mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 20:42:30 +01:00
94 lines
2.8 KiB
Text
94 lines
2.8 KiB
Text
# We test openssl. Result set is optimized to be compiled with --with-openssl.
|
|
# Use mysql-test-run with --with-openssl option.
|
|
-- source include/have_openssl.inc
|
|
|
|
--disable_warnings
|
|
drop table if exists t1;
|
|
--enable_warnings
|
|
create table t1(f1 int);
|
|
insert into t1 values (5);
|
|
|
|
grant select on test.* to ssl_user1@localhost require SSL;
|
|
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
|
|
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
|
|
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
|
|
flush privileges;
|
|
|
|
connect (con1,localhost,ssl_user1,,,,,SSL);
|
|
connect (con2,localhost,ssl_user2,,,,,SSL);
|
|
connect (con3,localhost,ssl_user3,,,,,SSL);
|
|
connect (con4,localhost,ssl_user4,,,,,SSL);
|
|
|
|
connection con1;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error 1142
|
|
delete from t1;
|
|
|
|
connection con2;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error 1142
|
|
delete from t1;
|
|
|
|
connection con3;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error 1142
|
|
delete from t1;
|
|
|
|
connection con4;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error 1142
|
|
delete from t1;
|
|
|
|
connection default;
|
|
drop user ssl_user1@localhost, ssl_user2@localhost,
|
|
ssl_user3@localhost, ssl_user4@localhost;
|
|
|
|
drop table t1;
|
|
|
|
# End of 4.1 tests
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a different cacert
|
|
#
|
|
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a blank ca
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a nonexistent ca file
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a blank client-key
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a blank client-cert
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
|