diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 18:00:34 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 18:00:34 +0000 |
| commit | 3f619478f796eddbba6e39502fe941b285dd97b1 (patch) | |
| tree | e2c7b5777f728320e5b5542b6213fd3591ba51e2 /mysql-test/main/ssl_crl_clients.test | |
| parent | Initial commit. (diff) | |
| download | mariadb-3f619478f796eddbba6e39502fe941b285dd97b1.tar.xz mariadb-3f619478f796eddbba6e39502fe941b285dd97b1.zip | |
Adding upstream version 1:10.11.6.upstream/1%10.11.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mysql-test/main/ssl_crl_clients.test')
| -rw-r--r-- | mysql-test/main/ssl_crl_clients.test | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/mysql-test/main/ssl_crl_clients.test b/mysql-test/main/ssl_crl_clients.test new file mode 100644 index 00000000..95b4ac3c --- /dev/null +++ b/mysql-test/main/ssl_crl_clients.test @@ -0,0 +1,44 @@ +# This test should work in embedded server after we fix mysqltest +-- source include/not_embedded.inc + +if (`SELECT COUNT(*) = 0 FROM information_schema.GLOBAL_VARIABLES + WHERE (VARIABLE_NAME ='version_compile_os' AND VARIABLE_VALUE LIKE 'Win%' OR + VARIABLE_NAME='have_openssl' AND VARIABLE_VALUE='YES')`) +{ + skip Need openssl or Windows; +} + +--echo # Test clients with and without CRL lists + +let $ssl_base = --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-verify-server-cert; +let $ssl_crl = $ssl_base --ssl-crl=$MYSQL_TEST_DIR/std_data/server-cert.crl; +let $ssl_crlpath = $ssl_base --ssl-crlpath=$MYSQL_TMP_DIR; + +# See `openssl x509 -in server-cert.pem -noout -issuer_hash` +copy_file $MYSQL_TEST_DIR/std_data/server-cert.crl $MYSQL_TMP_DIR/ed1f42db.r0; + +--echo ############ Test mysql ############## + +--echo # Test mysql connecting to a server with a certificate revoked by -crl +--replace_result "Server certificate validation failed. The certificate is revoked. Error 0x80092010(CRYPT_E_REVOKED)" "certificate revoked" +--error 1 +--exec $MYSQL $ssl_crl test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 + +--echo # Test mysql connecting to a server with a certificate revoked by -crlpath +--replace_result "Server certificate validation failed. The certificate is revoked. Error 0x80092010(CRYPT_E_REVOKED)" "certificate revoked" +--error 1 +--exec $MYSQL $ssl_crlpath test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 + + +--echo ############ Test mysqladmin ############## +let $admin_suffix = --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping; + +--echo # Test mysqladmin connecting to a server with a certificate revoked by -crl +--replace_regex /.*mariadb-admin.*:/mariadb-admin:/ /TLS\/SSL error: .*CRYPT_E_REVOKED./TLS\/SSL error: certificate revoked/ +--error 1 +--exec $MYSQLADMIN $ssl_crl $admin_suffix 2>&1 + +--echo # Test mysqladmin connecting to a server with a certificate revoked by -crlpath +--replace_regex /.*mariadb-admin.*:/mariadb-admin:/ /TLS\/SSL error: .*CRYPT_E_REVOKED./TLS\/SSL error: certificate revoked/ +--error 1 +--exec $MYSQLADMIN $ssl_crlpath $admin_suffix 2>&1 |