MDEV-19168: Add ssl-flush command. (#1749)

* MDEV-19168: Add ssl-flush command. Improve flush error messages and move error printing into the `flush` function.
author: Kartik Soneji <kartiksoneji@rocketmail.com> 2021-02-17 22:43:15 +0530
committer: GitHub <noreply@github.com> 2021-02-17 19:13:15 +0200
commit: 66b8edf8a57c106b15ef1de2b25ce3e992540b71 (patch)
tree: 1f39b8e77ab801ca8c49cbf7eaf7a707a63d6d9b /mysql-test/main/mysqladmin.test
parent: 9f136700042d755ab7e59cc99d593826a67e870d (diff)
download: mariadb-git-66b8edf8a57c106b15ef1de2b25ce3e992540b71.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/mysql-test/main/mysqladmin.test b/mysql-test/main/mysqladmin.test
index 2580db88456..97e805ecf73 100644
--- a/mysql-test/main/mysqladmin.test
+++ b/mysql-test/main/mysqladmin.test
@@ -51,3 +51,50 @@ EOF
 #
 --error 1
 --exec $MYSQLADMIN -u root -p 2>&1 > /dev/null
+
+#
+# MDEV-19168 Reload SSL certificate
+# This test reloads server SSL certs ./mysqladmin flush-ssl, and checks that new SSL
+# connection use new certificate.
+# SWtatus variable Ssl_server_not_after is used to tell the old certificate from new.
+#
+
+source include/have_ssl_communication.inc;
+
+# Restart server with cert. files located in temp directory
+# We are going to remove / replace them within the test,
+# so we can't use the ones in std_data directly.
+
+let $ssl_cert=$MYSQLTEST_VARDIR/tmp/ssl_cert.pem;
+let $ssl_key=$MYSQLTEST_VARDIR/tmp/ssl_key.pem;
+
+copy_file $MYSQL_TEST_DIR/std_data/server-key.pem $ssl_key;
+copy_file $MYSQL_TEST_DIR/std_data/server-cert.pem $ssl_cert;
+
+let $restart_parameters=--ssl-key=$ssl_key --ssl-cert=$ssl_cert;
+--source include/kill_mysqld.inc
+--source include/start_mysqld.inc
+
+connect  ssl_con,localhost,root,,,,,SSL;
+SELECT VARIABLE_VALUE INTO @ssl_not_after FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
+let $ssl_not_after=`SELECT @ssl_not_after`;
+
+remove_file $ssl_cert;
+remove_file $ssl_key;
+
+--echo # Use a different certificate ("Not after" certificate field changed)
+copy_file $MYSQL_TEST_DIR/std_data/server-new-key.pem $ssl_key;
+copy_file $MYSQL_TEST_DIR/std_data/server-new-cert.pem $ssl_cert;
+
+--exec $MYSQLADMIN --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT  -u root --password= flush-ssl 2>&1
+
+--echo # Check new certificate used by new connection
+exec $MYSQL --ssl  -e  "SELECT IF(VARIABLE_VALUE <> '$ssl_not_after', 'OK', 'FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after'";
+
+--echo # Cleanup
+remove_file $ssl_cert;
+remove_file $ssl_key;
+# restart with usuall SSL
+let $restart_parameters=;
+--source include/kill_mysqld.inc
+--source include/start_mysqld.inc
author	Kartik Soneji <kartiksoneji@rocketmail.com>	2021-02-17 22:43:15 +0530
committer	GitHub <noreply@github.com>	2021-02-17 19:13:15 +0200
commit	66b8edf8a57c106b15ef1de2b25ce3e992540b71 (patch)
tree	1f39b8e77ab801ca8c49cbf7eaf7a707a63d6d9b /mysql-test/main/mysqladmin.test
parent	9f136700042d755ab7e59cc99d593826a67e870d (diff)
download	mariadb-git-66b8edf8a57c106b15ef1de2b25ce3e992540b71.tar.gz