diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-01-26 22:29:24 +0100 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-01-28 14:41:39 +0100 |
commit | 9c60535f867678e65ade1258ca10b7d2ee2bdc53 (patch) | |
tree | 98896eddfe74b7f9c9ae7b91894b5b14897bc399 /mysql-test/main | |
parent | eff7f9bea26a327974bb87ddfaa18ad57e7391a2 (diff) | |
download | mariadb-git-9c60535f867678e65ade1258ca10b7d2ee2bdc53.tar.gz |
SSL test fixesmariadb-10.4.2
* fix CRL tests to work
* regenerate certificates to be at least 2048 bit
(fixes buster and rhel8 in buildbot)
* update generate-ssl-cert.sh to generate crl files
* make all SSL tests to use certificates generated
in generate-ssl-cert.sh, remove unused certificates
Diffstat (limited to 'mysql-test/main')
-rw-r--r-- | mysql-test/main/disabled.def | 3 | ||||
-rw-r--r-- | mysql-test/main/ssl-crl-revoked-crl.result | 1 | ||||
-rw-r--r-- | mysql-test/main/ssl.result | 4 | ||||
-rw-r--r-- | mysql-test/main/ssl_cert_verify.result | 5 | ||||
-rw-r--r-- | mysql-test/main/ssl_cert_verify.test | 43 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl-master.opt | 4 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl.combinations | 5 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl.result | 24 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl.test | 15 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients-master.opt | 4 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients-valid.result | 24 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients.result | 6 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients.test | 31 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients_valid-master.opt | 4 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients_valid.result | 16 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clients_valid.test | 23 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clrpath-master.opt | 4 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clrpath.result | 23 | ||||
-rw-r--r-- | mysql-test/main/ssl_crl_clrpath.test | 16 |
19 files changed, 35 insertions, 220 deletions
diff --git a/mysql-test/main/disabled.def b/mysql-test/main/disabled.def index 86bd3a14492..eecee845a35 100644 --- a/mysql-test/main/disabled.def +++ b/mysql-test/main/disabled.def @@ -14,9 +14,6 @@ events_time_zone : Test is not predictable as it depends on precise timi read_many_rows_innodb : Bug#11748886 2010-11-15 mattiasj report already exists mysql_embedded : Bug#12561297 2011-05-14 Anitha Dependent on PB2 changes - eventum#41836 #show_explain : Psergey: random timeout in range-checked-for-each record query. -ssl_crl_clients_valid : broken upstream -ssl_crl : broken upstream -ssl_crl_clrpath : broken upstream innodb-wl5522-debug-zip : broken upstream innodb_bug12902967 : broken upstream file_contents : MDEV-6526 these files are not installed anymore diff --git a/mysql-test/main/ssl-crl-revoked-crl.result b/mysql-test/main/ssl-crl-revoked-crl.result deleted file mode 100644 index 8ecc6a509d3..00000000000 --- a/mysql-test/main/ssl-crl-revoked-crl.result +++ /dev/null @@ -1 +0,0 @@ -# try logging in with a certificate in the server's --ssl-crl : should fail diff --git a/mysql-test/main/ssl.result b/mysql-test/main/ssl.result index bd2d650acc5..8de36f55ecf 100644 --- a/mysql-test/main/ssl.result +++ b/mysql-test/main/ssl.result @@ -4,10 +4,10 @@ have_ssl 1 SHOW STATUS LIKE 'Ssl_server_not_before'; Variable_name Value -Ssl_server_not_before Apr 25 20:52:21 2017 GMT +Ssl_server_not_before Jan 27 10:11:10 2019 GMT SHOW STATUS LIKE 'Ssl_server_not_after'; Variable_name Value -Ssl_server_not_after Apr 20 20:52:21 2037 GMT +Ssl_server_not_after Jan 22 10:11:10 2039 GMT drop table if exists t1,t2,t3,t4; CREATE TABLE t1 ( Period smallint(4) unsigned zerofill DEFAULT '0000' NOT NULL, diff --git a/mysql-test/main/ssl_cert_verify.result b/mysql-test/main/ssl_cert_verify.result deleted file mode 100644 index 1da77329509..00000000000 --- a/mysql-test/main/ssl_cert_verify.result +++ /dev/null @@ -1,5 +0,0 @@ -#T1: Host name (/CN=localhost/) as OU name in the server certificate, server certificate verification should fail. -#T2: Host name (localhost) as common name in the server certificate, server certificate verification should pass. -Variable_name Value -Ssl_version TLS_VERSION -# restart server using restart diff --git a/mysql-test/main/ssl_cert_verify.test b/mysql-test/main/ssl_cert_verify.test deleted file mode 100644 index 51b1612e45b..00000000000 --- a/mysql-test/main/ssl_cert_verify.test +++ /dev/null @@ -1,43 +0,0 @@ -# Want to skip this test from Valgrind execution ---source include/no_valgrind_without_big.inc -# This test should work in embedded server after we fix mysqltest --- source include/not_embedded.inc --- source include/have_ssl_communication.inc -# Save the initial number of concurrent sessions ---source include/count_sessions.inc - -let $ssl_verify_fail_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-key-verify-fail.