Skip to content

M
MariaDB
Commit 00314bfd authored by gluh@gluh.mysql.r18.ru's avatar gluh@gluh.mysql.r18.ru
Browse files
Options

Openssl test

parent 045ac4b8
Hide whitespace changes
Inline Side-by-side
Showing with 99 additions and 11 deletions
BitKeeper/etc/logging_ok
View file @ 00314bfd
...@@ -15,6 +15,7 @@ bell@sanja.is.com.ua ...@@ -15,6 +15,7 @@ bell@sanja.is.com.ua
bk@admin.bk bk@admin.bk
davida@isil.mysql.com davida@isil.mysql.com
gluh@gluh.(none) gluh@gluh.(none)
gluh@gluh.mysql.r18.ru
greg@mysql.com greg@mysql.com
gweir@work.mysql.com gweir@work.mysql.com
heikki@donna.mysql.fi heikki@donna.mysql.fi
......
client/mysqltest.c
View file @ 00314bfd
...@@ -91,7 +91,9 @@ ...@@ -91,7 +91,9 @@
enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD, enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD,
OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC}; OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC,
OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH,
OPT_SSL_CIPHER};
static int record = 0, opt_sleep=0; static int record = 0, opt_sleep=0;
static char *db = 0, *pass=0; static char *db = 0, *pass=0;
...@@ -123,6 +125,8 @@ static int block_stack[BLOCK_STACK_DEPTH]; ...@@ -123,6 +125,8 @@ static int block_stack[BLOCK_STACK_DEPTH];
static int block_ok_stack[BLOCK_STACK_DEPTH]; static int block_ok_stack[BLOCK_STACK_DEPTH];
static uint global_expected_errno[MAX_EXPECTED_ERRORS], global_expected_errors; static uint global_expected_errno[MAX_EXPECTED_ERRORS], global_expected_errors;
#include "sslopt-vars.h"
DYNAMIC_ARRAY q_lines; DYNAMIC_ARRAY q_lines;
typedef struct typedef struct
...@@ -1442,6 +1446,11 @@ int do_connect(struct st_query* q) ...@@ -1442,6 +1446,11 @@ int do_connect(struct st_query* q)
mysql_options(&next_con->mysql,MYSQL_OPT_COMPRESS,NullS); mysql_options(&next_con->mysql,MYSQL_OPT_COMPRESS,NullS);
mysql_options(&next_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0); mysql_options(&next_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);
#ifdef HAVE_OPENSSL
if (opt_use_ssl)
mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
#endif
if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR) if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR)
con_sock=fn_format(buff, con_sock, TMPDIR, "",0); con_sock=fn_format(buff, con_sock, TMPDIR, "",0);
if (!con_db[0]) if (!con_db[0])
...@@ -1840,6 +1849,7 @@ static struct my_option my_long_options[] = ...@@ -1840,6 +1849,7 @@ static struct my_option my_long_options[] =
{"socket", 'S', "Socket file to use for connection.", {"socket", 'S', "Socket file to use for connection.",
(gptr*) &unix_sock, (gptr*) &unix_sock, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, (gptr*) &unix_sock, (gptr*) &unix_sock, 0, GET_STR, REQUIRED_ARG, 0, 0, 0,
0, 0, 0}, 0, 0, 0},
#include "sslopt-longopts.h"
{"test-file", 'x', "Read test from/in this file (default stdin).", {"test-file", 'x', "Read test from/in this file (default stdin).",
0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, 0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"tmpdir", 't', "Temporary directory where sockets are put", {"tmpdir", 't', "Temporary directory where sockets are put",
...@@ -1914,6 +1924,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), ...@@ -1914,6 +1924,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
else else
tty_password= 1; tty_password= 1;
break; break;
#include <sslopt-case.h>
case 't': case 't':
strnmov(TMPDIR, argument, sizeof(TMPDIR)); strnmov(TMPDIR, argument, sizeof(TMPDIR));
break; break;
...@@ -2361,6 +2372,11 @@ int main(int argc, char** argv) ...@@ -2361,6 +2372,11 @@ int main(int argc, char** argv)
if (opt_compress) if (opt_compress)
mysql_options(&cur_con->mysql,MYSQL_OPT_COMPRESS,NullS); mysql_options(&cur_con->mysql,MYSQL_OPT_COMPRESS,NullS);
mysql_options(&cur_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0); mysql_options(&cur_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);
#ifdef HAVE_OPENSSL
if (opt_use_ssl)
mysql_ssl_set(&cur_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
#endif
cur_con->name = my_strdup("default", MYF(MY_WME)); cur_con->name = my_strdup("default", MYF(MY_WME));
if (!cur_con->name) if (!cur_con->name)
......
