summaryrefslogtreecommitdiffstats
path: root/mysql-test/main/openssl_1.test
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-test/main/openssl_1.test')
-rw-r--r--mysql-test/main/openssl_1.test209
1 files changed, 209 insertions, 0 deletions
diff --git a/mysql-test/main/openssl_1.test b/mysql-test/main/openssl_1.test
new file mode 100644
index 00000000..9232868b
--- /dev/null
+++ b/mysql-test/main/openssl_1.test
@@ -0,0 +1,209 @@
+# Needed for mysqldump
+--source include/have_utf8mb4.inc
+--source include/not_asan.inc
+
+# Tests for SSL connections, only run if mysqld is compiled
+# with support for SSL.
+
+-- source include/have_ssl_communication.inc
+
+# Save the initial number of concurrent sessions
+--source include/count_sessions.inc
+
+set local sql_mode="";
+set global sql_mode="";
+
+--disable_warnings
+drop table if exists t1;
+--enable_warnings
+create table t1(f1 int);
+insert into t1 values (5);
+
+grant select on test.* to ssl_user1@localhost require SSL;
+grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
+grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
+grant select on test.* to ssl_user5@localhost require SUBJECT "xxx";
+flush privileges;
+
+connect (con1,localhost,ssl_user1,,,,,SSL);
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+connect (con3,localhost,ssl_user3,,,,,SSL);
+connect (con4,localhost,ssl_user4,,,,,SSL);
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect (con5,localhost,ssl_user5,,,,,SSL);
+
+connection con1;
+# Check ssl turned on
+SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
+select * from t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+delete from t1;
+
+connection con3;
+# Check ssl turned on
+SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
+select * from t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+delete from t1;
+
+connection con4;
+# Check ssl turned on
+SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
+select * from t1;
+--error ER_TABLEACCESS_DENIED_ERROR
+delete from t1;
+
+connection default;
+disconnect con1;
+disconnect con3;
+disconnect con4;
+drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
+
+drop table t1;
+
+# End of 4.1 tests
+
+#
+# Test that we can't open connection to server if we are using
+# a different cacert
+#
+--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
+# Handle that openssl gives different error messages from YaSSL.
+--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
+--error 1
+--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--echo
+
+#
+# Test that we can't open connection to server if we are using
+# a blank ca
+#
+--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
+--error 1
+--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--echo
+
+#
+# Test that we can't open connection to server if we are using
+# a nonexistent ca file
+#
+--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
+--error 1
+--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--echo
+
+#
+# Test that we can't open connection to server if we are using
+# a blank client-key
+#
+--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
+--error 1
+--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--echo
+
+#
+# Test that we can't open connection to server if we are using
+# a blank client-cert
+#
+--replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
+--error 1
+--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--echo
+
+#
+# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
+#
+# Test that we can open encrypted connection to server without
+# verification of servers certificate by setting both ca certificate
+# and ca path to NULL
+#
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
+--echo End of 5.0 tests
+
+#
+# Bug#26174 Server Crash: INSERT ... SELECT ... FROM I_S.GLOBAL_STATUS in
+# Event (see also information_schema.test for the other part of test for
+# this bug).
+#
+--disable_warnings
+DROP TABLE IF EXISTS thread_status;
+DROP EVENT IF EXISTS event_status;
+--enable_warnings
+
+SET GLOBAL event_scheduler=1;
+
+DELIMITER $$;
+
+CREATE EVENT event_status
+ ON SCHEDULE AT NOW()
+ ON COMPLETION NOT PRESERVE
+ DO
+BEGIN
+ CREATE TABLE thread_status
+ SELECT variable_name, variable_value
+ FROM information_schema.session_status
+ WHERE variable_name LIKE 'SSL_ACCEPTS' OR
+ variable_name LIKE 'SSL_CALLBACK_CACHE_HITS';
+END$$
+
+DELIMITER ;$$
+
+let $wait_condition=select count(*) = 0 from information_schema.events where event_name='event_status';
+--source include/wait_condition.inc
+
+# The actual value doesn't matter and can vary based on test ordering and on ssl library.
+--replace_column 2 #
+SELECT variable_name, variable_value FROM thread_status;
+
+DROP TABLE thread_status;
+SET GLOBAL event_scheduler=0;
+
+#
+# Bug#27669 mysqldump: SSL connection error when trying to connect
+#
+
+CREATE TABLE t1(a int);
+INSERT INTO t1 VALUES (1), (2);
+
+# Run mysqldump
+--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test t1
+
+--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
+
+--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test
+
+# With wrong parameters
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MYSQL_DUMP mariadb-dump .\exe ''
+--replace_regex /TLS\/SSL error.*/TLS\/SSL error: xxxx/
+--error 2
+--exec $MYSQL_DUMP --default-character-set=utf8mb4 --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1
+--echo
+DROP TABLE t1;
+--remove_file $MYSQLTEST_VARDIR/tmp/test.sql
+
+#
+# Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free()
+#
+
+GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
+FLUSH PRIVILEGES;
+connect(con1,localhost,bug42158,,,,,SSL);
+SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
+disconnect con1;
+connection default;
+DROP USER bug42158@localhost;
+
+set global sql_mode=default;
+--echo End of 5.1 tests
+
+#
+# MDEV-9605 mysqlbinlog does not accept ssl-ca option as expected.
+#
+
+--replace_regex /TLS\/SSL error:.*/TLS\/SSL error/
+--error 1
+--exec $MYSQL_BINLOG --read-from-remote-server --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
+
+# Wait till we reached the initial number of concurrent sessions
+--source include/wait_until_count_sessions.inc