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert-verify-fail.pem; -let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-key-verify-pass.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert-verify-pass.pem; - ---echo #T1: Host name (/CN=localhost/) as OU name in the server certificate, server certificate verification should fail. ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:" $ssl_verify_fail_path > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc - ---error 1 ---exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'" - ---echo #T2: Host name (localhost) as common name in the server certificate, server certificate verification should pass. ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:" $ssl_verify_pass_path > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc - ---replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION ---exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'" - ---echo # restart server using restart ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart: " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc diff --git a/mysql-test/main/ssl_crl-master.opt b/mysql-test/main/ssl_crl-master.opt deleted file mode 100644 index 8500f8cd6e7..00000000000 --- a/mysql-test/main/ssl_crl-master.opt +++ /dev/null @@ -1,4 +0,0 @@ ---ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem ---ssl-key=$MYSQL_TEST_DIR/std_data/crl-server-key.pem ---ssl-cert=$MYSQL_TEST_DIR/std_data/crl-server-cert.pem ---ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl diff --git a/mysql-test/main/ssl_crl.combinations b/mysql-test/main/ssl_crl.combinations new file mode 100644 index 00000000000..abeec480510 --- /dev/null +++ b/mysql-test/main/ssl_crl.combinations @@ -0,0 +1,5 @@ +[file] +ssl-crl=$MYSQL_TEST_DIR/std_data/client-cert.crl + +[path] +ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir diff --git a/mysql-test/main/ssl_crl.result b/mysql-test/main/ssl_crl.result index 570dd9cab06..598774bd772 100644 --- a/mysql-test/main/ssl_crl.result +++ b/mysql-test/main/ssl_crl.result @@ -1,23 +1,5 @@ -# test --crl for the client : should connect +# try logging in with a certificate not in the server's --ssl-crl : should succeed Variable_name Value -have_openssl YES -have_ssl YES -ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem -ssl_capath -ssl_cert MYSQL_TEST_DIR/std_data/crl-server-cert.pem -ssl_cipher -ssl_crl MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -ssl_crlpath -ssl_key MYSQL_TEST_DIR/std_data/crl-server-key.pem -# test --crlpath for the client : should connect -Variable_name Value -have_openssl YES -have_ssl YES -ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem -ssl_capath -ssl_cert MYSQL_TEST_DIR/std_data/crl-server-cert.pem -ssl_cipher -ssl_crl MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -ssl_crlpath -ssl_key MYSQL_TEST_DIR/std_data/crl-server-key.pem +Ssl_version TLS_VERSION # try logging in with a certificate in the server's --ssl-crl : should fail +ERROR 2026 (HY000): SSL connection error: sslv3 alert certificate revoked diff --git a/mysql-test/main/ssl_crl.test b/mysql-test/main/ssl_crl.test index 65c14837e50..dc30a9b5934 100644 --- a/mysql-test/main/ssl_crl.test +++ b/mysql-test/main/ssl_crl.test @@ -2,15 +2,12 @@ -- source include/not_embedded.inc -- source include/have_openssl.inc ---echo # test --crl for the client : should connect ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';" - ---echo # test --crlpath for the client : should connect ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';" +--echo # try logging in with a certificate not in the server's --ssl-crl : should succeed +--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-new-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" --echo # try logging in with a certificate in the server's --ssl-crl : should fail ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR +# OpenSSL 1.1.1a correctly rejects the certificate, but the error message is wrong +--replace_result "ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 0" "ERROR 2026 (HY000): SSL connection error: sslv3 alert certificate revoked" --error 1 ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW VARIABLES like '%ssl%';" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 diff --git a/mysql-test/main/ssl_crl_clients-master.opt b/mysql-test/main/ssl_crl_clients-master.opt deleted file mode 100644 index fa885a61a0c..00000000000 --- a/mysql-test/main/ssl_crl_clients-master.opt +++ /dev/null @@ -1,4 +0,0 @@ ---ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem ---ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem ---ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem ---ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl