MDEV-14101: Provide option to specify tls_version for client toolsbb_mdev14101

5 files changed, 25 insertions, 17 deletions

diff --git a/mysql-test/t/mysqld--help.test b/mysql-test/t/mysqld--help.test
index 1613f8e7a4f..4e71c86e506 100644
--- a/mysql-test/t/mysqld--help.test
+++ b/mysql-test/t/mysqld--help.test
@@ -23,7 +23,7 @@ perl;
                log-slow-queries pid-file slow-query-log-file log-basename
                datadir slave-load-tmpdir tmpdir socket thread-pool-size
                large-files-support lower-case-file-system system-time-zone
-               collation-server character-set-server log-tc-size version.*/;
+               collation-server character-set-server log-tc-size tls-version version.*/;
 
   # Plugins which may or may not be there:
   @plugins=qw/innodb archive blackhole federated partition
@@ -54,6 +54,9 @@ perl;
     $skip=1 if / --($re2)\b/;
     y!\\!/!;
     s/[ ]+/ /; # squeeze spaces to remove table formatting
+    # fix tls_version
+    s/, TLSv1.2//;
+    s/, TLSv1.3//;
     # fixes for 32-bit
     s/\b4294967295\b/18446744073709551615/;
     s/\b2146435072\b/9223372036853727232/;
diff --git a/mysql-test/t/openssl_6975.test b/mysql-test/t/openssl_6975.test
index 6a82d013fb6..bfcb0d56681 100644
--- a/mysql-test/t/openssl_6975.test
+++ b/mysql-test/t/openssl_6975.test
@@ -18,25 +18,25 @@ let $mysql=$MYSQL --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$
 
 disable_abort_on_error;
 echo TLS1.2 ciphers: user is ok with any cipher;
-exec $mysql                  --ssl-cipher=AES128-SHA256;
+exec $mysql --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256;
 --replace_result DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384
-exec $mysql                  --ssl-cipher=TLSv1.2;
+exec $mysql --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2;
 echo TLS1.2 ciphers: user requires SSLv3 cipher AES128-SHA;
-exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA256;
-exec $mysql --user ssl_sslv3 --ssl-cipher=TLSv1.2;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2;
 echo TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256;
-exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA256;
-exec $mysql --user ssl_tls12 --ssl-cipher=TLSv1.2;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2;
 
 echo SSLv3 ciphers: user is ok with any cipher;
-exec $mysql                  --ssl-cipher=AES256-SHA;
-exec $mysql                  --ssl-cipher=SSLv3;
+exec $mysql --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES256-SHA;
+exec $mysql --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3;
 echo SSLv3 ciphers: user requires SSLv3 cipher AES128-SHA;
-exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA;
-exec $mysql --user ssl_sslv3 --ssl-cipher=SSLv3;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES128-SHA;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3;
 echo SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256;
-exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA;
-exec $mysql --user ssl_tls12 --ssl-cipher=SSLv3;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES128-SHA;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3;
 
 drop user ssl_sslv3@localhost;
 drop user ssl_tls12@localhost;
diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test
index f2ac288db7a..6071e26a26f 100644
--- a/mysql-test/t/ssl.test
+++ b/mysql-test/t/ssl.test
@@ -34,7 +34,7 @@ disconnect ssl_con;
 
 create user mysqltest_1@localhost;
 grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
---exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1
+--exec $MYSQL -umysqltest_1 --tls_version=TLSv1.2 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1
 drop user mysqltest_1@localhost;
 
 # Wait till all disconnects are completed
diff --git a/mysql-test/t/ssl_cert_verify.test b/mysql-test/t/ssl_cert_verify.test
index 83f621b7ca9..51b1612e45b 100644
--- a/mysql-test/t/ssl_cert_verify.test
+++ b/mysql-test/t/ssl_cert_verify.test
@@ -30,7 +30,7 @@ let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-veri
 --enable_reconnect
 --source include/wait_until_connected_again.inc
 
---replace_result TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
+--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
 --exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'"
 
 --echo # restart server using restart
diff --git a/mysql-test/t/ssl_cipher.test b/mysql-test/t/ssl_cipher.test
index cf249343324..82dbf817a1d 100644
--- a/mysql-test/t/ssl_cipher.test
+++ b/mysql-test/t/ssl_cipher.test
@@ -13,8 +13,13 @@
 connect (ssl_con,localhost,root,,,,,SSL);
 
 # Check Cipher Name and Cipher List
-SHOW STATUS LIKE 'Ssl_cipher';
-SHOW STATUS LIKE 'Ssl_cipher_list';
+select variable_value into @a from information_schema.session_status where variable_name like 'SSL_CIPHER';
+# Check if cipher is empty
+select length(@a) > 0;
+# check if cipher list is empty
+select length(VARIABLE_VALUE) > 0  from information_schema.session_status where variable_name like 'SSL_CIPHER_LIST';
+# check if cipher is in list
+select position(@a in VARIABLE_VALUE) > 0  from information_schema.session_status where variable_name like 'SSL_CIPHER_LIST';
 
 connection default;
 disconnect ssl_con;