Improved testing of ssl and compression

 - Added show status variable "compression" for checking that compression is turned on.
 - Updated show status variable "have_openssl" to be set to DISABLED if server supports ssl but it's not turned on to accept incoming ssl connections.  
 - Setup server to accept ssl connections from clients ig that is supported by server
 - New tests 
   - ssl - Run with ssl turned on
   - ssl_compress - Run with ssl and compression turned on
   - compress - Run with compression turned in 
 - Updated test 
   - openssl_1, rpl_openssl1 - Changed to run if server supports ssl
parent 7de902fc
......@@ -309,6 +309,8 @@ Q_ENABLE_INFO, Q_DISABLE_INFO,
Q_ENABLE_METADATA, Q_DISABLE_METADATA,
Q_EXEC, Q_DELIMITER,
Q_DISABLE_ABORT_ON_ERROR, Q_ENABLE_ABORT_ON_ERROR,
Q_DISABLE_SSL, Q_ENABLE_SSL,
Q_DISABLE_COMPRESS, Q_ENABLE_COMPRESS,
Q_DISPLAY_VERTICAL_RESULTS, Q_DISPLAY_HORIZONTAL_RESULTS,
Q_QUERY_VERTICAL, Q_QUERY_HORIZONTAL,
Q_START_TIMER, Q_END_TIMER,
......@@ -395,6 +397,10 @@ const char *command_names[]=
"delimiter",
"disable_abort_on_error",
"enable_abort_on_error",
"disable_ssl",
"enable_ssl",
"disable_compress",
"enable_compress",
"vertical_results",
"horizontal_results",
"query_vertical",
......@@ -4047,6 +4053,12 @@ int main(int argc, char **argv)
case Q_DISABLE_QUERY_LOG: disable_query_log=1; break;
case Q_ENABLE_ABORT_ON_ERROR: abort_on_error=1; break;
case Q_DISABLE_ABORT_ON_ERROR: abort_on_error=0; break;
#ifdef HAVE_OPENSSL
case Q_ENABLE_SSL: opt_use_ssl=1; break;
case Q_DISABLE_SSL: opt_use_ssl=0; break;
#endif
case Q_ENABLE_COMPRESS: opt_compress=1; break;
case Q_DISABLE_COMPRESS: opt_compress=0; break;
case Q_ENABLE_RESULT_LOG: disable_result_log=0; break;
case Q_DISABLE_RESULT_LOG: disable_result_log=1; break;
case Q_ENABLE_WARNINGS: disable_warnings=0; break;
......
-- require r/have_openssl_1.require
disable_query_log;
SHOW STATUS LIKE 'Ssl_cipher';
enable_query_log;
......@@ -188,6 +188,12 @@ our $opt_big_test= 0; # Send --big-test to mysqltest
our @opt_extra_mysqld_opt;
our $opt_compress;
our $opt_ssl;
our $opt_skip_ssl;
our $opt_ssl_supported;
our $opt_with_openssl; # Deprecated flag
our $opt_ps_protocol;
our $opt_current_test;
our $opt_ddd;
our $opt_debug;
......@@ -237,7 +243,6 @@ our $opt_skip_rpl;
our $opt_skip_test;
our $opt_sleep;
our $opt_ps_protocol;
our $opt_sleep_time_after_restart= 1;
our $opt_sleep_time_for_delete= 10;
......@@ -275,7 +280,6 @@ our $opt_udiff;
our $opt_skip_ndbcluster;
our $opt_with_ndbcluster;
our $opt_with_openssl;
our $exe_ndb_mgm;
our $path_ndb_tools_dir;
......@@ -296,7 +300,8 @@ sub executable_setup ();
sub environment_setup ();
sub kill_running_server ();
sub kill_and_cleanup ();
sub ndbcluster_support ();
sub check_ssl_support ();
sub check_ndbcluster_support ();
sub ndbcluster_install ();
