diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2016-08-19 15:27:37 +0000 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2016-08-19 15:27:37 +0000 |
commit | 7b89b9f5108c80f4f270da922d7e6c182a663719 (patch) | |
tree | 858a3873942f07610fb26685781e8bdbd3ab2c7f /mysql-test | |
parent | daff133ddf9a9d120050703c0b5753979c6190e0 (diff) | |
download | mariadb-git-7b89b9f5108c80f4f270da922d7e6c182a663719.tar.gz |
MDEV-9293 Connector/C integration
Diffstat (limited to 'mysql-test')
-rw-r--r-- | mysql-test/r/openssl_1.result | 56 | ||||
-rw-r--r-- | mysql-test/r/openssl_6975,tlsv10.result | 12 | ||||
-rw-r--r-- | mysql-test/r/openssl_6975,tlsv12.result | 12 | ||||
-rw-r--r-- | mysql-test/r/ssl.result | 16 | ||||
-rw-r--r-- | mysql-test/r/ssl_8k_key.result | 4 | ||||
-rw-r--r-- | mysql-test/r/ssl_ca.result | 18 | ||||
-rw-r--r-- | mysql-test/r/ssl_compress.result | 12 | ||||
-rw-r--r-- | mysql-test/r/ssl_timeout.result | 6 | ||||
-rw-r--r-- | mysql-test/r/userstat.result | 14 | ||||
-rw-r--r-- | mysql-test/t/openssl_1.test | 58 | ||||
-rw-r--r-- | mysql-test/t/ssl.test | 10 | ||||
-rw-r--r-- | mysql-test/t/ssl_7937.test | 2 | ||||
-rw-r--r-- | mysql-test/t/ssl_8k_key-master.opt | 1 | ||||
-rw-r--r-- | mysql-test/t/ssl_8k_key.test | 2 | ||||
-rw-r--r-- | mysql-test/t/ssl_ca.test | 17 | ||||
-rw-r--r-- | mysql-test/t/ssl_compress.test | 6 | ||||
-rw-r--r-- | mysql-test/t/ssl_timeout.test | 3 | ||||
-rw-r--r-- | mysql-test/t/userstat.test | 3 |
18 files changed, 114 insertions, 138 deletions
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 12c91721381..f28c399ce74 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -4,25 +4,25 @@ drop table if exists t1; create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; +grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; flush privileges; -connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; +connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA; connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET); -connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA; +connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA; ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO) -connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; -connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; -connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; +connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA; +connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA; +connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA; connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET); -connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA; +connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA; ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO) connection con1; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +Ssl_cipher AES256-SHA select * from t1; f1 5 @@ -31,7 +31,7 @@ ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1 connection con2; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +Ssl_cipher AES256-SHA select * from t1; f1 5 @@ -40,7 +40,7 @@ ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1 connection con3; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +Ssl_cipher AES256-SHA select * from t1; f1 5 @@ -49,7 +49,7 @@ ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1 connection con4; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +Ssl_cipher AES256-SHA select * from t1; f1 5 @@ -66,15 +66,13 @@ drop table t1; mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx -SSL error: Unable to get private key from '' -mysqltest: Could not open connection 'default': 2026 SSL connection error: Unable to get private key -SSL error: Unable to get certificate from '' -mysqltest: Could not open connection 'default': 2026 SSL connection error: Unable to get certificate +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +Ssl_cipher AES256-SHA +have_ssl +1 End of 5.0 tests DROP TABLE IF EXISTS thread_status; DROP EVENT IF EXISTS event_status; @@ -102,8 +100,7 @@ Ssl_cipher AES128-SHA SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value Ssl_cipher AES128-SHA -mysqltest: Could not open connection 'default': 2026 SSL connection error: Failed to set ciphers to use -CREATE TABLE t1(a