summaryrefslogtreecommitdiff
path: root/mysql-test/lib
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-test/lib')
-rw-r--r--mysql-test/lib/My/ConfigFactory.pm56
-rwxr-xr-xmysql-test/lib/generate-ssl-certs.sh21
2 files changed, 15 insertions, 62 deletions
diff --git a/mysql-test/lib/My/ConfigFactory.pm b/mysql-test/lib/My/ConfigFactory.pm
index 12c0095e80e..830b49d431f 100644
--- a/mysql-test/lib/My/ConfigFactory.pm
+++ b/mysql-test/lib/My/ConfigFactory.pm
@@ -182,55 +182,6 @@ sub fix_log_slow_queries {
return "$dir/mysqld-slow.log";
}
-sub fix_std_data {
- my ($self, $config, $group_name, $group)= @_;
- my $testdir= $self->get_testdir($group);
- return "$testdir/std_data";
-}
-
-sub ssl_supported {
- my ($self)= @_;
- return $self->{ARGS}->{ssl};
-}
-
-sub fix_skip_ssl {
- return if !ssl_supported(@_);
- # Add skip-ssl if ssl is supported to avoid
- # that mysqltest connects with SSL by default
- return 1;
-}
-
-sub fix_ssl_ca {
- return if !ssl_supported(@_);
- my $std_data= fix_std_data(@_);
- return "$std_data/cacert.pem"
-}
-
-sub fix_ssl_server_cert {
- return if !ssl_supported(@_);
- my $std_data= fix_std_data(@_);
- return "$std_data/server-cert.pem"
-}
-
-sub fix_ssl_client_cert {
- return if !ssl_supported(@_);
- my $std_data= fix_std_data(@_);
- return "$std_data/client-cert.pem"
-}
-
-sub fix_ssl_server_key {
- return if !ssl_supported(@_);
- my $std_data= fix_std_data(@_);
- return "$std_data/server-key.pem"
-}
-
-sub fix_ssl_client_key {
- return if !ssl_supported(@_);
- my $std_data= fix_std_data(@_);
- return "$std_data/client-key.pem"
-}
-
-
#
# Rules to run for each mysqld in the config
# - will be run in order listed here
@@ -255,9 +206,6 @@ my @mysqld_rules=
{ '#user' => sub { return shift->{ARGS}->{user} || ""; } },
{ '#password' => sub { return shift->{ARGS}->{password} || ""; } },
{ 'server-id' => \&fix_server_id, },
- { 'ssl-ca' => \&fix_ssl_ca },
- { 'ssl-cert' => \&fix_ssl_server_cert },
- { 'ssl-key' => \&fix_ssl_server_key },
{ 'bind-address' => \&fix_bind_address },
);
@@ -284,10 +232,6 @@ my @client_rules=
#
my @mysqltest_rules=
(
- { 'ssl-ca' => \&fix_ssl_ca },
- { 'ssl-cert' => \&fix_ssl_client_cert },
- { 'ssl-key' => \&fix_ssl_client_key },
- { 'skip-ssl' => \&fix_skip_ssl },
);
diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh
index cc919dfe32e..8f15ba9d521 100755
--- a/mysql-test/lib/generate-ssl-certs.sh
+++ b/mysql-test/lib/generate-ssl-certs.sh
@@ -1,30 +1,39 @@
-#!/bin/sh -xe
+#!/bin/sh
+
+set -xe
# simply run me from mysql-test/
cd std_data/
# boilerplace for "openssl ca" and /etc/ssl/openssl.cnf
rm -rf demoCA
-mkdir demoCA demoCA/private demoCA/newcerts
+mkdir demoCA demoCA/newcerts
touch demoCA/index.txt
echo 01 > demoCA/serial
# CA certificate, self-signed
-openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text
+openssl req -x509 -newkey rsa:2048 -keyout cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text
# server certificate signing request and private key. Note the very long subject (for MDEV-7859)
openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/CN=localhost/C=FI/ST=state or province within country, in other certificates in this file it is the same as L/L=location, usually an address but often ambiguously used/OU=organizational unit name, a division name within an organization/O=organization name, typically a company name'
# convert the key to yassl compatible format
openssl rsa -in server-key.pem -out server-key.pem
# sign the server certificate with CA certificate
-openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem
+openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem
openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/CN=server8k/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
openssl rsa -in server8k-key.pem -out server8k-key.pem
-openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem
+openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem
openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/CN=client/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
openssl rsa -in client-key.pem -out client-key.pem
-openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem
+openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem
+
+# with SubjectAltName, only for OpenSSL 1.0.2+
+cat > demoCA/sanext.conf <<EOF
+subjectAltName=DNS:localhost
+EOF
+openssl req -newkey rsa:1024 -keyout serversan-key.pem -out demoCA/serversan-req.pem -days 7300 -nodes -subj '/CN=server/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
+openssl ca -keyfile cakey.pem -extfile demoCA/sanext.conf -days 7300 -batch -cert cacert.pem -policy policy_anything -out serversan-cert.pem -infiles demoCA/serversan-req.pem
rm -rf demoCA
View Lorry Controller Status