sub ndbcluster_start ();
sub ndbcluster_stop ();
......@@ -331,11 +336,9 @@ sub main () {
initial_setup();
command_line_setup();
executable_setup();
if (! $opt_skip_ndbcluster and ! $opt_with_ndbcluster)
{
$opt_with_ndbcluster= ndbcluster_support();
}
check_ndbcluster_support();
check_ssl_support();
environment_setup();
signal_setup();
......@@ -477,6 +480,10 @@ sub command_line_setup () {
# Control what engine/variation to run
'embedded-server' => \$opt_embedded_server,
'ps-protocol' => \$opt_ps_protocol,
'with-openssl' => \$opt_with_openssl,
'ssl' => \$opt_ssl,
'skip-ssl' => \$opt_skip_ssl,
'compress' => \$opt_compress,
'bench' => \$opt_bench,
'small-bench' => \$opt_small_bench,
'no-manager' => \$opt_no_manager, # Currently not used
......@@ -527,7 +534,6 @@ sub command_line_setup () {
# Misc
'big-test' => \$opt_big_test,
'compress' => \$opt_compress,
'debug' => \$opt_debug,
'fast' => \$opt_fast,
'local' => \$opt_local,
......@@ -552,7 +558,6 @@ sub command_line_setup () {
'testcase-timeout=i' => \$opt_testcase_timeout,
'suite-timeout=i' => \$opt_suite_timeout,
'warnings|log-warnings' => \$opt_warnings,
'with-openssl' => \$opt_with_openssl,
'help|h' => \$opt_usage,
) or usage("Can't read options");
......@@ -1094,13 +1099,66 @@ sub kill_and_cleanup () {
}
sub check_ssl_support () {
# Convert deprecated --with-openssl to --ssl
if ( $opt_with_openssl )
{
$opt_ssl= 1;
}
if ($opt_skip_ssl)
{
mtr_report("Skipping SSL");
$opt_ssl_supported= 0;
$opt_ssl= 0;
return;
}
# check ssl support by testing using a switch
# that is only available in that case
if ( mtr_run($exe_mysqld,
["--no-defaults",
"--ssl",
"--help"],
"", "/dev/null", "/dev/null", "") != 0 )
{
if ( $opt_ssl)
{
mtr_error("Couldn't find support for SSL");
return;
}
mtr_report("Skipping SSL, mysqld does not support it");
$opt_ssl_supported= 0;
$opt_ssl= 0;
return;
}
mtr_report("Setting mysqld to support SSL connections");
$opt_ssl_supported= 1;
}
##############################################################################
#
# Start the ndb cluster
#
##############################################################################
sub ndbcluster_support () {
sub check_ndbcluster_support () {
if ($opt_skip_ndbcluster)
{
mtr_report("Skipping ndbcluster");
$opt_with_ndbcluster= 0;
return;
}
if ($opt_with_ndbcluster)
{
mtr_report("Using ndbcluster");
return;
}
# check ndbcluster support by testing using a switch
# that is only available in that case
......@@ -1110,11 +1168,13 @@ sub ndbcluster_support () {
"--help"],
"", "/dev/null", "/dev/null", "") != 0 )
{
mtr_report("No ndbcluster support");
return 0;
mtr_report("Skipping ndbcluster, mysqld does not support it");
$opt_with_ndbcluster= 0;
return;
}
mtr_report("Has ndbcluster support");
return 1;
mtr_report("Using ndbcluster, mysqld supports it");
$opt_with_ndbcluster= 1;
return;
