diff options
Diffstat (limited to 'mysql-test')
| -rw-r--r-- | mysql-test/r/mysqld--help.result | 2 | ||||
| -rw-r--r-- | mysql-test/r/ssl_cipher.result | 16 | ||||
| -rw-r--r-- | mysql-test/t/mysqld--help.test | 5 | ||||
| -rw-r--r-- | mysql-test/t/openssl_6975.test | 24 | ||||
| -rw-r--r-- | mysql-test/t/ssl.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/ssl_cert_verify.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/ssl_cipher.test | 9 |
7 files changed, 37 insertions, 23 deletions
diff --git a/mysql-test/r/mysqld--help.result b/mysql-test/r/mysqld--help.result index 51ece335908..4e5ab7e0d9f 100644 --- a/mysql-test/r/mysqld--help.result +++ b/mysql-test/r/mysqld--help.result @@ -1169,6 +1169,8 @@ The following specify which files/extra groups are read (specified before remain --time-format=name The TIME format (ignored) --timed-mutexes Specify whether to time mutexes. Deprecated, has no effect. + --tls-version=name TLS protocol version for secure connections.. Any + combination of: TLSv1.0, TLSv1.1 --tmp-disk-table-size=# Max size for data for an internal temporary on-disk MyISAM or Aria table. diff --git a/mysql-test/r/ssl_cipher.result b/mysql-test/r/ssl_cipher.result index 79998dfca80..d94ffa4e04b 100644 --- a/mysql-test/r/ssl_cipher.result +++ b/mysql-test/r/ssl_cipher.result @@ -2,11 +2,15 @@ # BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'" # connect ssl_con,localhost,root,,,,,SSL; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES128-SHA -SHOW STATUS LIKE 'Ssl_cipher_list'; -Variable_name Value -Ssl_cipher_list AES128-SHA +select variable_value into @a from information_schema.session_status where variable_name like 'SSL_CIPHER'; +select length(@a) > 0; +length(@a) > 0 +1 +select length(VARIABLE_VALUE) > 0 from information_schema.session_status where variable_name like 'SSL_CIPHER_LIST'; +length(VARIABLE_VALUE) > 0 +1 +select position(@a in VARIABLE_VALUE) > 0 from information_schema.session_status where variable_name like 'SSL_CIPHER_LIST'; +position(@a in VARIABLE_VALUE) > 0 +1 connection default; disconnect ssl_con; diff --git a/mysql-test/t/mysqld--help.test b/mysql-test/t/mysqld--help.test index 1613f8e7a4f..4e71c86e506 100644 --- a/mysql-test/t/mysqld--help.test +++ b/mysql-test/t/mysqld--help.test @@ -23,7 +23,7 @@ perl; log-slow-queries pid-file slow-query-log-file log-basename datadir slave-load-tmpdir tmpdir socket thread-pool-size large-files-support lower-case-file-system system-time-zone - collation-server character-set-server log-tc-size version.*/; + collation-server character-set-server log-tc-size tls-version version.*/; # Plugins which may or may not be there: @plugins=qw/innodb archive blackhole federated partition @@ -54,6 +54,9 @@ perl; $skip=1 if / --($re2)\b/; y!\\!/!; s/[ ]+/ /; # squeeze spaces to remove table formatting + # fix tls_version + s/, TLSv1.2//; + s/, TLSv1.3//; # fixes for 32-bit s/\b4294967295\b/18446744073709551615/; s/\b2146435072\b/9223372036853727232/; diff --git a/mysql-test/t/openssl_6975.test b/mysql-test/t/openssl_6975.test index 6a82d013fb6..bfcb0d56681 100644 --- a/mysql-test/t/openssl_6975.test +++ b/mysql-test/t/openssl_6975.test @@ -18,25 +18,25 @@ let $mysql=$MYSQL --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$ disable_abort_on_error; echo TLS1.2 ciphers: user is ok with any cipher; -exec $mysql --ssl-cipher=AES128-SHA256; +exec $mysql --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256; --replace_result DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 -exec $mysql --ssl-cipher=TLSv1.2; +exec $mysql --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2; echo TLS1.2 ciphers: user requires SSLv3 cipher AES128-SHA; -exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA256; -exec $mysql --user ssl_sslv3 --ssl-cipher=TLSv1.2; +exec $mysql --user ssl_sslv3 --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256; +exec $mysql --user ssl_sslv3 --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2; echo TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256; -exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA256; -exec $mysql --user ssl_tls12 --ssl-cipher=TLSv1.2; +exec $mysql --user ssl_tls12 --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256; +exec $mysql --user ssl_tls12 --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2; echo SSLv3 ciphers: user is ok with any cipher; -exec $mysql --ssl-cipher=AES256-SHA; -exec $mysql --ssl-cipher=SSLv3; +exec $mysql --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES256-SHA; +exec $mysql --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3; echo SSLv3 ciphers: user requires SSLv3 cipher AES128-SHA; -exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA; -exec $mysql --user ssl_sslv3 --ssl-cipher=SSLv3; +exec $mysql --user ssl_sslv3 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES128-SHA; +exec $mysql --user ssl_sslv3 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3; echo SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256; -exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA; -exec $mysql --user ssl_tls12 --ssl-cipher=SSLv3; +exec $mysql --user ssl_tls12 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES128-SHA; +exec $mysql --user ssl_tls12 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3; drop user ssl_sslv3@localhost; drop user ssl_tls12@localhost; diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test index f2ac288db7a..6071e26a26f 100644 --- a/mysql-test/t/ssl.test +++ b/mysql-test/t/ssl.test @@ -34,7 +34,7 @@ disconnect ssl_con; create user mysqltest_1@localhost; grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; ---exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 +--exec $MYSQL -umysqltest_1 --tls_version=TLSv1.2 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 drop user mysqltest_1@localhost; # Wait till all disconnects are completed diff --git a/mysql-test/t/ssl_cert_verify.test b/mysql-test/t/ssl_cert_verify.test index 83f621b7ca9..51b1612e45b 100644 --- a/mysql-test/t/ssl_cert_verify.test +++ b/mysql-test/t/ssl_cert_verify.test @@ -30,7 +30,7 @@ let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-veri --enable_reconnect --source include/wait_until_connected_again.inc ---replace_result TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION +--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION --exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'" --echo # restart server using restart diff --git a/mysql-test/t/ssl_cipher.test b/mysql-test/t/ssl_cipher.test index cf249343324..82dbf817a1d 100644 --- a/mysql-test/t/ssl_cipher.test +++ b/mysql-test/t/ssl_cipher.test @@ -13,8 +13,13 @@ connect (ssl_con,localhost,root,,,,,SSL); # Check Cipher Name and Cipher List -SHOW STATUS LIKE 'Ssl_cipher'; -SHOW STATUS LIKE 'Ssl_cipher_list'; +select variable_value into @a from information_schema.session_status where variable_name like 'SSL_CIPHER'; +# Check if cipher is empty +select length(@a) > 0; +# check if cipher list is empty +select length(VARIABLE_VALUE) > 0 from information_schema.session_status where variable_name like 'SSL_CIPHER_LIST'; +# check if cipher is in list +select position(@a in VARIABLE_VALUE) > 0 from information_schema.session_status where variable_name like 'SSL_CIPHER_LIST'; connection default; disconnect ssl_con; |