diff options
Diffstat (limited to 'mysql-test/main/ssl_crl.test')
-rw-r--r-- | mysql-test/main/ssl_crl.test | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/mysql-test/main/ssl_crl.test b/mysql-test/main/ssl_crl.test new file mode 100644 index 00000000..9b475857 --- /dev/null +++ b/mysql-test/main/ssl_crl.test @@ -0,0 +1,13 @@ +# This test should work in embedded server after we fix mysqltest +-- source include/not_embedded.inc +-- source include/have_openssl.inc + +--echo # try logging in with a certificate not in the server's --ssl-crl : should succeed +--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-new-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" + +--echo # try logging in with a certificate in the server's --ssl-crl : should fail +# OpenSSL 1.1.1a correctly rejects the certificate, but the error message is different +--replace_regex /ERROR 2013 \(HY000\): Lost connection to server at '.*', system error: [0-9]+/ERROR 2026 (HY000): TLS\/SSL error: sslv3 alert certificate revoked/ +--error 1 +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 |