}
# FIXME why is there a different start below?!
......@@ -2003,7 +2063,7 @@ sub mysqld_arguments ($$$$$) {
mtr_add_arg($args, "%s--max_heap_table_size=1M", $prefix);
mtr_add_arg($args, "%s--log-bin-trust-routine-creators", $prefix);
if ( $opt_with_openssl )
if ( $opt_ssl_supported )
{
mtr_add_arg($args, "%s--ssl-ca=%s/std_data/cacert.pem", $prefix,
$glob_mysql_test_dir);
......@@ -2468,14 +2528,26 @@ sub run_mysqltest ($) {
mtr_add_arg($args, "--debug=d:t:A,%s/log/mysqltest.trace", $opt_vardir);
}
if ( $opt_with_openssl )
if ( $opt_ssl_supported )
{
mtr_add_arg($args, "--ssl-ca=%s/std_data/cacert.pem",
$glob_mysql_test_dir);
$glob_mysql_test_dir);
mtr_add_arg($args, "--ssl-cert=%s/std_data/client-cert.pem",
$glob_mysql_test_dir);
$glob_mysql_test_dir);
mtr_add_arg($args, "--ssl-key=%s/std_data/client-key.pem",
$glob_mysql_test_dir);
$glob_mysql_test_dir);
}
# Turn on SSL for all test cases
if ( $opt_ssl )
{
mtr_add_arg($args, "--ssl",
$glob_mysql_test_dir);
}
elsif ( $opt_ssl_supported )
{
mtr_add_arg($args, "--skip-ssl",
$glob_mysql_test_dir);
}
mtr_add_arg($args, "-R");
......@@ -2515,6 +2587,9 @@ Options to control what engine/variation to run
embedded-server Use the embedded server, i.e. no mysqld daemons
ps-protocol Use the binary protocol between client and server
compress Use the compressed protocol between client and server
ssl Use ssl protocol between client and server
skip-ssl Dont start sterver with support for ssl connections
bench Run the benchmark suite FIXME
small-bench FIXME
......@@ -2522,6 +2597,7 @@ Options to control what test suites or cases to run
force Continue to run the suite after failure
with-ndbcluster Use cluster, and enable test cases that requres it
skip-ndb[cluster] Use cluster, and enable test cases that requres it
do-test=PREFIX Run test cases which name are prefixed with PREFIX
start-from=PREFIX Run test cases starting from test prefixed with PREFIX
suite=NAME Run the test suite named NAME. The default is "main"
......@@ -2545,7 +2621,7 @@ Options that pass on options
Options to run test on running server
extern Use running server for tests FIXME DANGEROUS
ndbconnectstring=STR Use running cluster, and connect using STR
ndbconnectstring=STR Use running cluster, and connect using STR
user=USER User for connect to server
Options for debugging the product
......@@ -2570,7 +2646,6 @@ Misc options
verbose Verbose output from this script
script-debug Debug this script itself
compress Use the compressed protocol between client and server
timer Show test case execution time
start-and-exit Only initiate and start the "mysqld" servers, use the startup
settings for the specified test case if any
......@@ -2583,6 +2658,9 @@ Misc options
testcase-timeout=MINUTES Max test case run time (default 5)
suite-timeout=MINUTES Max test suite run time (default 120)
Deprecated options
with-openssl Deprecated option for ssl
Options not yet described, or that I want to look into more
......@@ -2599,7 +2677,6 @@ Options not yet described, or that I want to look into more
wait-timeout=SECONDS
warnings
log-warnings
with-openssl
HERE
mtr_exit(1);
......
This diff is collapsed.
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
......@@ -6,21 +6,33 @@ grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
flush privileges;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
select * from t1;
f1
5
delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1'
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
select * from t1;
f1
5
delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1'
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
select * from t1;
f1
5
delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1'
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
select * from t1;
f1
5
......
This diff is collapsed.
This diff is collapsed.
# Turn on compression between the client and server
# and run a number of tests
-- source include/have_compress.inc
enable_compress;
# Reconnect to turn compress on for
# default connection
disconnect default;
connect (default,localhost,root,,);
# Check compression turned on
SHOW STATUS LIKE 'Compression';
# Source select test case
-- source t/select.test
disable_compress;
# We test openssl. Result set is optimized to be compiled with --with-openssl.
# Use mysql-test-run with --with-openssl option.
-- source include/have_openssl_1.inc
-- source include/have_openssl.inc
--disable_warnings
drop table if exists t1;
......@@ -13,27 +13,36 @@ grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
flush privileges;
enable_ssl;
connect (con1,localhost,ssl_user1,,);
connect (con2,localhost,ssl_user2,,);
connect (con3,localhost,ssl_user3,,);
connect (con4,localhost,ssl_user4,,);
connection con1;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
select * from t1;
--error 1142
delete from t1;
connection con2;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
select * from t1;
--error 1142
delete from t1;
connection con3;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
select * from t1;
--error 1142
delete from t1;
connection con4;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
select * from t1;
--error 1142
delete from t1;
......
source include/have_openssl_1.inc;
source include/have_openssl.inc;
source include/master-slave.inc;
# We don't test all types of ssl auth params here since it's a bit hard
......
