1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

new mysqltest connect option SSL-CIPHER=xxxx

Browse Source
This commit is contained in:
Sergei Golubchik 2014-11-18 17:56:58 +01:00
parent c8fa6f782c
commit 386e2e52f6
3 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
client/mysqltest.cc
View File

@ -5883,6 +5883,7 @@ void do_connect(struct st_command *command)
{
int con_port= opt_port;
char *con_options;
char *ssl_cipher= 0;
my_bool con_ssl= 0, con_compress= 0;
my_bool con_pipe= 0;
my_bool con_shm __attribute__ ((unused))= 0;
@ -5971,6 +5972,11 @@ void do_connect(struct st_command *command)
length= (size_t) (end - con_options);
if (length == 3 && !strncmp(con_options, "SSL", 3))
con_ssl= 1;
else if (!strncmp(con_options, "SSL-CIPHER=", 11))
{
con_ssl= 1;
ssl_cipher=con_options + 11;
}
else if (length == 8 && !strncmp(con_options, "COMPRESS", 8))
con_compress= 1;
else if (length == 4 && !strncmp(con_options, "PIPE", 4))
@ -6027,7 +6033,7 @@ void do_connect(struct st_command *command)
{
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
opt_ssl_capath, ssl_cipher ? ssl_cipher : opt_ssl_cipher);
#if MYSQL_VERSION_ID >= 50000
/* Turn on ssl_verify_server_cert only if host is "localhost" */
opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");

2
mysql-test/r/openssl_1.result
View File

@ -7,6 +7,8 @@ grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO)
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
SHOW STATUS LIKE 'Ssl_cipher';

13
mysql-test/t/openssl_1.test
View File

@ -20,13 +20,16 @@ grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
connect (con1,localhost,ssl_user1,,,,,SSL);
connect (con2,localhost,ssl_user2,,,,,SSL);
connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL);
connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con5,localhost,ssl_user5,,,,,SSL);
connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=RC4-SHA);
connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
connection con1;
# Check ssl turned on