# Tests for SSL connections, only run if mysqld is compiled # with support for SSL. -- source include/have_ssl.inc --disable_warnings drop table if exists t1; --enable_warnings create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com"; grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; connect (con1,localhost,ssl_user1,,,,,SSL); connect (con2,localhost,ssl_user2,,,,,SSL); connect (con3,localhost,ssl_user3,,,,,SSL); connect (con4,localhost,ssl_user4,,,,,SSL); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error 1045 connect (con5,localhost,ssl_user5,,,,,SSL); connection con1; # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher'; select * from t1; --error 1142 delete from t1; connection con2; # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher'; select * from t1; --error 1142 delete from t1; connection con3; # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher'; select * from t1; --error 1142 delete from t1; connection con4; # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher'; select * from t1; --error 1142 delete from t1; connection default; drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; drop table t1; # End of 4.1 tests # # Test that we can't open connection to server if we are using # a different cacert # --exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql --error 1 --exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Test that we can't open connection to server if we are using # a blank ca # --error 1 --exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Test that we can't open connection to server if we are using # a nonexistent ca file # --error 1 --exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Test that we can't open connection to server if we are using # a blank client-key # --error 1 --exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Test that we can't open connection to server if we are using # a blank client-cert # --error 1 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 # # Test that we can open encrypted connection to server without # verification of servers certificate by setting both ca certificate # and ca path to NULL # --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 --echo End of 5.0 tests # # Bug #26174 Server Crash: INSERT ... SELECT ... FROM I_S.GLOBAL_STATUS in # Event (see also information_schema.test for the other part of test for # this bug). # --disable_warnings DROP TABLE IF EXISTS thread_status; DROP EVENT IF EXISTS event_status; --enable_warnings SET GLOBAL event_scheduler=1; DELIMITER $$; CREATE EVENT event_status ON SCHEDULE AT NOW() ON COMPLETION NOT PRESERVE DO BEGIN CREATE TABLE thread_status SELECT variable_name, variable_value FROM information_schema.session_status WHERE variable_name LIKE 'SSL_ACCEPTS' OR variable_name LIKE 'SSL_CALLBACK_CACHE_HITS'; END$$ DELIMITER ;$$ let $wait_condition=select count(*) = 0 from information_schema.events where event_name='event_status'; --source include/wait_condition.inc SELECT variable_name, variable_value FROM thread_status; DROP TABLE thread_status; SET GLOBAL event_scheduler=0; --echo End of 5.1 tests