diff --git a/mysql-test/main/ssl_crl_clients-valid.result b/mysql-test/main/ssl_crl_clients-valid.result deleted file mode 100644 index f3f47d51846..00000000000 --- a/mysql-test/main/ssl_crl_clients-valid.result +++ /dev/null @@ -1,24 +0,0 @@ -# Test clients with and without CRL lists -############ Test mysql ############## -# Test mysql connecting to a server with an empty crl -Variable_name Value -have_openssl YES -have_ssl YES -ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem -ssl_capath -ssl_cert MYSQL_TEST_DIR/std_data/crl-client-cert.pem -ssl_cipher -ssl_crl -ssl_crlpath -ssl_key MYSQL_TEST_DIR/std_data/crl-client-key.pem -# Test mysql connecting to a server with a certificate revoked by -crl -# Test mysql connecting to a server with a certificate revoked by -crlpath -############ Test mysqladmin ############## -# Test mysqladmin connecting to a server with an empty crl -mysqld is alive -# Test mysqladmin connecting to a server with a certificate revoked by -crl -mysqladmin: connect to server at 'localhost' failed -error: 'SSL connection error: Failed to set ciphers to use' -# Test mysqladmin connecting to a server with a certificate revoked by -crlpath -mysqladmin: connect to server at 'localhost' failed -error: 'SSL connection error: error:00000005:lib(0):func(0):DH lib' diff --git a/mysql-test/main/ssl_crl_clients.result b/mysql-test/main/ssl_crl_clients.result index 3bb9b4ee7e2..0d8ed9a4158 100644 --- a/mysql-test/main/ssl_crl_clients.result +++ b/mysql-test/main/ssl_crl_clients.result @@ -1,7 +1,13 @@ # Test clients with and without CRL lists ############ Test mysql ############## # Test mysql connecting to a server with a certificate revoked by -crl +ERROR 2026 (HY000): SSL connection error: certificate revoked # Test mysql connecting to a server with a certificate revoked by -crlpath +ERROR 2026 (HY000): SSL connection error: certificate revoked ############ Test mysqladmin ############## # Test mysqladmin connecting to a server with a certificate revoked by -crl +mysqladmin: connect to server at 'localhost' failed +error: 'SSL connection error: certificate revoked' # Test mysqladmin connecting to a server with a certificate revoked by -crlpath +mysqladmin: connect to server at 'localhost' failed +error: 'SSL connection error: certificate revoked' diff --git a/mysql-test/main/ssl_crl_clients.test b/mysql-test/main/ssl_crl_clients.test index 7c05f498fbe..fc954a2fc38 100644 --- a/mysql-test/main/ssl_crl_clients.test +++ b/mysql-test/main/ssl_crl_clients.test @@ -4,38 +4,33 @@ --echo # Test clients with and without CRL lists -let $ssl_base = --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-server-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-server-cert.pem; -let $ssl_crl = $ssl_base --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl; -let $ssl_crlpath = $ssl_base --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir; +let $ssl_base = --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-verify-server-cert; +let $ssl_crl = $ssl_base --ssl-crl=$MYSQL_TEST_DIR/std_data/server-cert.crl; +let $ssl_crlpath = $ssl_base --ssl-crlpath=$MYSQL_TMP_DIR; +# See `openssl x509 -in server-cert.pem -noout -issuer_hash` +copy_file $MYSQL_TEST_DIR/std_data/server-cert.crl $MYSQL_TMP_DIR/ed1f42db.r0; --echo ############ Test mysql ############## --echo # Test mysql connecting to a server with a certificate revoked by -crl ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR --error 1 ---exec $MYSQL $ssl_crl test -e "SHOW VARIABLES like '%ssl%';" +--exec $MYSQL $ssl_crl test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 --echo # Test mysql connecting to a server with a certificate revoked by -crlpath ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR --error 1 ---exec $MYSQL $ssl_crlpath test -e "SHOW VARIABLES like '%ssl%';" +--exec $MYSQL $ssl_crlpath test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 --echo ############ Test mysqladmin ############## -let $admin_prefix = --no-defaults; let $admin_suffix = --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping; --echo # Test mysqladmin connecting to a server with a certificate revoked by -crl ---disable_result_log ---replace_regex /.*mysqladmin.*: connect/mysqladmin: connect/ ---error 2 ---exec $MYSQLADMIN $admin_prefix $ssl_crl $admin_suffix 2>&1 ---enable_result_log +--replace_regex /.*mysqladmin.*:/mysqladmin:/ +--error 1 +--exec $MYSQLADMIN $ssl_crl $admin_suffix 2>&1 ---disable_result_log --echo # Test mysqladmin connecting to a server with a certificate revoked by -crlpath ---replace_regex /.*mysqladmin.*: connect/mysqladmin: connect/ ---error 2 ---exec $MYSQLADMIN $admin_prefix $ssl_crlpath $admin_suffix 2>&1 ---enable_result_log +--replace_regex /.*mysqladmin.