diff options
| author | Georg Richter <georg@mariadb.com> | 2017-03-08 17:39:47 +0100 |
|---|---|---|
| committer | Georg Richter <georg@mariadb.com> | 2017-03-08 17:39:47 +0100 |
| commit | f88977321038cf04bed974afce953ae7a0dca2e6 (patch) | |
| tree | 7c4d55904981cc63443bb5a49cac66ccfbf4c2b2 /mysql-test/t | |
| parent | 2bca41265c802dc9a3e8852bb2b3cda720a5d44a (diff) | |
| download | mariadb-git-MDEV-10332.tar.gz | |
Initial implementation for MDEV-10332:MDEV-10332
support for OpenSSL 1.1 and LibreSSL
tested against OpenSSL 1.0.1, 1.0.2, 1.1.0, Yassl and LibreSSL
not working on Windows with native SChannel support, due to wrong cipher mapping: Latter one requires push of CONC-241 fixes.
Please note that OpenSSL 0.9.8 and OpenSSL 1.1.0 will not work: Even if the build succeeds, test cases will fail with various errors, especially when using different tls libraries or versions for client and server.
Diffstat (limited to 'mysql-test/t')
| -rw-r--r-- | mysql-test/t/openssl_1.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/openssl_6975.test | 19 | ||||
| -rw-r--r-- | mysql-test/t/ssl_7937.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/ssl_8k_key.test | 1 |
4 files changed, 14 insertions, 10 deletions
diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 8e2d9133359..35bb7aca085 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -225,7 +225,7 @@ DROP TABLE t1; # Common ciphers to openssl and yassl --exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DES-CBC3-SHA +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES128-SHA --disable_query_log --disable_result_log diff --git a/mysql-test/t/openssl_6975.test b/mysql-test/t/openssl_6975.test index 6e8e03a0a89..6cf5d82cf54 100644 --- a/mysql-test/t/openssl_6975.test +++ b/mysql-test/t/openssl_6975.test @@ -4,11 +4,13 @@ # test SSLv3 and TLSv1.2 ciphers when OpenSSL is restricted to SSLv3 or TLSv1.2 # source include/have_ssl_communication.inc; +source include/require_openssl_client.inc; # this is OpenSSL test. create user ssl_sslv3@localhost; -grant select on test.* to ssl_sslv3@localhost require cipher "RC4-SHA"; +# grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA"; +grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA"; create user ssl_tls12@localhost; grant select on test.* to ssl_tls12@localhost require cipher "AES128-SHA256"; @@ -18,8 +20,9 @@ disable_abort_on_error; echo TLS1.2 ciphers: user is ok with any cipher; exec $mysql --ssl-cipher=AES128-SHA256; --replace_result DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-GCM-SHA384 -exec $mysql --ssl-cipher=TLSv1.2; -echo TLS1.2 ciphers: user requires SSLv3 cipher RC4-SHA; +--replace_result ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 +exec $mysql --ssl-cipher=TLSv1.2 +echo TLS1.2 ciphers: user requires SSLv3 cipher AES128-SHA; exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA256; exec $mysql --user ssl_sslv3 --ssl-cipher=TLSv1.2; echo TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256; @@ -27,13 +30,13 @@ exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA256; exec $mysql --user ssl_tls12 --ssl-cipher=TLSv1.2; echo SSLv3 ciphers: user is ok with any cipher; -exec $mysql --ssl-cipher=RC4-SHA; -exec $mysql --ssl-cipher=SSLv3; -echo SSLv3 ciphers: user requires SSLv3 cipher RC4-SHA; -exec $mysql --user ssl_sslv3 --ssl-cipher=RC4-SHA; +exec $mysql --ssl-cipher=AES256-SHA; +exec $mysql --ssl-cipher=DHE-RSA-AES256-SHA +echo SSLv3 ciphers: user requires SSLv3 cipher AES128-SHA; +exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA; exec $mysql --user ssl_sslv3 --ssl-cipher=SSLv3; echo SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256; -exec $mysql --user ssl_tls12 --ssl-cipher=RC4-SHA; +exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA; exec $mysql --user ssl_tls12 --ssl-cipher=SSLv3; drop user ssl_sslv3@localhost; diff --git a/mysql-test/t/ssl_7937.test b/mysql-test/t/ssl_7937.test index 8e9d1901907..aa8cd225d7b 100644 --- a/mysql-test/t/ssl_7937.test +++ b/mysql-test/t/ssl_7937.test @@ -26,7 +26,7 @@ create procedure have_ssl() # we fake the test result for yassl let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`; if (!$yassl) { - --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" + --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" "Error in the certificate." "Failed to verify the server certificate" --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 } if ($yassl) { diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test index 23267a3c611..299bfaf494d 100644 --- a/mysql-test/t/ssl_8k_key.test +++ b/mysql-test/t/ssl_8k_key.test @@ -1,4 +1,5 @@ # This test should work in embedded server after we fix mysqltest +-- source include/require_openssl_client.inc -- source include/not_embedded.inc -- source include/have_ssl_communication.inc |