mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 20:12:31 +01:00
8d47d9ed88
* fix CRL tests to work
* regenerate certificates to be at least 2048 bit
(fixes buster and rhel8 in buildbot)
* update generate-ssl-cert.sh to generate crl files
* make all SSL tests to use certificates generated
in generate-ssl-cert.sh, remove unused certificates
Backport from 10.4 9c60535f86
13 lines
1.1 KiB
Text
13 lines
1.1 KiB
Text
# This test should work in embedded server after we fix mysqltest
|
|
-- source include/not_embedded.inc
|
|
-- source include/have_openssl.inc
|
|
|
|
--echo # try logging in with a certificate not in the server's --ssl-crl : should succeed
|
|
--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
|
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-new-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'"
|
|
|
|
--echo # try logging in with a certificate in the server's --ssl-crl : should fail
|
|
# OpenSSL 1.1.1a correctly rejects the certificate, but the error message is wrong
|
|
--replace_result "ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 0" "ERROR 2026 (HY000): SSL connection error: sslv3 alert certificate revoked"
|
|
--error 1
|
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1
|