mysql-test/include/have_openssl_1.inc
View file @ 00314bfd
-- require r/have_openssl_1.require -- require r/have_openssl_1.require
disable_query_log; disable_query_log;
show variables like "have_openssl"; SHOW STATUS LIKE 'Ssl_cipher';
enable_query_log; enable_query_log;
mysql-test/mysql-test-run.sh
View file @ 00314bfd
...@@ -207,6 +207,7 @@ CHARACTER_SET=latin1 ...@@ -207,6 +207,7 @@ CHARACTER_SET=latin1
DBUSER="" DBUSER=""
START_WAIT_TIMEOUT=10 START_WAIT_TIMEOUT=10
STOP_WAIT_TIMEOUT=10 STOP_WAIT_TIMEOUT=10
MYSQL_TEST_SSL_OPTS=""
while test $# -gt 0; do while test $# -gt 0; do
case "$1" in case "$1" in
...@@ -237,7 +238,10 @@ while test $# -gt 0; do ...@@ -237,7 +238,10 @@ while test $# -gt 0; do
EXTRA_SLAVE_MYSQLD_OPT="$EXTRA_SLAVE_MYSQLD_OPT \ EXTRA_SLAVE_MYSQLD_OPT="$EXTRA_SLAVE_MYSQLD_OPT \
--ssl-ca=$BASEDIR/SSL/cacert.pem \ --ssl-ca=$BASEDIR/SSL/cacert.pem \
--ssl-cert=$BASEDIR/SSL/server-cert.pem \ --ssl-cert=$BASEDIR/SSL/server-cert.pem \
--ssl-key=$BASEDIR/SSL/server-key.pem" ;; --ssl-key=$BASEDIR/SSL/server-key.pem"
MYSQL_TEST_SSL_OPTS="--ssl-ca=$BASEDIR/SSL/cacert.pem \
--ssl-cert=$BASEDIR/SSL/client-cert.pem \
--ssl-key=$BASEDIR/SSL/client-key.pem" ;;
--no-manager | --skip-manager) USE_MANAGER=0 ;; --no-manager | --skip-manager) USE_MANAGER=0 ;;
--manager) --manager)
USE_MANAGER=1 USE_MANAGER=1
...@@ -489,7 +493,7 @@ fi ...@@ -489,7 +493,7 @@ fi
MYSQL_TEST_ARGS="--no-defaults --socket=$MASTER_MYSOCK --database=$DB \ MYSQL_TEST_ARGS="--no-defaults --socket=$MASTER_MYSOCK --database=$DB \
--user=$DBUSER --password=$DBPASSWD --silent -v --skip-safemalloc \ --user=$DBUSER --password=$DBPASSWD --silent -v --skip-safemalloc \
--tmpdir=$MYSQL_TMP_DIR --port=$MASTER_MYPORT" --tmpdir=$MYSQL_TMP_DIR --port=$MASTER_MYPORT $MYSQL_TEST_SSL_OPTS"
MYSQL_TEST_BIN=$MYSQL_TEST MYSQL_TEST_BIN=$MYSQL_TEST
MYSQL_TEST="$MYSQL_TEST $MYSQL_TEST_ARGS" MYSQL_TEST="$MYSQL_TEST $MYSQL_TEST_ARGS"
GDB_CLIENT_INIT=$MYSQL_TMP_DIR/gdbinit.client GDB_CLIENT_INIT=$MYSQL_TMP_DIR/gdbinit.client
......
mysql-test/r/have_openssl_1.require
View file @ 00314bfd
Variable_name Value Variable_name Value
have_openssl YES Ssl_cipher EDH-RSA-DES-CBC3-SHA
mysql-test/r/openssl_1.result
View file @ 00314bfd
SHOW STATUS LIKE 'SSL%'; drop table if exists t1;
Variable_name Value create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
grant select on test.* to ssl_user3@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com" ISSUER "/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com";
flush privileges;
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user1@localhost' to database 'test'
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user2@localhost' to database 'test'
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user3@localhost' to database 'test'
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user4@localhost' to database 'test'
delete from mysql.user where user='ssl_user%';
delete from mysql.db where user='ssl_user%';
flush privileges;
drop table t1;
mysql-test/t/openssl_1.test
View file @ 00314bfd
# We test openssl. Result set is optimized to be compiled with --with-openssl but # We test openssl. Result set is optimized to be compiled with --with-openssl.
# SSL is swithced off in some reason # Use mysql-test-run with --with-openssl option.
-- source include/have_openssl_2.inc -- source include/have_openssl_1.inc
SHOW STATUS LIKE 'SSL%'; drop table if exists t1;
create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
grant select on test.* to ssl_user3@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com" ISSUER "/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com";
flush privileges;
connect (con1,localhost,ssl_user1,,);
connect (con2,localhost,ssl_user2,,);
connect (con3,localhost,ssl_user3,,);
connect (con4,localhost,ssl_user4,,);
connection con1;
select * from t1;
--error 1044;
delete from t1;
connection con2;
select * from t1;
--error 1044;
delete from t1;
connection con3;
select * from t1;
--error 1044;
delete from t1;
connection con4;
select * from t1;
--error 1044;
delete from t1;
connection default;
delete from mysql.user where user='ssl_user%';
delete from mysql.db where user='ssl_user%';
flush privileges;
drop table t1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7