diff options
| author | Michael Widenius <monty@mariadb.org> | 2018-03-09 14:05:35 +0200 |
|---|---|---|
| committer | Monty <monty@mariadb.org> | 2018-03-29 13:59:44 +0300 |
| commit | a7abddeffa6a760ce948c2dfb007cdf3f1a369d5 (patch) | |
| tree | 70eb743fa965a17380bbc0ac88ae79ca1075b896 /mysql-test/main/ssl_7937.test | |
| parent | ab1941266c59a19703a74b5593cf3f508a5752d7 (diff) | |
| download | mariadb-git-a7abddeffa6a760ce948c2dfb007cdf3f1a369d5.tar.gz | |
Create 'main' test directory and move 't' and 'r' there
Diffstat (limited to 'mysql-test/main/ssl_7937.test')
| -rw-r--r-- | mysql-test/main/ssl_7937.test | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/mysql-test/main/ssl_7937.test b/mysql-test/main/ssl_7937.test new file mode 100644 index 00000000000..aa8cd225d7b --- /dev/null +++ b/mysql-test/main/ssl_7937.test @@ -0,0 +1,35 @@ +# +# MDEV-7937: Enforce SSL when --ssl client option is used +# + +source include/have_ssl_crypto_functs.inc; + +# create a procedure instead of SHOW STATUS LIKE 'ssl_cipher' +# because the cipher depends on openssl (or yassl) version, +# and it's actual value doesn't matter here anyway +create procedure have_ssl() + select if(variable_value > '','yes','no') as 'have_ssl' + from information_schema.session_status + where variable_name='ssl_cipher'; + +--disable_abort_on_error +--echo mysql --ssl-ca=cacert.pem -e "call test.have_ssl()" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "call test.have_ssl()" 2>&1 +--echo mysql --ssl -e "call test.have_ssl()" +--exec $MYSQL --ssl -e "call test.have_ssl()" 2>&1 +--echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 + +--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()" +# this is the test where certificate verification fails. +# but yassl doesn't support certificate verification, so +# we fake the test result for yassl +let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`; +if (!$yassl) { + --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" "Error in the certificate." "Failed to verify the server certificate" + --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 +} +if ($yassl) { + --echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate +} +drop procedure have_ssl; |