MDEV-10211 : fix ssl test not to use specific value of ssl_cipher, as it can change between different openssl/yassl version
This commit is contained in:
Vladislav Vaintroub
parent
7d4a7d8c58
commit
31e763ddc5
@ -56,8 +56,8 @@ mysqltest: Could not open connection 'default': 2026 SSL connection error: Unabl
|
|||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SHOW STATUS LIKE 'Ssl_cipher';
|
||||||
Variable_name Value
|
Variable_name Value
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
Ssl_cipher DHE-RSA-AES256-SHA
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
End of 5.0 tests
|
End of 5.0 tests
|
||||||
DROP TABLE IF EXISTS thread_status;
|
DROP TABLE IF EXISTS thread_status;
|
||||||
DROP EVENT IF EXISTS event_status;
|
DROP EVENT IF EXISTS event_status;
|
||||||
@ -202,9 +202,9 @@ result
|
|||||||
is still running; no cipher request crashed the server
|
is still running; no cipher request crashed the server
|
||||||
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
|
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
DROP USER bug42158@localhost;
|
DROP USER bug42158@localhost;
|
||||||
End of 5.1 tests
|
End of 5.1 tests
|
||||||
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
|
/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/;
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SHOW STATUS LIKE 'Ssl_cipher';
|
||||||
Variable_name Value
|
Variable_name Value
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
Ssl_cipher AES128-GCM-SHA256
|
||||||
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
|
have_ssl
|
||||||
|
1
|
||||||
SHOW STATUS LIKE 'Ssl_server_not_before';
|
SHOW STATUS LIKE 'Ssl_server_not_before';
|
||||||
Variable_name Value
|
Variable_name Value
|
||||||
Ssl_server_not_before Apr 25 14:55:05 2015 GMT
|
Ssl_server_not_before Apr 25 14:55:05 2015 GMT
|
||||||
@ -2163,9 +2166,9 @@ Privat (Private Nutzung) Mobilfunk
|
|||||||
Warnings:
|
Warnings:
|
||||||
Warning 1052 Column 'kundentyp' in group statement is ambiguous
|
Warning 1052 Column 'kundentyp' in group statement is ambiguous
|
||||||
drop table t1;
|
drop table t1;
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
select aes_decrypt('MySQL','adf');
|
select aes_decrypt('MySQL','adf');
|
||||||
aes_decrypt('MySQL','adf')
|
aes_decrypt('MySQL','adf')
|
||||||
NULL
|
NULL
|
||||||
|
|||||||
@ -4,21 +4,21 @@
|
|||||||
# try to connect with wrong '--ssl-ca' path : should fail
|
# try to connect with wrong '--ssl-ca' path : should fail
|
||||||
ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed
|
ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed
|
||||||
# try to connect with correct '--ssl-ca' path : should connect
|
# try to connect with correct '--ssl-ca' path : should connect
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
#
|
#
|
||||||
# Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY
|
# Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY
|
||||||
# PATH SUBSTITUTION
|
# PATH SUBSTITUTION
|
||||||
#
|
#
|
||||||
# try to connect with '--ssl-ca' option using tilde home directoy
|
# try to connect with '--ssl-ca' option using tilde home directoy
|
||||||
# path substitution : should connect
|
# path substitution : should connect
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
# try to connect with '--ssl-key' option using tilde home directoy
|
# try to connect with '--ssl-key' option using tilde home directoy
|
||||||
# path substitution : should connect
|
# path substitution : should connect
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
# try to connect with '--ssl-cert' option using tilde home directoy
|
# try to connect with '--ssl-cert' option using tilde home directoy
|
||||||
# path substitution : should connect
|
# path substitution : should connect
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
SHOW STATUS LIKE 'Compression';
|
SHOW STATUS LIKE 'Compression';
|
||||||
Variable_name Value
|
Variable_name Value
|
||||||
Compression ON
|
Compression ON
|
||||||
@ -2160,9 +2160,9 @@ Privat (Private Nutzung) Mobilfunk
|
|||||||
Warnings:
|
Warnings:
|
||||||
Warning 1052 Column 'kundentyp' in group statement is ambiguous
|
Warning 1052 Column 'kundentyp' in group statement is ambiguous
|
||||||
drop table t1;
|
drop table t1;
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
SHOW STATUS LIKE 'Compression';
|
SHOW STATUS LIKE 'Compression';
|
||||||
Variable_name Value
|
Variable_name Value
|
||||||
Compression ON
|
Compression ON
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
# connect with read timeout so SLEEP() should timeout
|
# connect with read timeout so SLEEP() should timeout
|
||||||
# Check ssl turned on
|
# Check ssl turned on
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
Variable_name Value
|
have_ssl
|
||||||
Ssl_cipher DHE-RSA-AES256-SHA
|
1
|
||||||
SELECT SLEEP(600);
|
SELECT SLEEP(600);
|
||||||
ERROR HY000: Lost connection to MySQL server during query
|
ERROR HY000: Lost connection to MySQL server during query
|
||||||
|
|||||||
@ -132,8 +132,7 @@ drop table t1;
|
|||||||
# verification of servers certificate by setting both ca certificate
|
# verification of servers certificate by setting both ca certificate
|
||||||
# and ca path to NULL
|