int); +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxxCREATE TABLE t1(a int); INSERT INTO t1 VALUES (1), (2); /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; @@ -207,22 +204,21 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -SSL error: Unable to get private key from 'MYSQL_TEST_DIR/std_data/client-cert.pem' -mysqldump: Got error: 2026: "SSL connection error: Unable to get private key" when trying to connect +mysqldump: Got error: 2026: SSL connection error: xxxx DROP TABLE t1; Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +Ssl_cipher AES256-SHA Variable_name Value -Ssl_cipher EDH-RSA-DES-CBC3-SHA +Ssl_cipher DES-CBC3-SHA select 'is still running; no cipher request crashed the server' as result from dual; result is still running; no cipher request crashed the server GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect con1,localhost,bug42158,,,,,SSL; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 disconnect con1; connection default; DROP USER bug42158@localhost; diff --git a/mysql-test/r/openssl_6975,tlsv10.result b/mysql-test/r/openssl_6975,tlsv10.result index 6285faa0143..a65167ff427 100644 --- a/mysql-test/r/openssl_6975,tlsv10.result +++ b/mysql-test/r/openssl_6975,tlsv10.result @@ -3,14 +3,14 @@ grant select on test.* to ssl_sslv3@localhost require cipher "RC4-SHA"; create user ssl_tls12@localhost; grant select on test.* to ssl_tls12@localhost require cipher "AES128-SHA256"; TLS1.2 ciphers: user is ok with any cipher -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure TLS1.2 ciphers: user requires SSLv3 cipher RC4-SHA -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256 -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure SSLv3 ciphers: user is ok with any cipher Variable_name Value Ssl_cipher RC4-SHA diff --git a/mysql-test/r/openssl_6975,tlsv12.result b/mysql-test/r/openssl_6975,tlsv12.result index 31d2658c829..8758daa7011 100644 --- a/mysql-test/r/openssl_6975,tlsv12.result +++ b/mysql-test/r/openssl_6975,tlsv12.result @@ -15,13 +15,13 @@ Variable_name Value Ssl_cipher AES128-SHA256 ERROR 1045 (28000): Access denied for user 'ssl_tls12'@'localhost' (using password: NO) SSLv3 ciphers: user is ok with any cipher -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure SSLv3 ciphers: user requires SSLv3 cipher RC4-SHA -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256 -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure -ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure +ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure drop user ssl_sslv3@localhost; drop user ssl_tls12@localhost; diff --git a/mysql-test/r/ssl.result b/mysql-test/r/ssl.result index 7cd18fbf539..41af96621b2 100644 --- a/mysql-test/r/ssl.result +++ b/mysql-test/r/ssl.result @@ -1,7 +1,7 @@ connect ssl_con,localhost,root,,,,,SSL; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 SHOW STATUS LIKE 'Ssl_server_not_before'; Variable_name Value Ssl_server_not_before Apr 25 14:55:05 2015 GMT @@ -2164,9 +2164,9 @@ Privat (Private Nutzung) Mobilfunk Warnings: Warning 1052 Column 'kundentyp' in group statement is ambiguous drop table t1; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 select aes_decrypt('MySQL','adf'); aes_decrypt('MySQL','adf') NULL @@ -2176,7 +2176,7 @@ still connected? connection default; disconnect ssl_con; create user mysqltest_1@localhost; -grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA"; +grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; Variable_name Value -Ssl_cipher EDH-RSA-DES-CBC3-SHA +Ssl_cipher AES256-SHA drop user mysqltest_1@localhost; diff --git a/mysql-test/r/ssl_8k_key.result b/mysql-test/r/ssl_8k_key.result index b33a1d2854f..ff9d0cce9dc 100644 --- a/mysql-test/r/ssl_8k_key.result +++ b/mysql-test/r/ssl_8k_key.result @@ -1,2 +1,2 @@ -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +have_ssl +1 diff --git a/mysql-test/r/ssl_ca.result b/mysql-test/r/ssl_ca.result index ffc5671f85f..8ea3e30eb06 100644 --- a/mysql-test/r/ssl_ca.result +++ b/mysql-test/r/ssl_ca.result @@ -2,23 +2,23 @@ # Bug#21920657: SSL-CA FAILS SILENTLY IF THE PATH CANNOT BE FOUND # # try to connect with wrong '--ssl-ca' path : should fail -ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed +ERROR 2026 (HY000): SSL connection error: xxxx # try to