mirror of
https://github.com/MariaDB/server.git
synced 2025-01-27 01:04:19 +01:00
b5615eff0d
Idea comes from MySQL which does something similar
28 lines
1.2 KiB
Text
28 lines
1.2 KiB
Text
# Kill the server
|
|
# restart: --ssl-key=MYSQLTEST_VARDIR/tmp/ssl_key.pem --ssl-cert=MYSQLTEST_VARDIR/tmp/ssl_cert.pem
|
|
connect ssl_con,localhost,root,,,,,SSL;
|
|
SELECT VARIABLE_VALUE INTO @ssl_not_after FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
|
|
# Use a different certificate ("Not after" certificate field changed)
|
|
FLUSH SSL;
|
|
# Check new certificate used by new connection
|
|
Result
|
|
OK
|
|
# Check that existing SSL connection still works, and uses old certificate, even if new one is loaded in FLUSH SSL
|
|
connection ssl_con;
|
|
SELECT IF(VARIABLE_VALUE=@ssl_not_after,'OK','FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
|
|
Result
|
|
OK
|
|
disconnect ssl_con;
|
|
connection default;
|
|
SELECT VARIABLE_NAME NAME, VARIABLE_VALUE VALUE FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME in ('Ssl_accepts', 'Ssl_finished_accepts');
|
|
NAME VALUE
|
|
SSL_ACCEPTS 1
|
|
SSL_FINISHED_ACCEPTS 1
|
|
FLUSH SSL;
|
|
SELECT VARIABLE_NAME NAME, VARIABLE_VALUE VALUE FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME in ('Ssl_accepts', 'Ssl_finished_accepts');
|
|
NAME VALUE
|
|
SSL_ACCEPTS 0
|
|
SSL_FINISHED_ACCEPTS 0
|
|
# Cleanup
|
|
# Kill the server
|
|
# restart
|