mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-10-31 19:06:14 +01:00
Code Issues Projects Releases Packages Wiki Activity
mariadb/mysql-test/main/flush_ssl.test
Lena Startseva 0a5e4a0191 MDEV-31005: Make working cursor-protocol 
Updated tests: cases with bugs or which cannot be run
with the cursor-protocol were excluded with
"--disable_cursor_protocol"/"--enable_cursor_protocol"

Fix for v.10.5
2024-09-18 18:39:26 +07:00

63 lines
2.5 KiB
Text
Raw Permalink Blame History

# MDEV-16266 Reload SSL certificate
# This test reloads server SSL certs FLUSH SSL, and checks that
# 1. old SSL connections (that existed before FLUSH) still work and use old certificate
# 2. new SSL connection use new certificate
# 3. if FLUSH SSL runs into error, SSL is still functioning
# SWtatus variable Ssl_server_not_after is used to tell the old certificate from new.
source include/have_ssl_communication.inc;
# Restart server with cert. files located in temp directory
# We are going to remove / replace them within the test,
# so we can't use the ones in std_data directly.
let $ssl_cert=$MYSQLTEST_VARDIR/tmp/ssl_cert.pem;
let $ssl_key=$MYSQLTEST_VARDIR/tmp/ssl_key.pem;
copy_file $MYSQL_TEST_DIR/std_data/server-key.pem $ssl_key;
copy_file $MYSQL_TEST_DIR/std_data/server-cert.pem $ssl_cert;
let $restart_parameters=--ssl-key=$ssl_key --ssl-cert=$ssl_cert;
--source include/kill_mysqld.inc
--source include/start_mysqld.inc
connect ssl_con,localhost,root,,,,,SSL;
--disable_cursor_protocol
SELECT VARIABLE_VALUE INTO @ssl_not_after FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
--enable_cursor_protocol
let $ssl_not_after=`SELECT @ssl_not_after`;
remove_file $ssl_cert;
remove_file $ssl_key;
--echo # Use a different certificate ("Not after" certificate field changed)
copy_file $MYSQL_TEST_DIR/std_data/server-new-key.pem $ssl_key;
copy_file $MYSQL_TEST_DIR/std_data/server-new-cert.pem $ssl_cert;
FLUSH SSL;
--echo # Check new certificate used by new connection
exec $MYSQL --ssl -e "SELECT IF(VARIABLE_VALUE <> '$ssl_not_after', 'OK', 'FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after'";
--echo # Check that existing SSL connection still works, and uses old certificate, even if new one is loaded in FLUSH SSL
connection ssl_con;
SELECT IF(VARIABLE_VALUE=@ssl_not_after,'OK','FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
disconnect ssl_con;
connection default;
SELECT VARIABLE_NAME NAME, VARIABLE_VALUE VALUE FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME in ('Ssl_accepts', 'Ssl_finished_accepts');
FLUSH SSL;
#Check that accepts are zeroed by FLUSH SSL.
SELECT VARIABLE_NAME NAME, VARIABLE_VALUE VALUE FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME in ('Ssl_accepts', 'Ssl_finished_accepts');
--echo # Cleanup
remove_file $ssl_cert;
remove_file $ssl_key;
# restart with usuall SSL
let $restart_parameters=;
--source include/kill_mysqld.inc
--source include/start_mysqld.inc
Reference in a new issue View git blame Copy permalink