diff options
| author | Vladislav Vaintroub <wlad@mariadb.com> | 2016-08-19 15:46:27 +0000 |
|---|---|---|
| committer | Vladislav Vaintroub <wlad@mariadb.com> | 2016-08-19 15:46:27 +0000 |
| commit | 31a8cf54c8a7913338480a0571feaf32143b5f64 (patch) | |
| tree | 8847835f515af17d6c090300b138c31e1226731e /mysql-test | |
| parent | 7b89b9f5108c80f4f270da922d7e6c182a663719 (diff) | |
| download | mariadb-git-31a8cf54c8a7913338480a0571feaf32143b5f64.tar.gz | |
Revert "MDEV-9293 Connector/C integration"
This reverts commit 7b89b9f5108c80f4f270da922d7e6c182a663719.
Diffstat (limited to 'mysql-test')
| -rw-r--r-- | mysql-test/r/openssl_1.result | 56 | ||||
| -rw-r--r-- | mysql-test/r/openssl_6975,tlsv10.result | 12 | ||||
| -rw-r--r-- | mysql-test/r/openssl_6975,tlsv12.result | 12 | ||||
| -rw-r--r-- | mysql-test/r/ssl.result | 16 | ||||
| -rw-r--r-- | mysql-test/r/ssl_8k_key.result | 4 | ||||
| -rw-r--r-- | mysql-test/r/ssl_ca.result | 18 | ||||
| -rw-r--r-- | mysql-test/r/ssl_compress.result | 12 | ||||
| -rw-r--r-- | mysql-test/r/ssl_timeout.result | 6 | ||||
| -rw-r--r-- | mysql-test/r/userstat.result | 14 | ||||
| -rw-r--r-- | mysql-test/t/openssl_1.test | 58 | ||||
| -rw-r--r-- | mysql-test/t/ssl.test | 10 | ||||
| -rw-r--r-- | mysql-test/t/ssl_7937.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/ssl_8k_key-master.opt | 1 | ||||
| -rw-r--r-- | mysql-test/t/ssl_8k_key.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/ssl_ca.test | 17 | ||||
| -rw-r--r-- | mysql-test/t/ssl_compress.test | 6 | ||||
| -rw-r--r-- | mysql-test/t/ssl_timeout.test | 3 | ||||
| -rw-r--r-- | mysql-test/t/userstat.test | 3 |
18 files changed, 138 insertions, 114 deletions
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index f28c399ce74..12c91721381 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -4,25 +4,25 @@ drop table if exists t1; create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; -connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA; +connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET); -connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA; -ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO) connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA; -connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA; -connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA; +ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO) +connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; +connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; +connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET); -connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA; +connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO) connection con1; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher AES256-SHA +Ssl_cipher DHE-RSA-AES256-SHA select * from t1; f1 5 @@ -31,7 +31,7 @@ ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1 connection con2; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher AES256-SHA +Ssl_cipher DHE-RSA-AES256-SHA select * from t1; f1 5 @@ -40,7 +40,7 @@ ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1 connection con3; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher AES256-SHA +Ssl_cipher DHE-RSA-AES256-SHA select * from t1; f1 5 @@ -49,7 +49,7 @@ ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1 connection con4; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher AES256-SHA +Ssl_cipher DHE-RSA-AES256-SHA select * from t1; f1 5 @@ -66,13 +66,15 @@ drop table t1; mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx -mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx -mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx +SSL error: Unable to get private key from '' +mysqltest: Could not open connection 'default': 2026 SSL connection error: Unable to get private key +SSL error: Unable to get certificate from '' +mysqltest: Could not open connection 'default': 2026 SSL connection error: Unable to get certificate SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher AES256-SHA -have_ssl -1 +Ssl_cipher DHE-RSA-AES256-SHA +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA End of 5.0 tests DROP TABLE IF EXISTS thread_status; DROP EVENT IF EXISTS event_status; @@ -100,7 +102,8 @@ Ssl_cipher AES128-SHA SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value Ssl_cipher AES128-SHA -mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxxCREATE TABLE t1(a int); +mysqltest: Could not open connection 'default': 2026 SSL connection error: Failed to set ciphers to use +CREATE TABLE t1(a int); INSERT INTO t1 VALUES (1), (2); /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; @@ -204,21 +207,22 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -mysqldump: Got error: 2026: SSL connection error: xxxx +SSL error: Unable to get private key from 'MYSQL_TEST_DIR/std_data/client-cert.pem' +mysqldump: Got error: 2026: "SSL connection error: Unable to get private key" when trying to connect DROP TABLE t1; Variable_name Value -Ssl_cipher AES256-SHA +Ssl_cipher DHE-RSA-AES256-SHA Variable_name Value -Ssl_cipher DES-CBC3-SHA +Ssl_cipher EDH-RSA-DES-CBC3-SHA select 'is still running; no cipher request crashed the server' as result from dual; result is still running; no cipher request crashed the server GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect con1,localhost,bug42158,,,,,SSL; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA disconnect con1; connection default; DROP USER bug42158@localhost; diff --git a/mysql-test/r/openssl_6975,tlsv10.result b/mysql-test/r/openssl_6975,tlsv10.result index a65167ff427..6285faa0143 100644 --- a/mysql-test/r/openssl_6975,tlsv10.result +++ b/mysql-test/r/openssl_6975,tlsv10.result @@ -3,14 +3,14 @@ grant select on test.* to ssl_sslv3@localhost require cipher "RC4-SHA"; create user ssl_tls12@localhost; grant select on test.* to ssl_tls12@localhost require cipher "AES128-SHA256"; TLS1.2 ciphers: user is ok with any cipher -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure TLS1.2 ciphers: user requires SSLv3 cipher RC4-SHA -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256 -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure SSLv3 ciphers: user is ok with any cipher Variable_name Value Ssl_cipher RC4-SHA diff --git a/mysql-test/r/openssl_6975,tlsv12.result b/mysql-test/r/openssl_6975,tlsv12.result index 8758daa7011..31d2658c829 100644 --- a/mysql-test/r/openssl_6975,tlsv12.result +++ b/mysql-test/r/openssl_6975,tlsv12.result @@ -15,13 +15,13 @@ Variable_name Value Ssl_cipher AES128-SHA256 ERROR 1045 (28000): Access denied for user 'ssl_tls12'@'localhost' (using password: NO) SSLv3 ciphers: user is ok with any cipher -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure SSLv3 ciphers: user requires SSLv3 cipher RC4-SHA -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256 -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure drop user ssl_sslv3@localhost; drop user ssl_tls12@localhost; diff --git a/mysql-test/r/ssl.result b/mysql-test/r/ssl.result index 41af96621b2..7cd18fbf539 100644 --- a/mysql-test/r/ssl.result +++ b/mysql-test/r/ssl.result @@ -1,7 +1,7 @@ connect ssl_con,localhost,root,,,,,SSL; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA SHOW STATUS LIKE 'Ssl_server_not_before'; Variable_name Value Ssl_server_not_before Apr 25 14:55:05 2015 GMT @@ -2164,9 +2164,9 @@ Privat (Private Nutzung) Mobilfunk Warnings: Warning 1052 Column 'kundentyp' in group statement is ambiguous drop table t1; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA select aes_decrypt('MySQL','adf'); aes_decrypt('MySQL','adf') NULL @@ -2176,7 +2176,7 @@ still connected? connection default; disconnect ssl_con; create user mysqltest_1@localhost; -grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; +grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA"; Variable_name Value -Ssl_cipher AES256-SHA +Ssl_cipher EDH-RSA-DES-CBC3-SHA drop user mysqltest_1@localhost; diff --git a/mysql-test/r/ssl_8k_key.result b/mysql-test/r/ssl_8k_key.result index ff9d0cce9dc..b33a1d2854f 100644 --- a/mysql-test/r/ssl_8k_key.result +++ b/mysql-test/r/ssl_8k_key.result @@ -1,2 +1,2 @@ -have_ssl -1 +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA diff --git a/mysql-test/r/ssl_ca.result b/mysql-test/r/ssl_ca.result index 8ea3e30eb06..ffc5671f85f 100644 --- a/mysql-test/r/ssl_ca.result +++ b/mysql-test/r/ssl_ca.result @@ -2,23 +2,23 @@ # Bug#21920657: SSL-CA FAILS SILENTLY IF THE PATH CANNOT BE FOUND # # try to connect with wrong '--ssl-ca' path : should