diff --git a/client/mysqltest.cc b/client/mysqltest.cc index ddfb52539c4..6ead479b94e 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -5883,6 +5883,7 @@ void do_connect(struct st_command *command) { int con_port= opt_port; char *con_options; + char *ssl_cipher= 0; my_bool con_ssl= 0, con_compress= 0; my_bool con_pipe= 0; my_bool con_shm __attribute__ ((unused))= 0; @@ -5971,6 +5972,11 @@ void do_connect(struct st_command *command) length= (size_t) (end - con_options); if (length == 3 && !strncmp(con_options, "SSL", 3)) con_ssl= 1; + else if (!strncmp(con_options, "SSL-CIPHER=", 11)) + { + con_ssl= 1; + ssl_cipher=con_options + 11; + } else if (length == 8 && !strncmp(con_options, "COMPRESS", 8)) con_compress= 1; else if (length == 4 && !strncmp(con_options, "PIPE", 4)) @@ -6027,7 +6033,7 @@ void do_connect(struct st_command *command) { #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, - opt_ssl_capath, opt_ssl_cipher); + opt_ssl_capath, ssl_cipher ? ssl_cipher : opt_ssl_cipher); #if MYSQL_VERSION_ID >= 50000 /* Turn on ssl_verify_server_cert only if host is "localhost" */ opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost"); diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 76b8e887d89..4627f03a8a3 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -7,6 +7,8 @@ grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; +connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET); +ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO) connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET); ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO) SHOW STATUS LIKE 'Ssl_cipher'; diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 0c8f81e4712..24980269a24 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -20,13 +20,16 @@ grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; -connect (con1,localhost,ssl_user1,,,,,SSL); -connect (con2,localhost,ssl_user2,,,,,SSL); -connect (con3,localhost,ssl_user3,,,,,SSL); -connect (con4,localhost,ssl_user4,,,,,SSL); +connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con5,localhost,ssl_user5,,,,,SSL); +connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=RC4-SHA); +connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error ER_ACCESS_DENIED_ERROR +connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA); connection con1; # Check ssl turned on