mirror of
https://github.com/MariaDB/server.git
synced 2025-01-18 04:53:01 +01:00
1a04fc03fe
- If missing: add "disconnect <session>"
- If physical disconnect of non "default" sessions is not finished
at test end: add routine which waits till this happened
+ additional improvements like
- remove superfluous files created by the test
- replace error numbers by error names
- remove trailing spaces, replace tabs by spaces
- unify writing of bugs within comments
- correct comments
- minor changes of formatting
Modifications according to the code review are included.
Fixed tests:
grant2
grant3
lock_tables_lost_commit
mysqldump
openssl_1
outfile
166 lines
5.5 KiB
Text
166 lines
5.5 KiB
Text
# Tests for SSL connections, only run if mysqld is compiled
|
|
# with support for SSL.
|
|
|
|
-- source include/have_ssl.inc
|
|
|
|
# Save the initial number of concurrent sessions
|
|
--source include/count_sessions.inc
|
|
|
|
|
|
--disable_warnings
|
|
drop table if exists t1;
|
|
--enable_warnings
|
|
create table t1(f1 int);
|
|
insert into t1 values (5);
|
|
|
|
grant select on test.* to ssl_user1@localhost require SSL;
|
|
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
|
|
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
|
|
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
|
|
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
|
|
flush privileges;
|
|
|
|
connect (con1,localhost,ssl_user1,,,,,SSL);
|
|
connect (con2,localhost,ssl_user2,,,,,SSL);
|
|
connect (con3,localhost,ssl_user3,,,,,SSL);
|
|
connect (con4,localhost,ssl_user4,,,,,SSL);
|
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
|
--error ER_ACCESS_DENIED_ERROR
|
|
connect (con5,localhost,ssl_user5,,,,,SSL);
|
|
|
|
connection con1;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
delete from t1;
|
|
|
|
connection con2;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
delete from t1;
|
|
|
|
connection con3;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
delete from t1;
|
|
|
|
connection con4;
|
|
# Check ssl turned on
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
select * from t1;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
delete from t1;
|
|
|
|
connection default;
|
|
disconnect con1;
|
|
disconnect con2;
|
|
disconnect con3;
|
|
disconnect con4;
|
|
drop user ssl_user1@localhost, ssl_user2@localhost,
|
|
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
|
|
|
|
drop table t1;
|
|
|
|
# End of 4.1 tests
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a different cacert
|
|
#
|
|
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a blank ca
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a nonexistent ca file
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a blank client-key
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Test that we can't open connection to server if we are using
|
|
# a blank client-cert
|
|
#
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Bug#21611 Slave can't connect when master-ssl-cipher specified
|
|
# - Apparently selecting a cipher doesn't work at all
|
|
# - Usa a cipher that both yaSSL and OpenSSL supports
|
|
#
|
|
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
|
|
--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
|
|
#
|
|
# Test that we can open encrypted connection to server without
|
|
# verification of servers certificate by setting both ca certificate
|
|
# and ca path to NULL
|
|
#
|
|
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
|
|
|
|
|
|
#
|
|
# Test to connect using a list of ciphers
|
|
#
|
|
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
|
|
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
|
|
# Test to connect using a specifi cipher
|
|
#
|
|
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
|
|
--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
# Test to connect using an unknown cipher
|
|
#
|
|
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
|
|
--error 1
|
|
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
|
|
|
|
#
|
|
# Bug#27669 mysqldump: SSL connection error when trying to connect
|
|
#
|
|
|
|
CREATE TABLE t1(a int);
|
|
INSERT INTO t1 VALUES (1), (2);
|
|
|
|
# Run mysqldump
|
|
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test t1
|
|
|
|
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
|
|
|
|
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
|
|
|
|
# With wrong parameters
|
|
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
|
|
--error 2
|
|
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1
|
|
|
|
DROP TABLE t1;
|
|
--remove_file $MYSQLTEST_VARDIR/tmp/test.sql
|
|
|
|
# Wait till we reached the initial number of concurrent sessions
|
|
--source include/wait_until_count_sessions.inc
|