# and ca path to NULL
|
||||||
#
|
#
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
|
||||||
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
|
|
||||||
--echo End of 5.0 tests
|
--echo End of 5.0 tests
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -257,8 +256,7 @@ select 'is still running; no cipher request crashed the server' as result from d
|
|||||||
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
|
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
connect(con1,localhost,bug42158,,,,,SSL);
|
connect(con1,localhost,bug42158,,,,,SSL);
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
connection default;
|
connection default;
|
||||||
DROP USER bug42158@localhost;
|
DROP USER bug42158@localhost;
|
||||||
|
|||||||
@ -11,8 +11,8 @@
|
|||||||
connect (ssl_con,localhost,root,,,,,SSL);
|
connect (ssl_con,localhost,root,,,,,SSL);
|
||||||
|
|
||||||
# Check ssl turned on
|
# Check ssl turned on
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
SHOW STATUS LIKE 'Ssl_cipher';
|
||||||
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
|
|
||||||
# Check ssl expiration
|
# Check ssl expiration
|
||||||
SHOW STATUS LIKE 'Ssl_server_not_before';
|
SHOW STATUS LIKE 'Ssl_server_not_before';
|
||||||
@ -22,8 +22,7 @@ SHOW STATUS LIKE 'Ssl_server_not_after';
|
|||||||
-- source include/common-tests.inc
|
-- source include/common-tests.inc
|
||||||
|
|
||||||
# Check ssl turned on
|
# Check ssl turned on
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
|
# MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
|
||||||
|
|||||||
@ -7,11 +7,10 @@
|
|||||||
|
|
||||||
--echo # try to connect with wrong '--ssl-ca' path : should fail
|
--echo # try to connect with wrong '--ssl-ca' path : should fail
|
||||||
--error 1
|
--error 1
|
||||||
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
|
||||||
|
|
||||||
--echo # try to connect with correct '--ssl-ca' path : should connect
|
--echo # try to connect with correct '--ssl-ca' path : should connect
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'"
|
||||||
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
|
|
||||||
|
|
||||||
--echo #
|
--echo #
|
||||||
--echo # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY
|
--echo # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY
|
||||||
@ -22,15 +21,12 @@
|
|||||||
|
|
||||||
--echo # try to connect with '--ssl-ca' option using tilde home directoy
|
--echo # try to connect with '--ssl-ca' option using tilde home directoy
|
||||||
--echo # path substitution : should connect
|
--echo # path substitution : should connect
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA
|
--exec $MYSQL --ssl-ca$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'"
|
||||||
--exec $MYSQL --ssl-ca$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
|
|
||||||
|
|
||||||
--echo # try to connect with '--ssl-key' option using tilde home directoy
|
--echo # try to connect with '--ssl-key' option using tilde home directoy
|
||||||
--echo # path substitution : should connect
|
--echo # path substitution : should connect
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'"
|
||||||
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
|
|
||||||
|
|
||||||
--echo # try to connect with '--ssl-cert' option using tilde home directoy
|
--echo # try to connect with '--ssl-cert' option using tilde home directoy
|
||||||
--echo # path substitution : should connect
|
--echo # path substitution : should connect
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA
|
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert$mysql_test_dir_path/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'"
|
||||||
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert$mysql_test_dir_path/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
|
|
||||||
|
|||||||
@ -11,8 +11,7 @@
|
|||||||
connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
|
connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
|
||||||
|
|
||||||
# Check ssl turned on
|
# Check ssl turned on
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
|
||||||
|
|
||||||
# Check compression turned on
|
# Check compression turned on
|
||||||
SHOW STATUS LIKE 'Compression';
|
SHOW STATUS LIKE 'Compression';
|
||||||
@ -21,8 +20,7 @@ SHOW STATUS LIKE 'Compression';
|
|||||||
-- source include/common-tests.inc
|
-- source include/common-tests.inc
|
||||||
|
|
||||||
# Check ssl turned on
|
# Check ssl turned on
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
|
||||||
|
|
||||||
# Check compression turned on
|
# Check compression turned on
|
||||||
SHOW STATUS LIKE 'Compression';
|
SHOW STATUS LIKE 'Compression';
|
||||||
|
|||||||
@ -7,8 +7,7 @@
|
|||||||
connect (ssl_con,localhost,root,,,,,SSL read_timeout=5);
|
connect (ssl_con,localhost,root,,,,,SSL read_timeout=5);
|
||||||
|
|
||||||
--echo # Check ssl turned on
|
--echo # Check ssl turned on
|
||||||
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA
|
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
|
||||||
SHOW STATUS LIKE 'Ssl_cipher';
|
|
||||||
|
|
||||||
# --error CR_SERVER_LOST
|
# --error CR_SERVER_LOST
|
||||||
--error 2013
|
--error 2013
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user