mariadb/mysql-test/main/require_secure_transport.result
Dmitry Shulga a05b5dd505 MDEV-32123: require_secure_transport doesn't allow TCP connections
In case the option require_secure_transport is on the user can't
establish a secure ssl connection over TCP protocol. Inability to set up
a ssl session over TCP was caused by the fact that a type of client's
connection was checked before ssl handshake performed (ssl handshake
happens at the function acl_authenticate()). At that moment vio type has
the value VIO_TYPE_TCPIP for client connection that uses TCP transport.
In result, checking for allowable vio type for fails despite the fact
that SSL session being established. To fix the issue move checking of
vio type for allowable values inside the function
  parse_client_handshake_packet()
right after client's capabilities discovered that SSL is not requested
by the client.
2023-10-11 14:47:05 +07:00

17 lines
722 B
Text

SET GLOBAL require_secure_transport=ON;
connect(localhost,root,,test,MASTER_PORT,MASTER_SOCKET);
connect without_ssl,localhost,root,,,,,TCP NOSSL;
ERROR 08004: Connections using insecure transport are prohibited while --require_secure_transport=ON.
connect with_ssl,localhost,root,,,,,TCP SSL;
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
have_ssl
1
disconnect with_ssl;
connection default;
SET GLOBAL require_secure_transport=OFF;
connect without_ssl,localhost,root,,,,,TCP NOSSL;
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
have_ssl
0
disconnect without_ssl;
connection default;