mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 20:42:30 +01:00
35 lines
1.6 KiB
Text
35 lines
1.6 KiB
Text
#
|
|
# MDEV-7937: Enforce SSL when --ssl client option is used
|
|
#
|
|
|
|
source include/have_ssl_crypto_functs.inc;
|
|
|
|
# create a procedure instead of SHOW STATUS LIKE 'ssl_cipher'
|
|
# because the cipher depends on openssl (or yassl) version,
|
|
# and it's actual value doesn't matter here anyway
|
|
create procedure have_ssl()
|
|
select if(variable_value > '','yes','no') as 'have_ssl'
|
|
from information_schema.session_status
|
|
where variable_name='ssl_cipher';
|
|
|
|
--disable_abort_on_error
|
|
--echo mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
|
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "call test.have_ssl()" 2>&1
|
|
--echo mysql --ssl -e "call test.have_ssl()"
|
|
--exec $MYSQL --ssl -e "call test.have_ssl()" 2>&1
|
|
--echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
|
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
|
|
|
|
--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
|
|
# this is the test where certificate verification fails.
|
|
# but yassl doesn't support certificate verification, so
|
|
# we fake the test result for yassl
|
|
let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`;
|
|
if (!$yassl) {
|
|
--replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" "Error in the certificate." "Failed to verify the server certificate"
|
|
--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
|
|
}
|
|
if ($yassl) {
|
|
--echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate
|
|
}
|
|
drop procedure have_ssl;
|