connect with correct '--ssl-ca' path : should connect -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +have_ssl +1 # # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY # PATH SUBSTITUTION # # try to connect with '--ssl-ca' option using tilde home directoy # path substitution : should connect -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +have_ssl +1 # try to connect with '--ssl-key' option using tilde home directoy # path substitution : should connect -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +have_ssl +1 # try to connect with '--ssl-cert' option using tilde home directoy # path substitution : should connect -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +have_ssl +1 diff --git a/mysql-test/r/ssl_compress.result b/mysql-test/r/ssl_compress.result index 8260fde5c4e..09c682e3851 100644 --- a/mysql-test/r/ssl_compress.result +++ b/mysql-test/r/ssl_compress.result @@ -1,7 +1,7 @@ connect ssl_compress_con,localhost,root,,,,,SSL COMPRESS; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 SHOW STATUS LIKE 'Compression'; Variable_name Value Compression ON @@ -2161,9 +2161,9 @@ Privat (Private Nutzung) Mobilfunk Warnings: Warning 1052 Column 'kundentyp' in group statement is ambiguous drop table t1; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 SHOW STATUS LIKE 'Compression'; Variable_name Value Compression ON diff --git a/mysql-test/r/ssl_timeout.result b/mysql-test/r/ssl_timeout.result index 27dce524685..3c94a9927da 100644 --- a/mysql-test/r/ssl_timeout.result +++ b/mysql-test/r/ssl_timeout.result @@ -1,9 +1,9 @@ # connect with read timeout so SLEEP() should timeout connect ssl_con,localhost,root,,,,,SSL read_timeout=5; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 SELECT SLEEP(600); ERROR HY000: Lost connection to MySQL server during query connection default; diff --git a/mysql-test/r/userstat.result b/mysql-test/r/userstat.result index a56ff5771f6..c6b780fce40 100644 --- a/mysql-test/r/userstat.result +++ b/mysql-test/r/userstat.result @@ -81,9 +81,9 @@ select * from t1 where a=999; a b drop table t1; connect ssl_con,localhost,root,,,,,SSL; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher DHE-RSA-AES256-SHA +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 connection default; create table t1 (a int, primary key (a), b int default 0) engine=innodb; begin; @@ -149,11 +149,11 @@ TOTAL_CONNECTIONS 2 TOTAL_SSL_CONNECTIONS 1 CONCURRENT_CONNECTIONS 0 ROWS_READ 6 -ROWS_SENT 2 +ROWS_SENT 3 ROWS_DELETED 1 ROWS_INSERTED 7 ROWS_UPDATED 5 -SELECT_COMMANDS 3 +SELECT_COMMANDS 4 UPDATE_COMMANDS 11 OTHER_COMMANDS 7 COMMIT_TRANSACTIONS 19 @@ -167,11 +167,11 @@ TOTAL_CONNECTIONS 2 TOTAL_SSL_CONNECTIONS 1 CONCURRENT_CONNECTIONS 0 ROWS_READ 6 -ROWS_SENT 2 +ROWS_SENT 3 ROWS_DELETED 1 ROWS_INSERTED 7 ROWS_UPDATED 5 -SELECT_COMMANDS 3 +SELECT_COMMANDS 4 UPDATE_COMMANDS 11 OTHER_COMMANDS 7 COMMIT_TRANSACTIONS 19 diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 837206e2717..8e2d9133359 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -16,22 +16,22 @@ create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; +grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; flush privileges; -connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR +connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA); connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA); -connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); -connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); -connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA); +connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA); connection con1; # Check ssl turned on @@ -79,7 +79,6 @@ drop table t1; # --exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql # Handle that openssl gives different error messages from YaSSL. -#--replace_regex /error:00000001:lib\(0\):func\(0\):reason\(1\)/ASN: bad other signature confirmation/ --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -89,7 +88,6 @@ drop table t1; # Test that we can't open connection to server if we are using # a blank ca # -#--replace_regex /error:00000001:lib\(0\):func\(0\):reason\(1\)/ASN: bad other signature confirmation/ --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -99,7 +97,6 @@ drop table t1; # Test that we