diff options
Diffstat (limited to 'mysql-test/main/openssl_1.test')
-rw-r--r-- | mysql-test/main/openssl_1.test | 94 |
1 files changed, 17 insertions, 77 deletions
diff --git a/mysql-test/main/openssl_1.test b/mysql-test/main/openssl_1.test index a3db700f787..27eeb0198b1 100644 --- a/mysql-test/main/openssl_1.test +++ b/mysql-test/main/openssl_1.test @@ -1,3 +1,6 @@ +# Needed for mysqldump +--source include/have_utf8mb4.inc + # Tests for SSL connections, only run if mysqld is compiled # with support for SSL. @@ -16,58 +19,45 @@ create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require SUBJECT "xxx"; flush privileges; -connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA); +connect (con1,localhost,ssl_user1,,,,,SSL); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT ---error ER_ACCESS_DENIED_ERROR -connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA); -connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA); -connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA); -connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL); +connect (con4,localhost,ssl_user4,,,,,SSL); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA); +connect (con5,localhost,ssl_user5,,,,,SSL); connection con1; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; -select * from t1; ---error ER_TABLEACCESS_DENIED_ERROR -delete from t1; - -connection con2; -# Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; select * from t1; --error ER_TABLEACCESS_DENIED_ERROR delete from t1; connection con3; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; select * from t1; --error ER_TABLEACCESS_DENIED_ERROR delete from t1; connection con4; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; select * from t1; --error ER_TABLEACCESS_DENIED_ERROR delete from t1; connection default; disconnect con1; -disconnect con2; disconnect con3; disconnect con4; -drop user ssl_user1@localhost, ssl_user2@localhost, -ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; +drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; drop table t1; @@ -121,21 +111,13 @@ drop table t1; --echo # -# Bug#21611 Slave can't connect when master-ssl-cipher specified -# - Apparently selecting a cipher doesn't work at all -# - Use a cipher that both yaSSL and OpenSSL supports -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - -# # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 # # Test that we can open encrypted connection to server without # verification of servers certificate by setting both ca certificate # and ca path to NULL # ---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 +--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 --echo End of 5.0 tests # @@ -177,25 +159,6 @@ DROP TABLE thread_status; SET GLOBAL event_scheduler=0; # -# Test to connect using a list of ciphers -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - - -# Test to connect using a specifi cipher -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - -# Test to connect using an unknown cipher -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit" > $MYSQLTEST_VARDIR/tmp/test.sql ---replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ ---error 1 ---exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - -# # Bug#27669 mysqldump: SSL connection error when trying to connect # @@ -211,7 +174,7 @@ INSERT INTO t1 VALUES (1), (2); # With wrong parameters --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR mysqldump.exe mysqldump ---replace_regex /\"SSL connection error.*/SSL connection error: xxxx/ +--replace_regex /SSL connection error.*/SSL connection error: xxxx/ --error 2 --exec $MYSQL_DUMP --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1 --echo @@ -219,36 +182,13 @@ DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/tmp/test.sql # -# Bug#39172 Asking for DH+non-RSA key with server set to use other key caused -# YaSSL to crash the server. -# - -# Common ciphers to openssl and yassl ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES128-SHA ---disable_query_log ---disable_result_log - -# Below here caused crashes. ################ ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST -# These probably exist but the server's keys can't be used to accept these kinds of connections. ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD - -# If this gives a result, then the bug is fixed. ---enable_result_log ---enable_query_log -select 'is still running; no cipher request crashed the server' as result from dual; - -# # Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free() # GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect(con1,localhost,bug42158,,,,,SSL); -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; disconnect con1; connection default; DROP USER bug42158@localhost; |