From 06eaf7232e9a920468c0f8d74dcf2fe8b555501c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 13 Apr 2024 14:24:36 +0200
Subject: Adding upstream version 1:10.11.6.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 mysql-test/main/tls_version.test | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 mysql-test/main/tls_version.test

(limited to 'mysql-test/main/tls_version.test')

diff --git a/mysql-test/main/tls_version.test b/mysql-test/main/tls_version.test
new file mode 100644
index 00000000..50448f89
--- /dev/null
+++ b/mysql-test/main/tls_version.test
@@ -0,0 +1,29 @@
+# Tests for SSL connections, only run if mysqld is compiled
+# with support for SSL.
+
+-- source include/have_ssl_communication.inc
+#default is highest available version: TLSv1.2
+--exec $MYSQL --host=localhost --ssl -e "show status like 'ssl_version';"
+# TLSv1.2
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2 -e "show status like 'ssl_version';"
+# TLSv1.1
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1 -e "show status like 'ssl_version';"
+# if a gap is between TLS versions, lowest version number should be used (TLS1.1)
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1,TLSv1.3 -e "show status like 'ssl_version';"
+# TLSv1.3 is not enabled, so TLSv1.2 should be used
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2,TLSv1.3 -e "show status like 'ssl_version';"
+# Highest TLS version number should be used (TLSv1.2)
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1,TLSv1.2 -e "show status like 'ssl_version';"
+# Errors:
+# TLS v1.0 is disabled on server, so we should get an error
+--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/
+--error 1
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.0 -e "show status like 'ssl_version';"
+# finally list available protocols
+--exec $MYSQL --host=localhost --ssl -e "select @@tls_version;"
+
+call mtr.add_suppression("TLSv1.0 and TLSv1.1 are insecure");
+--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN= TLSv1.0 and TLSv1.1 are insecure
+--source include/search_pattern_in_file.inc
+
-- 
cgit v1.2.3