diff options
Diffstat (limited to 'mysql-test/main/mysqladmin.test')
| -rw-r--r-- | mysql-test/main/mysqladmin.test | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/mysql-test/main/mysqladmin.test b/mysql-test/main/mysqladmin.test index 2580db88456..97e805ecf73 100644 --- a/mysql-test/main/mysqladmin.test +++ b/mysql-test/main/mysqladmin.test @@ -51,3 +51,50 @@ EOF # --error 1 --exec $MYSQLADMIN -u root -p 2>&1 > /dev/null + +# +# MDEV-19168 Reload SSL certificate +# This test reloads server SSL certs ./mysqladmin flush-ssl, and checks that new SSL +# connection use new certificate. +# SWtatus variable Ssl_server_not_after is used to tell the old certificate from new. +# + +source include/have_ssl_communication.inc; + +# Restart server with cert. files located in temp directory +# We are going to remove / replace them within the test, +# so we can't use the ones in std_data directly. + +let $ssl_cert=$MYSQLTEST_VARDIR/tmp/ssl_cert.pem; +let $ssl_key=$MYSQLTEST_VARDIR/tmp/ssl_key.pem; + +copy_file $MYSQL_TEST_DIR/std_data/server-key.pem $ssl_key; +copy_file $MYSQL_TEST_DIR/std_data/server-cert.pem $ssl_cert; + +let $restart_parameters=--ssl-key=$ssl_key --ssl-cert=$ssl_cert; +--source include/kill_mysqld.inc +--source include/start_mysqld.inc + +connect ssl_con,localhost,root,,,,,SSL; +SELECT VARIABLE_VALUE INTO @ssl_not_after FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after'; +let $ssl_not_after=`SELECT @ssl_not_after`; + +remove_file $ssl_cert; +remove_file $ssl_key; + +--echo # Use a different certificate ("Not after" certificate field changed) +copy_file $MYSQL_TEST_DIR/std_data/server-new-key.pem $ssl_key; +copy_file $MYSQL_TEST_DIR/std_data/server-new-cert.pem $ssl_cert; + +--exec $MYSQLADMIN --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= flush-ssl 2>&1 + +--echo # Check new certificate used by new connection +exec $MYSQL --ssl -e "SELECT IF(VARIABLE_VALUE <> '$ssl_not_after', 'OK', 'FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after'"; + +--echo # Cleanup +remove_file $ssl_cert; +remove_file $ssl_key; +# restart with usuall SSL +let $restart_parameters=; +--source include/kill_mysqld.inc +--source include/start_mysqld.inc |