can't open connection to server if we are using # a nonexistent ca file # -#--replace_regex /error:00000001:lib\(0\):func\(0\):reason\(1\)/ASN: bad other signature confirmation/ --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -109,23 +106,27 @@ drop table t1; # Test that we can't open connection to server if we are using # a blank client-key # +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--echo # # Test that we can't open connection to server if we are using # a blank client-cert # +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--echo # # Bug#21611 Slave can't connect when master-ssl-cipher specified # - Apparently selecting a cipher doesn't work at all -# - Usa a cipher that both yaSSL and OpenSSL supports +# - Use a cipher that both yaSSL and OpenSSL supports # --exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 @@ -134,8 +135,7 @@ drop table t1; # verification of servers certificate by setting both ca certificate # and ca path to NULL # ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 +--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 --echo End of 5.0 tests # @@ -191,6 +191,7 @@ SET GLOBAL event_scheduler=0; # Test to connect using an unknown cipher # --exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit" > $MYSQLTEST_VARDIR/tmp/test.sql +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 --exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 @@ -210,9 +211,10 @@ INSERT INTO t1 VALUES (1), (2); # With wrong parameters --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR mysqldump.exe mysqldump +--replace_regex /\"SSL connection error.*/SSL connection error: xxxx/ --error 2 --exec $MYSQL_DUMP --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1 - +--echo DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/tmp/test.sql @@ -222,8 +224,8 @@ DROP TABLE t1; # # Common ciphers to openssl and yassl ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DHE-RSA-AES256-SHA ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC3-SHA +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DES-CBC3-SHA --disable_query_log --disable_result_log @@ -232,20 +234,7 @@ DROP TABLE t1; --exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST # These probably exist but the server's keys can't be used to accept these kinds of connections. --error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES128-RMD ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES128-SHA ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES256-RMD ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES256-SHA ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-DES-CBC3-RMD ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=EDH-DSS-DES-CBC3-SHA ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=EDH-DSS-DES-CBC-SHA -# End of crashers. ########################## +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD # If this gives a result, then the bug is fixed. --enable_result_log @@ -259,8 +248,7 @@ select 'is still running; no cipher request crashed the server' as result from d GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect(con1,localhost,bug42158,,,,,SSL); ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; disconnect con1; connection default; DROP USER bug42158@localhost; diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test index 88766e7cf39..f2ac288db7a 100644 --- a/mysql-test/t/ssl.test +++ b/mysql-test/t/ssl.test @@ -11,8 +11,7 @@ connect (ssl_con,localhost,root,,,,,SSL); # Check ssl turned on ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; # Check ssl expiration SHOW STATUS LIKE 'Ssl_server_not_before'; @@ -22,8 +21,7 @@ SHOW STATUS LIKE 'Ssl_server_not_after'; -- source include/common-tests.inc # Check ssl turned on ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; # # MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL @@ -35,8 +33,8 @@ connection default; disconnect ssl_con; create user mysqltest_1@localhost; -grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA"; ---exec $MYSQL -umysqltest_1 --ssl-cipher=EDH-RSA-DES-CBC3-SHA -e "show status like 'ssl_cipher'" 2>&1 +grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; +--exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 drop user mysqltest_1@localhost; # Wait till all disconnects are completed diff --git a/mysql-test/t/ssl_7937.test b/mysql-test/t/ssl_7937.test index d593b9d936d..8e9d1901907 100644 --- a/mysql-test/t/ssl_7937.test +++ b/mysql-test/t/ssl_7937.test @@ -26,10 +26,10 @@ create procedure have_ssl() # we fake the test result for yassl let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`; if (!