summaryrefslogtreecommitdiffstats
path: root/mysql-test/main/ssl_7937.test
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-test/main/ssl_7937.test')
-rw-r--r--mysql-test/main/ssl_7937.test32
1 files changed, 32 insertions, 0 deletions
diff --git a/mysql-test/main/ssl_7937.test b/mysql-test/main/ssl_7937.test
new file mode 100644
index 00000000..be3d43ee
--- /dev/null
+++ b/mysql-test/main/ssl_7937.test
@@ -0,0 +1,32 @@
+#
+# MDEV-7937: Enforce SSL when --ssl client option is used
+#
+
+source include/have_ssl_crypto_functs.inc;
+
+# create a procedure instead of SHOW STATUS LIKE 'ssl_cipher'
+# because the cipher depends on openssl (or yassl) version,
+# and it's actual value doesn't matter here anyway
+create procedure have_ssl()
+ select if(variable_value > '','yes','no') as 'have_ssl'
+ from information_schema.session_status
+ where variable_name='ssl_cipher';
+
+--disable_abort_on_error
+--echo mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
+--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "call test.have_ssl()" 2>&1
+--echo mysql --ssl -e "call test.have_ssl()"
+--exec $MYSQL --ssl -e "call test.have_ssl()" 2>&1
+--echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
+--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
+
+--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
+--replace_regex /TLS\/SSL error.*certificate[^\n]*/TLS\/SSL error: Failed to verify the server certificate/
+--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
+
+--echo #
+--echo # MDEV-27105 --ssl option set as default for mariadb CLI
+--echo #
+--echo mysql -e "call test.have_ssl()"
+--exec $MYSQL -e "call test.have_ssl()"
+drop procedure have_ssl;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 20:28:42 +0000