new C/C and --ssl-verify-server-cert tests

tests for --ssl-verify-server-cert with system CA and with incorrect hostname

new C/C and --ssl-verify-server-cert tests
tests for --ssl-verify-server-cert with system CA and with incorrect hostname
1f9a0437 · Sergei Golubchik · 8eec2d61 · 8e9c3116 · 1f9a0437 · 1f9a0437
Commit 1f9a0437 authored Jan 22, 2020 by Sergei Golubchik
5 changed files
--- a/libmariadb @ 8e9c3116
+++ b/libmariadb @ 8e9c3116
-Subproject commit a1283d0b10a3b675bede48d9fe2d082865a24a6c
+Subproject commit 8e9c3116105d9a998a60991b7f4ba910d454d4b1
--- a/mysql-test/r/ssl_system_ca,bad.result
+++ b/mysql-test/r/ssl_system_ca,bad.result
+ERROR 2026 (HY000): SSL connection error: Validation of SSL server certificate failed
--- a/mysql-test/r/ssl_system_ca.result
+++ b/mysql-test/r/ssl_system_ca.result
+*************************** 1. row ***************************
+have_ssl: 1
--- a/mysql-test/t/ssl_system_ca.combinations
+++ b/mysql-test/t/ssl_system_ca.combinations
+[good]
+#
+# hostname on the certificate is localhost
+#
+
+[bad]
+#
+# hostname on the certificate is server8k
+#
+loose-ssl-key=$MYSQL_TEST_DIR/std_data/server8k-key.pem
+loose-ssl-cert=$MYSQL_TEST_DIR/std_data/server8k-cert.pem
--- a/mysql-test/t/ssl_system_ca.test
+++ b/mysql-test/t/ssl_system_ca.test
+#
+# Tests here don't use --ssl-ca but expect the certificate to be
+# signed by a CA in a system CA store
+#
+# They only work for openssl, because the following line works only there:
+let SSL_CERT_DIR=$MYSQL_TMP_DIR;
+
+if (`select @@version_ssl_library not like 'OpenSSL%'`) {
+  skip Needs OpenSSL;
+}
+
+# See `openssl x509 -in cacert.pem -noout -issuer_hash`
+copy_file $MYSQL_TEST_DIR/std_data/cacert.pem $MYSQL_TMP_DIR/ed1f42db.0;
+
+#
+# test --ssl-verify-server-cert
+#
+
+disable_abort_on_error;
+exec $MYSQL --ssl-verify-server-cert -Ee "select (variable_value <> '') as have_ssl from information_schema.session_status where variable_name='ssl_cipher'" 2>&1;