$yassl) { + --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 } if ($yassl) { --echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate } - drop procedure have_ssl; diff --git a/mysql-test/t/ssl_8k_key-master.opt b/mysql-test/t/ssl_8k_key-master.opt index 531c0abc9f1..856b33e95ee 100644 --- a/mysql-test/t/ssl_8k_key-master.opt +++ b/mysql-test/t/ssl_8k_key-master.opt @@ -1,3 +1,2 @@ --loose-ssl-key=$MYSQL_TEST_DIR/std_data/server8k-key.pem --loose-ssl-cert=$MYSQL_TEST_DIR/std_data/server8k-cert.pem ---loose-ssl-cipher=DHE-RSA-AES256-SHA diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test index 27cffdce1f2..23267a3c611 100644 --- a/mysql-test/t/ssl_8k_key.test +++ b/mysql-test/t/ssl_8k_key.test @@ -5,7 +5,7 @@ # # Bug#29784 YaSSL assertion failure when reading 8k key. # ---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 +--exec $MYSQL --connect-timeout=180 --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') as have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 ## This test file is for testing encrypted communication only, not other ## encryption routines that the SSL library happens to provide! diff --git a/mysql-test/t/ssl_ca.test b/mysql-test/t/ssl_ca.test index 8e81f44e61c..5870d9598fc 100644 --- a/mysql-test/t/ssl_ca.test +++ b/mysql-test/t/ssl_ca.test @@ -6,12 +6,14 @@ --echo # --echo # try to connect with wrong '--ssl-ca' path : should fail + +--replace_regex /SSL connection error.*/SSL connection error: xxxx/ --error 1 ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1 +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1 +--echo --echo # try to connect with correct '--ssl-ca' path : should connect ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" --echo # --echo # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY @@ -22,15 +24,12 @@ --echo # try to connect with '--ssl-ca' option using tilde home directoy --echo # path substitution : should connect ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA ---exec $MYSQL --ssl-ca$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" +--exec $MYSQL --ssl-ca$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" --echo # try to connect with '--ssl-key' option using tilde home directoy --echo # path substitution : should connect ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" --echo # try to connect with '--ssl-cert' option using tilde home directoy --echo # path substitution : should connect ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert$mysql_test_dir_path/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert$mysql_test_dir_path/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test index 28f3453c23e..588d4555db8 100644 --- a/mysql-test/t/ssl_compress.test +++ b/mysql-test/t/ssl_compress.test @@ -11,8 +11,7 @@ connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS); # Check ssl turned on ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; # Check compression turned on SHOW STATUS LIKE 'Compression'; @@ -21,8 +20,7 @@ SHOW STATUS LIKE 'Compression'; -- source include/common-tests.inc # Check ssl turned on ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; # Check compression turned on SHOW STATUS LIKE 'Compression'; diff --git a/mysql-test/t/ssl_timeout.test b/mysql-test/t/ssl_timeout.test index 806b928aca0..430fe7130de 100644 --- a/mysql-test/t/ssl_timeout.test +++ b/mysql-test/t/ssl_timeout.test @@ -7,8 +7,7 @@ connect (ssl_con,localhost,root,,,,,SSL read_timeout=5); --echo # Check ssl turned on ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; # --error CR_SERVER_LOST --error 2013 diff --git a/mysql-test/t/userstat.test b/mysql-test/t/userstat.test index cb1250a13ea..9ce3a32c442 100644 --- a/mysql-test/t/userstat.test +++ b/mysql-test/t/userstat.test @@ -35,8 +35,7 @@ drop table t1; # test SSL connections --connect (ssl_con,localhost,root,,,,,SSL) ---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; --connection default # |