mariadb/mysql-test/main/ssl_7937.test
Vladislav Vaintroub 5e4b657dd4 MDEV-18531 : Use WolfSSL instead of YaSSL as "bundled" SSL/encryption library
- Add new submodule for WolfSSL
- Build and use wolfssl and wolfcrypt instead of yassl/taocrypt
- Use HAVE_WOLFSSL instead of HAVE_YASSL
- Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc
(sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)
2019-05-22 13:48:25 +02:00

35 lines
1.8 KiB
Text

#
# MDEV-7937: Enforce SSL when --ssl client option is used
#
source include/have_ssl_crypto_functs.inc;
# create a procedure instead of SHOW STATUS LIKE 'ssl_cipher'
# because the cipher depends on openssl (or yassl) version,
# and it's actual value doesn't matter here anyway
create procedure have_ssl()
select if(variable_value > '','yes','no') as 'have_ssl'
from information_schema.session_status
where variable_name='ssl_cipher';
--disable_abort_on_error
--echo mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "call test.have_ssl()" 2>&1
--echo mysql --ssl -e "call test.have_ssl()"
--exec $MYSQL --ssl -e "call test.have_ssl()" 2>&1
--echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
# this is the test where certificate verification fails.
# but client library may not support certificate verification, so
# we fake the test result for it. We assume client is openssl, when server is openssl
let client_supports_cert_verification =`select variable_value not in('Unknown','OFF') from information_schema.session_status where variable_name='Ssl_session_cache_mode'`;
if ($client_supports_cert_verification) {
--replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" "Error in the certificate." "Failed to verify the server certificate"
--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
}
if (!$client_supports_cert_verification) {
--echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate
}
drop procedure have_ssl;