diff options
| -rw-r--r-- | mysql-test/r/openssl_1.result | 10 | ||||
| -rw-r--r-- | mysql-test/t/openssl_1.test | 29 | ||||
| -rw-r--r-- | sql/mysqld.cc | 1 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 9 |
4 files changed, 47 insertions, 2 deletions
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index c6e077b2857..267ee83a56a 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -51,6 +51,9 @@ SSL error: Unable to get private key from '' mysqltest: Could not open connection 'default': 2026 SSL connection error SSL error: Unable to get certificate from '' mysqltest: Could not open connection 'default': 2026 SSL connection error +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA Variable_name Value Ssl_cipher DHE-RSA-AES256-SHA End of 5.0 tests @@ -75,3 +78,10 @@ SSL_CALLBACK_CACHE_HITS 0.0000000 DROP TABLE thread_status; SET GLOBAL event_scheduler=0; End of 5.1 tests +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES128-SHA +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES128-SHA +mysqltest: Could not open connection 'default': 2026 SSL connection error diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index fd562089483..2b7bd092507 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -97,6 +97,14 @@ drop table t1; --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # +# BUG#21611 Slave can't connect when master-ssl-cipher specified +# - Apparently selecting a cipher doesn't work at all +# - Usa a cipher that both yaSSL and OpenSSL supports +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 # # Test that we can open encrypted connection to server without @@ -142,3 +150,24 @@ SELECT variable_name, variable_value FROM thread_status; DROP TABLE thread_status; SET GLOBAL event_scheduler=0; --echo End of 5.1 tests + + +# +# Test to connect using a list of ciphers +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + + +# Test to connect using a specifi cipher +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# Test to connect using an unknown cipher +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--error 1 +--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + + diff --git a/sql/mysqld.cc b/sql/mysqld.cc index b70cf226803..56fe67383e4 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -3160,6 +3160,7 @@ static void init_ssl() DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd)); if (!ssl_acceptor_fd) { + sql_print_warning("Failed to setup SSL"); opt_use_ssl = 0; have_ssl= SHOW_OPTION_DISABLED; } diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index d318f1b0122..d26d4147c9f 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -257,8 +257,13 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } - /* Set the ciphers that can be used */ - if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher)) + /* + Set the ciphers that can be used + NOTE: SSL_CTX_set_cipher_list will return 0 if + none of the provided ciphers could be selected + */ + if (cipher && + SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0) { DBUG_PRINT("error", ("failed to set ciphers to use")); report_errors(); |