*:/mysqladmin:/ +--error 1 +--exec $MYSQLADMIN $ssl_crlpath $admin_suffix 2>&1 diff --git a/mysql-test/main/ssl_crl_clients_valid-master.opt b/mysql-test/main/ssl_crl_clients_valid-master.opt deleted file mode 100644 index 258df564eba..00000000000 --- a/mysql-test/main/ssl_crl_clients_valid-master.opt +++ /dev/null @@ -1,4 +0,0 @@ ---ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem ---ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem ---ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem ---ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl diff --git a/mysql-test/main/ssl_crl_clients_valid.result b/mysql-test/main/ssl_crl_clients_valid.result deleted file mode 100644 index 32ee72d5c39..00000000000 --- a/mysql-test/main/ssl_crl_clients_valid.result +++ /dev/null @@ -1,16 +0,0 @@ -# Test clients with and without CRL lists -############ Test mysql ############## -# Test mysql connecting to a server with an empty crl -Variable_name Value -have_openssl YES -have_ssl YES -ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem -ssl_capath -ssl_cert MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem -ssl_cipher -ssl_crl MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -ssl_crlpath -ssl_key MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem -############ Test mysqladmin ############## -# Test mysqladmin connecting to a server with an empty crl -mysqld is alive diff --git a/mysql-test/main/ssl_crl_clients_valid.test b/mysql-test/main/ssl_crl_clients_valid.test deleted file mode 100644 index f08fbf09397..00000000000 --- a/mysql-test/main/ssl_crl_clients_valid.test +++ /dev/null @@ -1,23 +0,0 @@ -# This test should work in embedded server after we fix mysqltest --- source include/not_embedded.inc --- source include/have_openssl.inc - ---echo # Test clients with and without CRL lists - -let $ssl_base = --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-server-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-server-cert.pem; -let $ssl_crl = $ssl_base --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl; -let $ssl_crlpath = $ssl_base --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir; - - ---echo ############ Test mysql ############## - ---echo # Test mysql connecting to a server with an empty crl ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL $ssl_crl test -e "SHOW VARIABLES like '%ssl%';" 2>&1 - ---echo ############ Test mysqladmin ############## -let $admin_prefix = --no-defaults; -let $admin_suffix = --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping; - ---echo # Test mysqladmin connecting to a server with an empty crl ---exec $MYSQLADMIN $admin_prefix $ssl_crl $admin_suffix 2>&1 diff --git a/mysql-test/main/ssl_crl_clrpath-master.opt b/mysql-test/main/ssl_crl_clrpath-master.opt deleted file mode 100644 index b1f486a322b..00000000000 --- a/mysql-test/main/ssl_crl_clrpath-master.opt +++ /dev/null @@ -1,4 +0,0 @@ ---ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem ---ssl-key=$MYSQL_TEST_DIR/std_data/crl-server-key.pem ---ssl-cert=$MYSQL_TEST_DIR/std_data/crl-server-cert.pem ---ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir diff --git a/mysql-test/main/ssl_crl_clrpath.result b/mysql-test/main/ssl_crl_clrpath.result deleted file mode 100644 index b4b4d13eca1..00000000000 --- a/mysql-test/main/ssl_crl_clrpath.result +++ /dev/null @@ -1,23 +0,0 @@ -# test --crl for the client : should connect -Variable_name Value -have_openssl YES -have_ssl YES -ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem -ssl_capath -ssl_cert MYSQL_TEST_DIR/std_data/crl-server-cert.pem -ssl_cipher -ssl_crl -ssl_crlpath MYSQL_TEST_DIR/std_data/crldir -ssl_key MYSQL_TEST_DIR/std_data/crl-server-key.pem -# test --crlpath for the client : should connect -Variable_name Value -have_openssl YES -have_ssl YES -ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem -ssl_capath -ssl_cert MYSQL_TEST_DIR/std_data/crl-server-cert.pem -ssl_cipher -ssl_crl -ssl_crlpath MYSQL_TEST_DIR/std_data/crldir -ssl_key MYSQL_TEST_DIR/std_data/crl-server-key.pem -# try logging in with a certificate in the server's --ssl-crlpath : should fail diff --git a/mysql-test/main/ssl_crl_clrpath.test b/mysql-test/main/ssl_crl_clrpath.test deleted file mode 100644 index 50d84ad175e..00000000000 --- a/mysql-test/main/ssl_crl_clrpath.test +++ /dev/null @@ -1,16 +0,0 @@ -# This test should work in embedded server after we fix mysqltest --- source include/not_embedded.inc --- source include/have_openssl.inc - ---echo # test --crl for the client : should connect ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';" - ---echo # test --crlpath for the client : should connect ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';" - ---echo # try logging in with a certificate in the server's --ssl-crlpath : should fail ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---error 1 ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW VARIABLES like '%ssl%';" |