# Turn on ssl between the client and server
# and run a number of tests
-- source include/have_openssl.inc
enable_ssl;
# Reconnect to turn ssl on for
# default connection
disconnect default;
connect (default,localhost,root,,);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
# Source select test case
-- source t/select.test
disable_ssl;
# Turn on compression between the client and server
# and run a number of tests
-- source include/have_openssl.inc
-- source include/have_compress.inc
enable_compress;
enable_ssl;
# Reconnect to turn ssl and compress on for
# default connection
disconnect default;
connect (default,localhost,root,,);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
# Check compression turned on
SHOW STATUS LIKE 'Compression';
# Source select test case
-- source t/select.test
disable_compress;
disable_ssl;
......@@ -1474,6 +1474,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
const char *capath __attribute__((unused)),
const char *cipher __attribute__((unused)))
{
DBUG_ENTER("mysql_ssl_set");
#ifdef HAVE_OPENSSL
mysql->options.ssl_key= strdup_if_not_null(key);
mysql->options.ssl_cert= strdup_if_not_null(cert);
......@@ -1481,7 +1482,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
mysql->options.ssl_capath= strdup_if_not_null(capath);
mysql->options.ssl_cipher= strdup_if_not_null(cipher);
#endif /* HAVE_OPENSSL */
return 0;
DBUG_RETURN(0);
}
......@@ -1494,6 +1495,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
static void
mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
{
DBUG_ENTER("mysql_ssl_free");
my_free(mysql->options.ssl_key, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.ssl_cert, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.ssl_ca, MYF(MY_ALLOW_ZERO_PTR));
......@@ -1507,6 +1509,7 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
mysql->options.ssl_cipher= 0;
mysql->options.use_ssl = FALSE;
mysql->connector_fd = 0;
DBUG_VOID_RETURN;
}
#endif /* HAVE_OPENSSL */
......
......@@ -2765,7 +2765,14 @@ static void init_ssl()
opt_ssl_cipher);
DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
if (!ssl_acceptor_fd)
{
opt_use_ssl = 0;
have_openssl= SHOW_OPTION_DISABLED;
}
}
else
{
have_openssl= SHOW_OPTION_DISABLED;
}
if (des_key_file)
load_des_key_file(des_key_file);
......@@ -5851,6 +5858,9 @@ struct show_var_st status_vars[]= {
{"Com_xa_recover", (char*) offsetof(STATUS_VAR, com_stat[(uint) SQLCOM_XA_RECOVER]),SHOW_LONG_STATUS},
{"Com_xa_rollback", (char*) offsetof(STATUS_VAR, com_stat[(uint) SQLCOM_XA_ROLLBACK]),SHOW_LONG_STATUS},
{"Com_xa_start", (char*) offsetof(STATUS_VAR, com_stat[(uint) SQLCOM_XA_START]),SHOW_LONG_STATUS},
#ifdef HAVE_COMPRESS
{"Compression", (char*) 0, SHOW_NET_COMPRESSION},
#endif /* HAVE_COMPRESS */
{"Connections", (char*) &thread_id, SHOW_LONG_CONST},
{"Created_tmp_disk_tables", (char*) offsetof(STATUS_VAR, created_tmp_disk_tables), SHOW_LONG_STATUS},
{"Created_tmp_files", (char*) &my_tmp_file_created, SHOW_LONG},
......
......@@ -1632,6 +1632,11 @@ static bool show_status_array(THD *thd, const char *wild,
value= (value-(char*) &dflt_key_cache_var)+ (char*) dflt_key_cache;
end= longlong10_to_str(*(longlong*) value, buff, 10);
break;
#ifdef HAVE_COMPRESS
case SHOW_NET_COMPRESSION:
end= strmov(buff, thd->net.compress ? "ON" : "OFF");
break;
#endif /* HAVE_COMPRESS */
case SHOW_UNDEF: // Show never happen
case SHOW_SYS:
break; // Return empty string
......
......@@ -185,6 +185,9 @@ enum SHOW_TYPE
SHOW_SSL_CTX_SESS_TIMEOUTS, SHOW_SSL_CTX_SESS_CACHE_FULL,
SHOW_SSL_GET_CIPHER_LIST,
#endif /* HAVE_OPENSSL */
#ifdef HAVE_COMPRESS
SHOW_NET_COMPRESSION,
#endif /* HAVE_COMPRESS */
SHOW_RPL_STATUS, SHOW_SLAVE_RUNNING, SHOW_SLAVE_RETRIED_TRANS,
SHOW_KEY_CACHE_LONG, SHOW_KEY_CACHE_CONST_LONG, SHOW_KEY_CACHE_LONGLONG,
SHOW_LONG_STATUS, SHOW_LONG_CONST_STATUS, SHOW_SLAVE_SKIP_ERRORS
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment