssl= 1; break; +#ifdef MYSQL_CLIENT + case OPT_SSL_MODE: + if (my_strcasecmp(&my_charset_latin1, argument, "required")) + { + fprintf(stderr, + "Unknown value to --ssl-mode: '%s'. Use --ssl-mode=REQUIRED\n", + argument); + exit(1); + } + else + opt_ssl_required= 1; + break; +#endif /* MYSQL_CLIENT */ #endif #endif /* SSLOPT_CASE_INCLUDED */ diff --git a/include/sslopt-longopts.h b/include/sslopt-longopts.h index db99d1dfa26..fd42e83eb04 100644 --- a/include/sslopt-longopts.h +++ b/include/sslopt-longopts.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_LONGOPTS_INCLUDED #define SSLOPT_LONGOPTS_INCLUDED -/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -44,6 +44,9 @@ "when connecting. This option is disabled by default.", &opt_ssl_verify_server_cert, &opt_ssl_verify_server_cert, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0}, + {"ssl-mode", OPT_SSL_MODE, + "SSL connection mode.", + 0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, #endif #endif /* HAVE_OPENSSL */ #endif /* SSLOPT_LONGOPTS_INCLUDED */ diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index 01093feceaf..6c9bd4296ef 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_VARS_INCLUDED #define SSLOPT_VARS_INCLUDED -/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,8 +28,14 @@ SSL_STATIC char *opt_ssl_capath = 0; SSL_STATIC char *opt_ssl_cert = 0; SSL_STATIC char *opt_ssl_cipher = 0; SSL_STATIC char *opt_ssl_key = 0; + #ifdef MYSQL_CLIENT SSL_STATIC my_bool opt_ssl_verify_server_cert= 0; -#endif -#endif +SSL_STATIC my_bool opt_ssl_required= 0; +#endif /* MYSQL_CLIENT */ + +#else /* HAVE_OPENSSL */ +#define opt_ssl_required 0 +#endif /* HAVE_OPENSSL */ + #endif /* SSLOPT_VARS_INCLUDED */ diff --git a/mysql-test/r/ssl_mode.result b/mysql-test/r/ssl_mode.result new file mode 100644 index 00000000000..38fc4e1dca2 --- /dev/null +++ b/mysql-test/r/ssl_mode.result @@ -0,0 +1,44 @@ +# positive client tests +# mysql +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES(0); +# mysqldump +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `t1` ( + `a` int(11) DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; +INSERT INTO `t1` VALUES (0); +# mysqladmin +mysqld is alive +# mysqlcheck +test.t1 OK +# mysqlimport +CREATE TABLE words(a VARCHAR(255)); +test.words: Records: 70 Deleted: 0 Skipped: 0 Warnings: 0 +DROP TABLE words; +# mysqlshow +Database: test ++--------+ +| Tables | ++--------+ +| t1 | ++--------+ +# mysqlslap +# mysqltest +Output from mysqltest-x.inc +DROP TABLE t1; +# negative client tests +# mysql +Unknown value to --ssl-mode: ''. Use --ssl-mode=REQUIRED +Unknown value to --ssl-mode: 'DERIUQER'. Use --ssl-mode=REQUIRED +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections + +End of tests diff --git a/mysql-test/r/ssl_mode_no_ssl.result b/mysql-test/r/ssl_mode_no_ssl.result new file mode 100644 index 00000000000..409b7a0fa1b --- /dev/null +++ b/mysql-test/r/ssl_mode_no_ssl.result @@ -0,0 +1,22 @@ +# negative client tests +# mysql +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections +ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections +# mysqldump +mysqldump: Got error: 2026: --ssl-mode=REQUIRED option forbids non SSL connections when trying to connect +# mysqladmin +mysqladmin: error: '--ssl-mode=REQUIRED option forbids non SSL connections' +# mysqlcheck +mysqlcheck: Got error: 2026: --ssl-mode=REQUIRED option forbids non SSL connections when trying to connect +# mysqlimport +mysqlimport: Error: 2026 --ssl-mode=REQUIRED option forbids non SSL connections +# mysqlshow +mysqlshow: --ssl-mode=REQUIRED option forbids non SSL connections +# mysqlslap +mysqlslap: Error when connecting to server: --ssl-mode=REQUIRED option forbids non SSL connections +# mysqltest +mysqltest: Could not open connection 'default': 2026 --ssl-mode=REQUIRED option forbids non SSL connections + +End of tests diff --git a/mysql-test/t/ssl_mode.test b/mysql-test/t/ssl_mode.test new file mode 100644 index 00000000000..ce1f2aa5e0a --- /dev/null +++ b/mysql-test/t/ssl_mode.test @@ -0,0 +1,47 @@ +-- source include/not_embedded.inc +-- source include/have_ssl_communication.inc + +--echo # positive client tests +--echo # mysql +--exec $MYSQL test --ssl-mode=ReQuIrEd --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1 +--exec $MYSQL test --ssl-mode=REQUIRED --ssl --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1 + +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES(0); + +--echo # mysqldump +--exec $MYSQL_DUMP --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA --compact --skip-comments test 2>&1 +--echo # mysqladmin +--exec $MYSQLADMIN --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping 2>&1 +--echo # mysqlcheck +--exec $MYSQL_CHECK --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA test 2>&1 +--echo # mysqlimport +CREATE TABLE words(a VARCHAR(255)); +--exec $MYSQL_IMPORT --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA test $MYSQLTEST_VARDIR/std_data/words.dat 2>&1 +DROP TABLE words; +--echo # mysqlshow +--exec $MYSQL_SHOW --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA test 2>&1 +--echo # mysqlslap +--exec $MYSQL_SLAP --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA --create-schema=test --query="select * from t1" --silent 2>&1 +--echo # mysqltest +--exec $MYSQL_TEST --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA -x $MYSQL_TEST_DIR/include/mysqltest-x.inc 2>&1 + +DROP TABLE t1; + +--echo # negative client tests +--echo # mysql +--error 5 +--exec $MYSQL test --ssl-mode +--error 1 +--exec $MYSQL test --ssl-mode= 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=DERIUQER 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED --ssl 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA --skip-ssl 2>&1 + +--echo +--echo End of tests diff --git a/mysql-test/t/ssl_mode_no_ssl-master.opt b/mysql-test/t/ssl_mode_no_ssl-master.opt new file mode 100644 index 00000000000..0ca403efdfb --- /dev/null +++ b/mysql-test/t/ssl_mode_no_ssl-master.opt @@ -0,0 +1 @@ +--skip-ssl diff --git a/mysql-test/t/ssl_mode_no_ssl.test b/mysql-test/t/ssl_mode_no_ssl.test new file mode 100644 index 00000000000..65f7d1cd46b --- /dev/null +++ b/mysql-test/t/ssl_mode_no_ssl.test @@ -0,0 +1,41 @@ +-- source include/not_embedded.inc + +--echo # negative client tests +--echo # mysql +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED --ssl 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA 2>&1 +--error 1 +--exec $MYSQL test --ssl-mode=REQUIRED --ssl --ssl-cipher=DHE-RSA-AES256-SHA 2>&1 +--echo # mysqldump +--error 2 +--exec $MYSQL_DUMP --ssl-mode=REQUIRED test 2>&1 +--echo # mysqladmin +--replace_regex /.*mysqladmin.*/mysqladmin: / +--error 1 +--exec $MYSQLADMIN --ssl-mode=REQUIRED -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping 2>&1 +--echo # mysqlcheck +--replace_regex /.*mysqlcheck(\.exe)*/mysqlcheck/ +--error 2 +--exec $MYSQL_CHECK --ssl-mode=REQUIRED test 2>&1 +--echo # mysqlimport +--replace_regex /.*mysqlimport(\.exe)*/mysqlimport/ +--error 1 +--exec $MYSQL_IMPORT --ssl-mode=REQUIRED test $MYSQLTEST_VARDIR/tmp/t1.txt 2>&1 +--echo # mysqlshow +--replace_regex /.*mysqlshow(\.exe)*/mysqlshow/ +--error 1 +--exec $MYSQL_SHOW --ssl-mode=REQUIRED test 2>&1 +--echo # mysqlslap +--replace_regex /.*mysqlslap(\.exe)*/mysqlslap/ +--error 1 +--exec $MYSQL_SLAP --ssl-mode=REQUIRED 2>&1 +--echo # mysqltest +--error 1 +--exec $MYSQL_TEST --ssl-mode=REQUIRED -x $MYSQL_TEST_DIR/include/mysqltest-x.inc 2>&1 + +--echo +--echo End of tests |