update C/C 3.4

note that:
* unit.conc_tls is broken in mtr
* schannel now doesn't fail on invalid ca path unless
  --ssl-verify-server-cert is used. openssl still does.
This commit is contained in:
Sergei Golubchik 2024-08-01 10:04:19 +02:00
parent 6f357feaf0
commit 66f14ef6a1
7 changed files with 11 additions and 10 deletions

@ -1 +1 @@
Subproject commit dddcf400af9a693fdbed4e692d71bf98b79b7aa1
Subproject commit de6305915f86bb33c83b1fe782a2b8a76920aec1

View file

@ -81,7 +81,7 @@ drop table t1;
#
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
@ -90,7 +90,7 @@ drop table t1;
#
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
@ -203,7 +203,7 @@ set global sql_mode=default;
--replace_regex /TLS\/SSL error:.*/TLS\/SSL error/
--error 1
--exec $MYSQL_BINLOG --read-from-remote-server --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
--exec $MYSQL_BINLOG --read-from-remote-server --ssl-verify-server-cert --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc

View file

@ -9,8 +9,8 @@
--replace_regex /TLS\/SSL error.*/TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1
--exec $MYSQL --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1
--echo
--echo # try to connect with correct '--ssl-ca' path : should connect
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';"
--exec $MYSQL --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';"

View file

@ -8,5 +8,6 @@ ERROR 2026 (HY000): TLS/SSL error: Failed to verify the server certificate
test.have_ssl()
yes
# mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
ERROR 2026 (HY000): TLS/SSL error: Fingerprint verification of server certificate failed
test.have_ssl()
yes
drop function have_ssl;

View file

@ -24,10 +24,9 @@ if($is_win)
--echo # mysql --protocol tcp -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()"
--exec $MYSQL --protocol tcp $host -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
#
# wrong fingerprint fails even with --disable-ssl-verify-server-cert
# --disable-ssl-verify-server-cert disables fingerprint checks too
#
--echo # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
--error 1
--exec $MYSQL --protocol tcp $host -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
drop function have_ssl;

View file

@ -1 +1 @@
ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
ERROR 2026 (HY000): TLS/SSL error: Hostname verification failed

View file

@ -0,0 +1 @@
conc_tls : broken