fail -ERROR 2026 (HY000): SSL connection error: xxxx +ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed # try to connect with correct '--ssl-ca' path : should connect -have_ssl -1 +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA # # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY # PATH SUBSTITUTION # # try to connect with '--ssl-ca' option using tilde home directoy # path substitution : should connect -have_ssl -1 +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA # try to connect with '--ssl-key' option using tilde home directoy # path substitution : should connect -have_ssl -1 +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA # try to connect with '--ssl-cert' option using tilde home directoy # path substitution : should connect -have_ssl -1 +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA diff --git a/mysql-test/r/ssl_compress.result b/mysql-test/r/ssl_compress.result index 09c682e3851..8260fde5c4e 100644 --- a/mysql-test/r/ssl_compress.result +++ b/mysql-test/r/ssl_compress.result @@ -1,7 +1,7 @@ connect ssl_compress_con,localhost,root,,,,,SSL COMPRESS; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA SHOW STATUS LIKE 'Compression'; Variable_name Value Compression ON @@ -2161,9 +2161,9 @@ Privat (Private Nutzung) Mobilfunk Warnings: Warning 1052 Column 'kundentyp' in group statement is ambiguous drop table t1; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA SHOW STATUS LIKE 'Compression'; Variable_name Value Compression ON diff --git a/mysql-test/r/ssl_timeout.result b/mysql-test/r/ssl_timeout.result index 3c94a9927da..27dce524685 100644 --- a/mysql-test/r/ssl_timeout.result +++ b/mysql-test/r/ssl_timeout.result @@ -1,9 +1,9 @@ # connect with read timeout so SLEEP() should timeout connect ssl_con,localhost,root,,,,,SSL read_timeout=5; # Check ssl turned on -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA SELECT SLEEP(600); ERROR HY000: Lost connection to MySQL server during query connection default; diff --git a/mysql-test/r/userstat.result b/mysql-test/r/userstat.result index c6b780fce40..a56ff5771f6 100644 --- a/mysql-test/r/userstat.result +++ b/mysql-test/r/userstat.result @@ -81,9 +81,9 @@ select * from t1 where a=999; a b drop table t1; connect ssl_con,localhost,root,,,,,SSL; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; -have_ssl -1 +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA connection default; create table t1 (a int, primary key (a), b int default 0) engine=innodb; begin; @@ -149,11 +149,11 @@ TOTAL_CONNECTIONS 2 TOTAL_SSL_CONNECTIONS 1 CONCURRENT_CONNECTIONS 0 ROWS_READ 6 -ROWS_SENT 3 +ROWS_SENT 2 ROWS_DELETED 1 ROWS_INSERTED 7 ROWS_UPDATED 5 -SELECT_COMMANDS 4 +SELECT_COMMANDS 3 UPDATE_COMMANDS 11 OTHER_COMMANDS 7 COMMIT_TRANSACTIONS 19 @@ -167,11 +167,11 @@ TOTAL_CONNECTIONS 2 TOTAL_SSL_CONNECTIONS 1 CONCURRENT_CONNECTIONS 0 ROWS_READ 6 -ROWS_SENT 3 +ROWS_SENT 2 ROWS_DELETED 1 ROWS_INSERTED 7 ROWS_UPDATED 5 -SELECT_COMMANDS 4 +SELECT_COMMANDS 3 UPDATE_COMMANDS 11 OTHER_COMMANDS 7 COMMIT_TRANSACTIONS 19 diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 8e2d9133359..837206e2717 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -16,22 +16,22 @@ create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; -connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA); +connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA); connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA); -connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA); -connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA); +connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA); +connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); connection con1; # Check ssl turned on @@ -79,6 +79,7 @@ drop table t1; # --exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql # Handle that openssl gives different error messages from YaSSL. +#--replace_regex /error:00000001:lib\(0\):func\(0\):reason\(1\)/ASN: bad other signature confirmation/ --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -88,6 +89,7 @@ drop table t1; # Test that we can't open connection to server if we are using # a blank ca # +#--replace_regex /error:00000001:lib\(0\):func\(0\):reason\(1\)/ASN: bad other signature confirmation/ --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -97,6 +99,7 @@ drop table t1; # Test that we can't open connection to server if we are using # a nonexistent ca file # +#--replace_regex /error:00000001:lib\(0\):func\(0\):reason\(1\)/ASN: bad other signature confirmation/ --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -106,27 +109,23 @@ drop table t1; # Test that we can't open connection to server if we are using # a blank client-key # ---replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 ---echo # # Test that we can't open connection to server if we are using # a blank client-cert # ---replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 ---echo # # Bug#21611 Slave can't connect when master-ssl-cipher specified # - Apparently selecting a cipher doesn't work at all -# - Use a cipher that both yaSSL and OpenSSL supports +# - Usa a cipher that both yaSSL and OpenSSL supports # --exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 @@ -135,7 +134,8 @@ drop table t1; # verification of servers certificate by setting both ca certificate # and ca path to NULL # ---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 --echo End of 5.0 tests # @@ -191,7 +191,6 @@ SET GLOBAL event_scheduler=0; # Test to connect using an unknown cipher # --exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit" > $MYSQLTEST_VARDIR/tmp/test.sql ---replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -211,10 +210,9 @@ INSERT INTO t1 VALUES (1), (2); # With wrong parameters --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR mysqldump.exe mysqldump ---replace_regex /\"SSL connection error.*/SSL connection error: xxxx/ --error 2 --exec $MYSQL_DUMP --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1 ---echo + DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/tmp/test.sql @@ -224,8 +222,8 @@ DROP TABLE t1; # # Common ciphers to openssl and yassl ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DES-CBC3-SHA +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DHE-RSA-AES256-SHA +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC3-SHA --disable_query_log --disable_result_log @@ -234,7 +232,20 @@ DROP TABLE t1; --exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST # These probably exist but the server's keys can't be used to accept these kinds of connections. --error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES128-RMD +--error 1,0 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES128-SHA +--error 1,0 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES256-RMD +--error 1,0 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES256-SHA +--error 1,0 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-DES-CBC3-RMD +--error 1,0 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=EDH-DSS-DES-CBC3-SHA +--error 1,0 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=EDH-DSS-DES-CBC-SHA +# End of crashers. ########################## # If this gives a result, then the bug is fixed. --enable_result_log @@ -248,7 +259,8 @@ select 'is still running; no cipher request crashed the server' as result from d GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect(con1,localhost,bug42158,,,,,SSL); -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; disconnect con1; connection default; DROP USER bug42158@localhost; diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test index f2ac288db7a..88766e7cf39 100644 --- a/mysql-test/t/ssl.test +++ b/mysql-test/t/ssl.test @@ -11,7 +11,8 @@ connect (ssl_con,localhost,root,,,,,SSL); # Check ssl turned on -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; # Check ssl expiration SHOW STATUS LIKE 'Ssl_server_not_before'; @@ -21,7 +22,8 @@ SHOW STATUS LIKE 'Ssl_server_not_after'; -- source include/common-tests.inc # Check ssl turned on -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; # # MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL @@ -33,8 +35,8 @@ connection default; disconnect ssl_con; create user mysqltest_1@localhost; -grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; ---exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 +grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA"; +--exec $MYSQL -umysqltest_1 --ssl-cipher=EDH-RSA-DES-CBC3-SHA -e "show status like 'ssl_cipher'" 2>&1 drop user mysqltest_1@localhost; # Wait till all disconnects are completed diff --git a/mysql-test/t/ssl_7937.test b/mysql-test/t/ssl_7937.test index 8e9d1901907..d593b9d936d 100644 --- a/mysql-test/t/ssl_7937.test +++ b/mysql-test/t/ssl_7937.test @@ -26,10 +26,10 @@ create procedure have_ssl() # we fake the test result for yassl let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`; if (!