#
# MDEV-7937: Enforce SSL when --ssl client option is used
#

source include/have_ssl_crypto_functs.inc;

# create a procedure instead of SHOW STATUS LIKE 'ssl_cipher'
# because the cipher depends on openssl (or yassl) version,
# and it's actual value doesn't matter here anyway
create procedure have_ssl()
  select if(variable_value > '','yes','no') as 'have_ssl'
  from information_schema.session_status
  where variable_name='ssl_cipher';

--disable_abort_on_error
--echo mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "call test.have_ssl()" 2>&1
--echo mysql --ssl -e "call test.have_ssl()"
--exec $MYSQL --ssl -e "call test.have_ssl()" 2>&1
--echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1

--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
--replace_regex /TLS\/SSL error.*certificate[^\n]*/TLS\/SSL error: Failed to verify the server certificate/
--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
drop procedure have_ssl;