mirror of
https://github.com/MariaDB/server.git
synced 2025-01-21 06:22:28 +01:00
918a8c469f
using crashes server When the server is configured to use a RSA key, and when the client sends a cipher-suite list that contains a non-RSA key as acceptable, the server would try to process that key even though it was impossible. Now, yaSSL sets its own acceptable-cipher list according to what kind of key the server is started with, and will never explore and try to pair impossible combinations. This involves a partial import of the current YaSSL tree, not the whole thing, so as to try to avoid introducing new bugs. (Updated to avoid many whitespace changes and make diff smaller.)
205 lines
7.8 KiB
Text
205 lines
7.8 KiB
Text
drop table if exists t1;
|
|
create table t1(f1 int);
|
|
insert into t1 values (5);
|
|
grant select on test.* to ssl_user1@localhost require SSL;
|
|
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
|
|
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
|
|
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
|
|
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
|
|
flush privileges;
|
|
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
|
|
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1'
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1'
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1'
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1'
|
|
drop user ssl_user1@localhost, ssl_user2@localhost,
|
|
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
|
|
drop table t1;
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
SSL error: Unable to get private key from ''
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
SSL error: Unable to get certificate from ''
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
End of 5.0 tests
|
|
DROP TABLE IF EXISTS thread_status;
|
|
DROP EVENT IF EXISTS event_status;
|
|
SET GLOBAL event_scheduler=1;
|
|
CREATE EVENT event_status
|
|
ON SCHEDULE AT NOW()
|
|
ON COMPLETION NOT PRESERVE
|
|
DO
|
|
BEGIN
|
|
CREATE TABLE thread_status
|
|
SELECT variable_name, variable_value
|
|
FROM information_schema.session_status
|
|
WHERE variable_name LIKE 'SSL_ACCEPTS' OR
|
|
variable_name LIKE 'SSL_CALLBACK_CACHE_HITS';
|
|
END$$
|
|
SELECT variable_name, variable_value FROM thread_status;
|
|
variable_name variable_value
|
|
SSL_ACCEPTS #
|
|
SSL_CALLBACK_CACHE_HITS #
|
|
DROP TABLE thread_status;
|
|
SET GLOBAL event_scheduler=0;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES128-SHA
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES128-SHA
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
CREATE TABLE t1(a int);
|
|
INSERT INTO t1 VALUES (1), (2);
|
|
|
|
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
|
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
|
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
|
/*!40101 SET NAMES utf8 */;
|
|
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
|
|
/*!40103 SET TIME_ZONE='+00:00' */;
|
|
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
|
|
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
|
|
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
|
|
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
|
|
DROP TABLE IF EXISTS `t1`;
|
|
SET @saved_cs_client = @@character_set_client;
|
|
SET character_set_client = utf8;
|
|
CREATE TABLE `t1` (
|
|
`a` int(11) DEFAULT NULL
|
|
);
|
|
SET character_set_client = @saved_cs_client;
|
|
|
|
LOCK TABLES `t1` WRITE;
|
|
/*!40000 ALTER TABLE `t1` DISABLE KEYS */;
|
|
INSERT INTO `t1` VALUES (1),(2);
|
|
/*!40000 ALTER TABLE `t1` ENABLE KEYS */;
|
|
UNLOCK TABLES;
|
|
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
|
|
|
|
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
|
|
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
|
|
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
|
|
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
|
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
|
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
|
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
|
|
|
|
|
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
|
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
|
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
|
/*!40101 SET NAMES utf8 */;
|
|
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
|
|
/*!40103 SET TIME_ZONE='+00:00' */;
|
|
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
|
|
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
|
|
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
|
|
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
|
|
DROP TABLE IF EXISTS `t1`;
|
|
SET @saved_cs_client = @@character_set_client;
|
|
SET character_set_client = utf8;
|
|
CREATE TABLE `t1` (
|
|
`a` int(11) DEFAULT NULL
|
|
);
|
|
SET character_set_client = @saved_cs_client;
|
|
|
|
LOCK TABLES `t1` WRITE;
|
|
/*!40000 ALTER TABLE `t1` DISABLE KEYS */;
|
|
INSERT INTO `t1` VALUES (1),(2);
|
|
/*!40000 ALTER TABLE `t1` ENABLE KEYS */;
|
|
UNLOCK TABLES;
|
|
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
|
|
|
|
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
|
|
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
|
|
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
|
|
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
|
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
|
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
|
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
|
|
|
|
|
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
|
|
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
|
|
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
|
|
/*!40101 SET NAMES utf8 */;
|
|
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
|
|
/*!40103 SET TIME_ZONE='+00:00' */;
|
|
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
|
|
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
|
|
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
|
|
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
|
|
DROP TABLE IF EXISTS `t1`;
|
|
SET @saved_cs_client = @@character_set_client;
|
|
SET character_set_client = utf8;
|
|
CREATE TABLE `t1` (
|
|
`a` int(11) DEFAULT NULL
|
|
);
|
|
SET character_set_client = @saved_cs_client;
|
|
|
|
LOCK TABLES `t1` WRITE;
|
|
/*!40000 ALTER TABLE `t1` DISABLE KEYS */;
|
|
INSERT INTO `t1` VALUES (1),(2);
|
|
/*!40000 ALTER TABLE `t1` ENABLE KEYS */;
|
|
UNLOCK TABLES;
|
|
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
|
|
|
|
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
|
|
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
|
|
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
|
|
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
|
|
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
|
|
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
|
|
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
|
|
|
|
SSL error: Unable to get private key from 'MYSQL_TEST_DIR/std_data/client-cert.pem'
|
|
mysqldump: Got error: 2026: SSL connection error when trying to connect
|
|
DROP TABLE t1;
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
Variable_name Value
|
|
Ssl_cipher EDH-RSA-DES-CBC3-SHA
|
|
Variable_name Value
|
|
Ssl_cipher EDH-RSA-DES-CBC-SHA
|
|
Variable_name Value
|
|
Ssl_cipher RC4-SHA
|
|
select 'is still running; no cipher request crashed the server' as result from dual;
|
|
result
|
|
is still running; no cipher request crashed the server
|
|
End of 5.1 tests
|