diff options
author | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2020-03-02 23:46:07 +0100 |
---|---|---|
committer | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2020-03-12 11:46:08 +0100 |
commit | 28fabc86dbdb0a3fe08ad66d4550f8821ec66242 (patch) | |
tree | 8cefc324183b1c77ad4e08f176833d9b70b09299 /mysql-test/main/require_secure_transport.test | |
parent | 9d7ed94f6a526748eff29dae2939a3fd341f118b (diff) | |
download | mariadb-git-28fabc86dbdb0a3fe08ad66d4550f8821ec66242.tar.gz |
MDEV-13362: implement --require_secure_transport option
Currently, if a user wants to require TLS for every connection made
over the network, then every user account on the system needs to be
created with "REQUIRE SSL" or one of the other TLS options.
Implementing a require_secure_transport system varuable (which,
in particular, can be set using the --require_secure_transport=ON
command line option) in the MariaDB Server would make it a lot
easier to require TLS (or other secure transport) system-wide.
This patch implements this new system variable, adds the ability
to set it with SQL statements, from the command line and from the
configuration file, and also contains improvements for mtr that allow
the user to establish non-secure TCP/IP connections (for example,
to verify the operation of the new option).
Diffstat (limited to 'mysql-test/main/require_secure_transport.test')
-rw-r--r-- | mysql-test/main/require_secure_transport.test | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/mysql-test/main/require_secure_transport.test b/mysql-test/main/require_secure_transport.test new file mode 100644 index 00000000000..ce62e7d5492 --- /dev/null +++ b/mysql-test/main/require_secure_transport.test @@ -0,0 +1,15 @@ +-- source include/have_ssl_communication.inc +CREATE TABLE t1 (t int(1)); +SET GLOBAL require_secure_transport=ON; +--disable_query_log +--error ER_ACCESS_DENIED_ERROR +connect without_ssl,localhost,root,,,,,TCP NOSSL; +--enable_query_log +connection default; +SET GLOBAL require_secure_transport=OFF; +--disable_query_log +connect without_ssl,localhost,root,,,,,TCP NOSSL; +--enable_query_log +disconnect without_ssl; +connection default; +DROP TABLE t1; |