2003-03-11 10:41:53 +01:00
# We test openssl. Result set is optimized to be compiled with --with-openssl.
# Use mysql-test-run with --with-openssl option.
2005-10-04 15:43:55 +02:00
-- source include/have_openssl.inc
2001-08-31 23:36:06 +02:00
2003-07-15 21:37:22 +02:00
--disable_warnings
2003-03-11 10:41:53 +01:00
drop table if exists t1;
2003-07-15 21:37:22 +02:00
--enable_warnings
2003-03-11 10:41:53 +01:00
create table t1(f1 int);
insert into t1 values (5);
2001-08-31 23:36:06 +02:00
2003-03-11 10:41:53 +01:00
grant select on test.* to ssl_user1@localhost require SSL;
2004-12-01 02:35:02 +01:00
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
2006-08-22 14:29:48 +02:00
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
2003-03-11 10:41:53 +01:00
flush privileges;
2005-10-12 13:56:07 +02:00
connect (con1,localhost,ssl_user1,,,,,SSL);
connect (con2,localhost,ssl_user2,,,,,SSL);
connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL);
2006-08-22 14:29:48 +02:00
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error 1045
connect (con5,localhost,ssl_user5,,,,,SSL);
2003-03-11 10:41:53 +01:00
connection con1;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2005-09-05 22:49:36 +02:00
--error 1142
2003-03-11 10:41:53 +01:00
delete from t1;
connection con2;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2005-09-05 22:49:36 +02:00
--error 1142
2003-03-11 10:41:53 +01:00
delete from t1;
connection con3;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2005-09-05 22:49:36 +02:00
--error 1142
2003-03-11 10:41:53 +01:00
delete from t1;
connection con4;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2005-09-05 22:49:36 +02:00
--error 1142
2003-03-11 10:41:53 +01:00
delete from t1;
connection default;
2006-04-18 18:10:47 +02:00
drop user ssl_user1@localhost, ssl_user2@localhost,
2006-08-22 14:29:48 +02:00
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
2006-04-18 18:10:47 +02:00
2003-03-11 10:41:53 +01:00
drop table t1;
2005-07-28 02:22:47 +02:00
# End of 4.1 tests
2006-05-03 14:06:34 +02:00
#
# Test that we can't open connection to server if we are using
# a different cacert
#
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
--error 1
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank ca
#
--error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a nonexistent ca file
#
--error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank client-key
#
--error 1
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank client-cert
#
--error 1
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1