diff options
| author | Venkata Sidagam <venkata.sidagam@oracle.com> | 2012-08-11 15:43:04 +0530 |
|---|---|---|
| committer | Venkata Sidagam <venkata.sidagam@oracle.com> | 2012-08-11 15:43:04 +0530 |
| commit | 40319e9b44d778d570bd146d4a43e1d1842bb357 (patch) | |
| tree | b8db84cd22c36854f251319b5e14f589288a04b5 /mysql-test | |
| parent | af3fdefca52ace7f94c0b7217dbb4ea678829a3b (diff) | |
| download | mariadb-git-40319e9b44d778d570bd146d4a43e1d1842bb357.tar.gz | |
Bug #13115401: -SSL-KEY VALUE IS NOT VALIDATED AND IT ALLOWS INSECURE
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
Diffstat (limited to 'mysql-test')
| -rw-r--r-- | mysql-test/r/openssl_1.result | 6 | ||||
| -rw-r--r-- | mysql-test/t/openssl_1.test | 6 |
2 files changed, 9 insertions, 3 deletions
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 6389438c993..b95c4bb0e76 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -44,9 +44,9 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1 drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; drop table t1; -mysqltest: Could not open connection 'default': 2026 SSL connection error -mysqltest: Could not open connection 'default': 2026 SSL connection error -mysqltest: Could not open connection 'default': 2026 SSL connection error +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx SSL error: Unable to get private key from '' mysqltest: Could not open connection 'default': 2026 SSL connection error SSL error: Unable to get certificate from '' diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 8ca70258bc0..d5fbde1d9d4 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -73,22 +73,28 @@ drop table t1; # a different cacert # --exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--echo # # Test that we can't open connection to server if we are using # a blank ca # +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--echo # # Test that we can't open connection to server if we are using # a nonexistent ca file # +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--echo # # Test that we can't open connection to server if we are using |