$yassl) { - --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 } if ($yassl) { --echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate } + drop procedure have_ssl; diff --git a/mysql-test/t/ssl_8k_key-master.opt b/mysql-test/t/ssl_8k_key-master.opt index 856b33e95ee..531c0abc9f1 100644 --- a/mysql-test/t/ssl_8k_key-master.opt +++ b/mysql-test/t/ssl_8k_key-master.opt @@ -1,2 +1,3 @@ --loose-ssl-key=$MYSQL_TEST_DIR/std_data/server8k-key.pem --loose-ssl-cert=$MYSQL_TEST_DIR/std_data/server8k-cert.pem +--loose-ssl-cipher=DHE-RSA-AES256-SHA diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test index 23267a3c611..27cffdce1f2 100644 --- a/mysql-test/t/ssl_8k_key.test +++ b/mysql-test/t/ssl_8k_key.test @@ -5,7 +5,7 @@ # # Bug#29784 YaSSL assertion failure when reading 8k key. # ---exec $MYSQL --connect-timeout=180 --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') as have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 +--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 ## This test file is for testing encrypted communication only, not other ## encryption routines that the SSL library happens to provide! diff --git a/mysql-test/t/ssl_ca.test b/mysql-test/t/ssl_ca.test index 5870d9598fc..8e81f44e61c 100644 --- a/mysql-test/t/ssl_ca.test +++ b/mysql-test/t/ssl_ca.test @@ -6,14 +6,12 @@ --echo # --echo # try to connect with wrong '--ssl-ca' path : should fail - ---replace_regex /SSL connection error.*/SSL connection error: xxxx/ --error 1 ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1 ---echo +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1 --echo # try to connect with correct '--ssl-ca' path : should connect ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" --echo # --echo # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY @@ -24,12 +22,15 @@ --echo # try to connect with '--ssl-ca' option using tilde home directoy --echo # path substitution : should connect ---exec $MYSQL --ssl-ca$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA +--exec $MYSQL --ssl-ca$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" --echo # try to connect with '--ssl-key' option using tilde home directoy --echo # path substitution : should connect ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" --echo # try to connect with '--ssl-cert' option using tilde home directoy --echo # path substitution : should connect ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert$mysql_test_dir_path/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert$mysql_test_dir_path/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test index 588d4555db8..28f3453c23e 100644 --- a/mysql-test/t/ssl_compress.test +++ b/mysql-test/t/ssl_compress.test @@ -11,7 +11,8 @@ connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS); # Check ssl turned on -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; # Check compression turned on SHOW STATUS LIKE 'Compression'; @@ -20,7 +21,8 @@ SHOW STATUS LIKE 'Compression'; -- source include/common-tests.inc # Check ssl turned on -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; # Check compression turned on SHOW STATUS LIKE 'Compression'; diff --git a/mysql-test/t/ssl_timeout.test b/mysql-test/t/ssl_timeout.test index 430fe7130de..806b928aca0 100644 --- a/mysql-test/t/ssl_timeout.test +++ b/mysql-test/t/ssl_timeout.test @@ -7,7 +7,8 @@ connect (ssl_con,localhost,root,,,,,SSL read_timeout=5); --echo # Check ssl turned on -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; # --error CR_SERVER_LOST --error 2013 diff --git a/mysql-test/t/userstat.test b/mysql-test/t/userstat.test index 9ce3a32c442..cb1250a13ea 100644 --- a/mysql-test/t/userstat.test +++ b/mysql-test/t/userstat.test @@ -35,7 +35,8 @@ drop table t1; # test SSL connections --connect (ssl_con,localhost,root,,,,,SSL) -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; --connection default # |