2007-03-05 10:03:42 +01:00
# Tests for SSL connections, only run if mysqld is compiled
# with support for SSL.
2008-12-13 20:42:12 +01:00
--source include/have_ssl.inc
2001-08-31 23:36:06 +02:00
2009-02-02 22:20:25 +01:00
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
2003-07-15 21:37:22 +02:00
--disable_warnings
2003-03-11 10:41:53 +01:00
drop table if exists t1;
2003-07-15 21:37:22 +02:00
--enable_warnings
2003-03-11 10:41:53 +01:00
create table t1(f1 int);
insert into t1 values (5);
2001-08-31 23:36:06 +02:00
2003-03-11 10:41:53 +01:00
grant select on test.* to ssl_user1@localhost require SSL;
2004-12-01 02:35:02 +01:00
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
2010-01-29 14:55:46 +01:00
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
2006-08-22 14:29:48 +02:00
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
2003-03-11 10:41:53 +01:00
flush privileges;
2005-10-12 13:56:07 +02:00
connect (con1,localhost,ssl_user1,,,,,SSL);
connect (con2,localhost,ssl_user2,,,,,SSL);
connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL);
2006-08-22 14:29:48 +02:00
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
2009-02-02 22:20:25 +01:00
--error ER_ACCESS_DENIED_ERROR
2006-08-22 14:29:48 +02:00
connect (con5,localhost,ssl_user5,,,,,SSL);
2003-03-11 10:41:53 +01:00
connection con1;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2009-02-02 22:20:25 +01:00
--error ER_TABLEACCESS_DENIED_ERROR
2003-03-11 10:41:53 +01:00
delete from t1;
connection con2;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2009-02-02 22:20:25 +01:00
--error ER_TABLEACCESS_DENIED_ERROR
2003-03-11 10:41:53 +01:00
delete from t1;
connection con3;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2009-02-02 22:20:25 +01:00
--error ER_TABLEACCESS_DENIED_ERROR
2003-03-11 10:41:53 +01:00
delete from t1;
connection con4;
2005-10-04 15:43:55 +02:00
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2003-03-11 10:41:53 +01:00
select * from t1;
2009-02-02 22:20:25 +01:00
--error ER_TABLEACCESS_DENIED_ERROR
2003-03-11 10:41:53 +01:00
delete from t1;
connection default;
2009-02-02 22:20:25 +01:00
disconnect con1;
disconnect con2;
disconnect con3;
disconnect con4;
2006-04-18 18:10:47 +02:00
drop user ssl_user1@localhost, ssl_user2@localhost,
2006-08-22 14:29:48 +02:00
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
2006-04-18 18:10:47 +02:00
2003-03-11 10:41:53 +01:00
drop table t1;
2005-07-28 02:22:47 +02:00
# End of 4.1 tests
2006-05-03 14:06:34 +02:00
#
# Test that we can't open connection to server if we are using
# a different cacert
#
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
2010-11-23 07:24:44 +01:00
# Handle that openssl gives different error messages from YaSSL.
--replace_regex /error:00000005:lib\(0\):func\(0\):DH lib/ASN: bad other signature confirmation/
2006-05-03 14:06:34 +02:00
--error 1
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank ca
#
2010-11-23 07:24:44 +01:00
--replace_regex /error:00000005:lib\(0\):func\(0\):DH lib/ASN: bad other signature confirmation/
2006-05-03 14:06:34 +02:00
--error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a nonexistent ca file
#
2010-11-23 07:24:44 +01:00
--replace_regex /error:00000005:lib\(0\):func\(0\):DH lib/ASN: bad other signature confirmation/
