mariadb/mysql-test/main/ssl_system_ca.test

#
# Tests here don't use --ssl-ca but expect the certificate to be
# signed by a CA in a system CA store
#
# They only work for openssl, because the following line works only there:
let SSL_CERT_DIR=$MYSQL_TMP_DIR;

source include/not_embedded.inc;

if (`select @@version_ssl_library not like 'OpenSSL%'`) {
  skip Needs OpenSSL;
}

# See `openssl x509 -in cacert.pem -noout -issuer_hash`
copy_file $MYSQL_TEST_DIR/std_data/cacert.pem $MYSQL_TMP_DIR/ed1f42db.0;

#
# test --ssl-verify-server-cert
#

disable_abort_on_error;
exec $MYSQL --ssl-verify-server-cert -Ee "select (variable_value <> '') as have_ssl from information_schema.session_status where variable_name='ssl_cipher'" 2>&1;
new C/C and --ssl-verify-server-cert tests tests for --ssl-verify-server-cert with system CA and with incorrect hostname 2020-01-22 18:18:22 +01:00			`#`
			`# Tests here don't use --ssl-ca but expect the certificate to be`
			`# signed by a CA in a system CA store`
			`#`
			`# They only work for openssl, because the following line works only there:`
			`let SSL_CERT_DIR=$MYSQL_TMP_DIR;`

don't run main.ssl_system_ca in --embedded this test needs a server and tries to connect with $MYSQL to it 2020-01-23 23:26:01 +01:00			`source include/not_embedded.inc;`

new C/C and --ssl-verify-server-cert tests tests for --ssl-verify-server-cert with system CA and with incorrect hostname 2020-01-22 18:18:22 +01:00			if (`select @@version_ssl_library not like 'OpenSSL%'`) {
			`skip Needs OpenSSL;`
			`}`

			# See `openssl x509 -in cacert.pem -noout -issuer_hash`
			`copy_file $MYSQL_TEST_DIR/std_data/cacert.pem $MYSQL_TMP_DIR/ed1f42db.0;`

			`#`
			`# test --ssl-verify-server-cert`
			`#`

			`disable_abort_on_error;`
			`exec $MYSQL --ssl-verify-server-cert -Ee "select (variable_value <> '') as have_ssl from information_schema.session_status where variable_name='ssl_cipher'" 2>&1;`