mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/openssl_1.test
Georg Richter f9315b3321 CC 3.1 update 
Test fixes:

Since fix for CONC-603 (wrong error handling in TLS read/write) in case
of a read/write error client doesn't return always error 2013 (server
has gone away), so in addition we need to check for error 2026
(TLS/SSL error) and 5014 (write error).
2022-07-29 13:39:12 +02:00

208 lines
7 KiB
Text
Raw Blame History

# Needed for mysqldump
--source include/have_utf8mb4.inc
# Tests for SSL connections, only run if mysqld is compiled
# with support for SSL.
-- source include/have_ssl_communication.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
set local sql_mode="";
set global sql_mode="";
--disable_warnings
drop table if exists t1;
--enable_warnings
create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
grant select on test.* to ssl_user5@localhost require SUBJECT "xxx";
flush privileges;
connect (con1,localhost,ssl_user1,,,,,SSL);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con5,localhost,ssl_user5,,,,,SSL);
connection con1;
# Check ssl turned on
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection con3;
# Check ssl turned on
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection con4;
# Check ssl turned on
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection default;
disconnect con1;
disconnect con3;
disconnect con4;
drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1;
# End of 4.1 tests
#
# Test that we can't open connection to server if we are using
# a different cacert
#
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
# Handle that openssl gives different error messages from YaSSL.
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
# Test that we can't open connection to server if we are using
# a blank ca
#
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
# Test that we can't open connection to server if we are using
# a nonexistent ca file
#
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
# Test that we can't open connection to server if we are using
# a blank client-key
#
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
# Test that we can't open connection to server if we are using
# a blank client-cert
#
--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
#
# Test that we can open encrypted connection to server without
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
--echo End of 5.0 tests
#
# Bug#26174 Server Crash: INSERT ... SELECT ... FROM I_S.GLOBAL_STATUS in
# Event (see also information_schema.test for the other part of test for
# this bug).
#
--disable_warnings
DROP TABLE IF EXISTS thread_status;
DROP EVENT IF EXISTS event_status;
--enable_warnings
SET GLOBAL event_scheduler=1;
DELIMITER $$;
CREATE EVENT event_status
ON SCHEDULE AT NOW()
ON COMPLETION NOT PRESERVE
DO
BEGIN
CREATE TABLE thread_status
SELECT variable_name, variable_value
FROM information_schema.session_status
WHERE variable_name LIKE 'SSL_ACCEPTS' OR
variable_name LIKE 'SSL_CALLBACK_CACHE_HITS';
END$$
DELIMITER ;$$
let $wait_condition=select count(*) = 0 from information_schema.events where event_name='event_status';
--source include/wait_condition.inc
# The actual value doesn't matter and can vary based on test ordering and on ssl library.
--replace_column 2 #
SELECT variable_name, variable_value FROM thread_status;
DROP TABLE thread_status;
SET GLOBAL event_scheduler=0;
#
# Bug#27669 mysqldump: SSL connection error when trying to connect
#
CREATE TABLE t1(a int);
INSERT INTO t1 VALUES (1), (2);
# Run mysqldump
--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test t1
--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
# With wrong parameters
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR mysqldump.exe mysqldump
--replace_regex /TLS\/SSL error.*/TLS\/SSL error: xxxx/
--error 2
--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1
--echo
DROP TABLE t1;
--remove_file $MYSQLTEST_VARDIR/tmp/test.sql
#
# Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free()
#
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
connect(con1,localhost,bug42158,,,,,SSL);
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
disconnect con1;
connection default;
DROP USER bug42158@localhost;
set global sql_mode=default;
--echo End of 5.1 tests
#
# MDEV-9605 mysqlbinlog does not accept ssl-ca option as expected.
#
--replace_regex /TLS\/SSL error:.*/TLS\/SSL error/
--error 1
--exec $MYSQL_BINLOG --read-from-remote-server --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
Reference in a new issue View git blame Copy permalink