openssl_1.test 6.06 KB
Newer Older
1 2 3 4
# Tests for SSL connections, only run if mysqld is compiled
# with support for SSL.

-- source include/have_ssl.inc
unknown's avatar
unknown committed
5

unknown's avatar
unknown committed
6
--disable_warnings
unknown's avatar
unknown committed
7
drop table if exists t1;
unknown's avatar
unknown committed
8
--enable_warnings
unknown's avatar
unknown committed
9 10
create table t1(f1 int);
insert into t1 values (5);
unknown's avatar
unknown committed
11

unknown's avatar
unknown committed
12
grant select on test.* to ssl_user1@localhost require SSL;
13
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
14 15
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
16
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
unknown's avatar
unknown committed
17
flush privileges;
unknown's avatar
unknown committed
18 19 20 21 22

connect (con1,localhost,ssl_user1,,,,,SSL);
connect (con2,localhost,ssl_user2,,,,,SSL);
connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL);
23 24 25
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error 1045
connect (con5,localhost,ssl_user5,,,,,SSL);
unknown's avatar
unknown committed
26 27

connection con1;
28 29
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
unknown's avatar
unknown committed
30
select * from t1;
31
--error 1142
unknown's avatar
unknown committed
32 33 34
delete from t1;

connection con2;
35 36
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
unknown's avatar
unknown committed
37
select * from t1;
38
--error 1142
unknown's avatar
unknown committed
39 40 41
delete from t1;

connection con3;
42 43
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
unknown's avatar
unknown committed
44
select * from t1;
45
--error 1142
unknown's avatar
unknown committed
46 47 48
delete from t1;

connection con4;
49 50
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
unknown's avatar
unknown committed
51
select * from t1;
52
--error 1142
unknown's avatar
unknown committed
53 54 55
delete from t1;

connection default;
56
drop user ssl_user1@localhost, ssl_user2@localhost,
57
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
58

unknown's avatar
unknown committed
59
drop table t1;
60 61

# End of 4.1 tests
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98

#
# Test that we can't open connection to server if we are using
# a different cacert
#
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
--error 1
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

#
# Test that we can't open connection to server if we are using
# a blank ca
#
--error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

#
# Test that we can't open connection to server if we are using
# a nonexistent ca file
#
--error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

#
# Test that we can't open connection to server if we are using
# a blank client-key
#
--error 1
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

#
# Test that we can't open connection to server if we are using
# a blank client-cert
#
--error 1
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

99 100 101 102 103 104 105 106
#
# BUG#21611 Slave can't connect when master-ssl-cipher specified
# - Apparently selecting a cipher doesn't work at all
# - Usa a cipher that both yaSSL and OpenSSL supports
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

107 108 109 110 111 112 113 114
#
# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
#
# Test that we can open encrypted connection to server without
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
115
--echo End of 5.0 tests
116

117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152
#
# Bug #26174 Server Crash: INSERT ... SELECT ... FROM I_S.GLOBAL_STATUS in
# Event (see also information_schema.test for the other part of test for
# this bug).
#
--disable_warnings
DROP TABLE IF EXISTS thread_status;
DROP EVENT IF EXISTS event_status;
--enable_warnings

SET GLOBAL event_scheduler=1;

DELIMITER $$;

CREATE EVENT event_status
 ON SCHEDULE AT NOW()
 ON COMPLETION NOT PRESERVE
 DO
BEGIN
  CREATE TABLE thread_status
  SELECT variable_name, variable_value
  FROM information_schema.session_status
  WHERE variable_name LIKE 'SSL_ACCEPTS' OR
  variable_name LIKE 'SSL_CALLBACK_CACHE_HITS';
END$$

DELIMITER ;$$

let $wait_condition=select count(*) = 0 from information_schema.events where event_name='event_status';
--source include/wait_condition.inc

SELECT variable_name, variable_value FROM thread_status;

DROP TABLE thread_status;
SET GLOBAL event_scheduler=0;
--echo End of 5.1 tests
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172


#
# Test to connect using a list of ciphers
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1


# Test to connect using a specifi cipher
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

# Test to connect using an unknown cipher
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--error 1
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190
#
# Bug #27669 mysqldump: SSL connection error when trying to connect
#

CREATE TABLE t1(a int);
INSERT INTO t1 VALUES (1), (2);

# Run mysqldump
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test t1

--exec $MYSQL_DUMP --skip-create --skip-comments --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test

--exec $MYSQL_DUMP --skip-create --skip-comments --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test

# With wrong parameters
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--error 2
--exec $MYSQL_DUMP --skip-create --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1
191

192
DROP TABLE t1;