mirror of
https://github.com/MariaDB/server.git
synced 2025-02-14 17:35:35 +01:00
2294ecdf0e
Add a simple test to verify that the server will fail to start up when no valid cipher suites are passed to `ssl-cipher`. As different TLS libraries and versions have differing cipher suite support, it would be a good idea to ensure the server behaves in a safe manner if it is configured with invalid cipher suites. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
29 lines
1 KiB
Text
29 lines
1 KiB
Text
# mysqld refuses to run as root normally.
|
|
--source include/not_as_root.inc
|
|
|
|
--source include/not_embedded.inc
|
|
--source include/have_ssl_communication.inc
|
|
|
|
--source include/shutdown_mysqld.inc
|
|
|
|
# Try to start the server, with bad values for some options.
|
|
# Make sure, the starts fails, and expected message is in the error log
|
|
|
|
--let errorlog=$MYSQL_TMP_DIR/errorlog.err
|
|
--let SEARCH_FILE=$errorlog
|
|
|
|
# Bad ssl-cert
|
|
--error 1
|
|
--exec $MYSQLD --defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf --ssl-cert=bad --log-error=$errorlog
|
|
--let SEARCH_PATTERN=\[ERROR\] SSL error: Unable to get certificate
|
|
--source include/search_pattern_in_file.inc
|
|
--remove_file $SEARCH_FILE
|
|
|
|
# No valid cipher suites
|
|
--error 1
|
|
--exec $MYSQLD --defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf --ssl-cipher=ECDHE-ECDSA-FAKE-CIPHER:ECDHE-RSA-INVALID --log-error=$errorlog
|
|
--let SEARCH_PATTERN=\[ERROR\] SSL error: Failed to set ciphers to use
|
|
--source include/search_pattern_in_file.inc
|
|
--remove_file $SEARCH_FILE
|
|
|
|
--source include/start_mysqld.inc
|