2006-05-03 14:06:34 +02:00
--error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank client-key
#
--error 1
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank client-cert
#
--error 1
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
2007-04-02 13:12:59 +02:00
#
2009-02-02 22:20:25 +01:00
# Bug#21611 Slave can't connect when master-ssl-cipher specified
2007-04-02 13:12:59 +02:00
# - Apparently selecting a cipher doesn't work at all
# - Usa a cipher that both yaSSL and OpenSSL supports
#
2008-08-04 21:54:44 +02:00
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql
2007-04-02 13:12:59 +02:00
--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
2007-03-28 12:23:55 +02:00
#
# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
#
# Test that we can open encrypted connection to server without
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
2007-04-05 22:38:57 +02:00
--echo End of 5.0 tests
2006-05-03 14:06:34 +02:00
2007-04-05 22:38:57 +02:00
#
2009-02-03 14:45:17 +01:00
# Bug#26174 Server Crash: INSERT ... SELECT ... FROM I_S.GLOBAL_STATUS in
2007-04-05 22:38:57 +02:00
# Event (see also information_schema.test for the other part of test for
# this bug).
#
--disable_warnings
DROP TABLE IF EXISTS thread_status;
DROP EVENT IF EXISTS event_status;
--enable_warnings
SET GLOBAL event_scheduler=1;
DELIMITER $$;
CREATE EVENT event_status
ON SCHEDULE AT NOW()
ON COMPLETION NOT PRESERVE
DO
BEGIN
CREATE TABLE thread_status
SELECT variable_name, variable_value
FROM information_schema.session_status
WHERE variable_name LIKE 'SSL_ACCEPTS' OR
variable_name LIKE 'SSL_CALLBACK_CACHE_HITS';
END$$
DELIMITER ;$$
let $wait_condition=select count(*) = 0 from information_schema.events where event_name='event_status';
--source include/wait_condition.inc
2008-11-18 17:45:44 +01:00
# The actual value doesn't matter and can vary based on test ordering and on ssl library.
--replace_column 2 #
2007-04-05 22:38:57 +02:00
SELECT variable_name, variable_value FROM thread_status;
DROP TABLE thread_status;
SET GLOBAL event_scheduler=0;
2007-04-11 21:01:10 +02:00
#
# Test to connect using a list of ciphers
#
2008-08-04 21:54:44 +02:00
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql
2007-04-11 21:01:10 +02:00
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using a specifi cipher
#
2008-08-04 21:54:44 +02:00
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql
2007-04-11 21:01:10 +02:00
--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using an unknown cipher
#
2008-08-04 21:54:44 +02:00
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit" > $MYSQLTEST_VARDIR/tmp/test.sql
2007-04-11 21:01:10 +02:00
--error 1
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
2007-04-11 23:42:53 +02:00
#
2009-02-02 22:20:25 +01:00
# Bug#27669 mysqldump: SSL connection error when trying to connect
2007-04-11 23:42:53 +02:00
#
CREATE TABLE t1(a int);
INSERT INTO t1 VALUES (1), (2);
# Run mysqldump
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test t1
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
# With wrong parameters
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--error 2
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1
2007-04-11 21:01:10 +02:00
2007-04-11 23:42:53 +02:00
DROP TABLE t1;
2009-02-02 22:20:25 +01:00
--remove_file $MYSQLTEST_VARDIR/tmp/test.sql
2008-11-18 17:45:44 +01:00
#
2009-02-03 14:45:17 +01:00
# Bug#39172 Asking for DH+non-RSA key with server set to use other key caused
# YaSSL to crash the server.
2008-11-18 17:45:44 +01:00
#
# Common ciphers to openssl and yassl
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DHE-RSA-AES256-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC3-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=RC4-SHA
2008-12-13 20:42:12 +01:00
--disable_query_log
--disable_result_log
2008-11-18 17:45:44 +01:00
# Below here caused crashes. ################
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST
# These probably exist but the server's keys can't be used to accept these kinds of connections.
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES128-RMD
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES128-SHA
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES256-RMD
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-AES256-SHA
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=DHE-DSS-DES-CBC3-RMD
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=EDH-DSS-DES-CBC3-SHA
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=EDH-DSS-DES-CBC-SHA
# End of crashers. ##########################
# If this gives a result, then the bug is fixed.
2008-12-13 20:42:12 +01:00
--enable_result_log
--enable_query_log
2008-11-18 17:45:44 +01:00
select 'is still running; no cipher request crashed the server' as result from dual;
2009-05-25 15:00:18 +02:00
#
# Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free()
#
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
connect(con1,localhost,bug42158,,,,,SSL);
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con1;
connection default;
DROP USER bug42158@localhost;
2008-11-18 17:45:44 +01:00
--echo End of 5.1 tests
2009-02-03 14:45:17 +01:00
2009-02-02 22:20:25 +01:00
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
