summaryrefslogtreecommitdiff
path: root/mysql-test/main/mysqladmin.test
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-test/main/mysqladmin.test')
-rw-r--r--mysql-test/main/mysqladmin.test47
1 files changed, 47 insertions, 0 deletions
diff --git a/mysql-test/main/mysqladmin.test b/mysql-test/main/mysqladmin.test
index 2580db88456..97e805ecf73 100644
--- a/mysql-test/main/mysqladmin.test
+++ b/mysql-test/main/mysqladmin.test
@@ -51,3 +51,50 @@ EOF
#
--error 1
--exec $MYSQLADMIN -u root -p 2>&1 > /dev/null
+
+#
+# MDEV-19168 Reload SSL certificate
+# This test reloads server SSL certs ./mysqladmin flush-ssl, and checks that new SSL
+# connection use new certificate.
+# SWtatus variable Ssl_server_not_after is used to tell the old certificate from new.
+#
+
+source include/have_ssl_communication.inc;
+
+# Restart server with cert. files located in temp directory
+# We are going to remove / replace them within the test,
+# so we can't use the ones in std_data directly.
+
+let $ssl_cert=$MYSQLTEST_VARDIR/tmp/ssl_cert.pem;
+let $ssl_key=$MYSQLTEST_VARDIR/tmp/ssl_key.pem;
+
+copy_file $MYSQL_TEST_DIR/std_data/server-key.pem $ssl_key;
+copy_file $MYSQL_TEST_DIR/std_data/server-cert.pem $ssl_cert;
+
+let $restart_parameters=--ssl-key=$ssl_key --ssl-cert=$ssl_cert;
+--source include/kill_mysqld.inc
+--source include/start_mysqld.inc
+
+connect ssl_con,localhost,root,,,,,SSL;
+SELECT VARIABLE_VALUE INTO @ssl_not_after FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
+let $ssl_not_after=`SELECT @ssl_not_after`;
+
+remove_file $ssl_cert;
+remove_file $ssl_key;
+
+--echo # Use a different certificate ("Not after" certificate field changed)
+copy_file $MYSQL_TEST_DIR/std_data/server-new-key.pem $ssl_key;
+copy_file $MYSQL_TEST_DIR/std_data/server-new-cert.pem $ssl_cert;
+
+--exec $MYSQLADMIN --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= flush-ssl 2>&1
+
+--echo # Check new certificate used by new connection
+exec $MYSQL --ssl -e "SELECT IF(VARIABLE_VALUE <> '$ssl_not_after', 'OK', 'FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after'";
+
+--echo # Cleanup
+remove_file $ssl_cert;
+remove_file $ssl_key;
+# restart with usuall SSL
+let $restart_parameters=;
+--source include/kill_mysqld.inc
+--source include/start_mysqld.inc