source include/not_embedded.inc;

create function have_ssl() returns char(3)
  return (select if(variable_value > '','yes','no') as 'have_ssl'
  from information_schema.session_status
  where variable_name='ssl_cipher');

let $is_win = `select convert(@@version_compile_os using latin1) IN ("Win32","Win64","Windows")`;
let $host=;
if($is_win)
{
  let $host=--host=127.0.0.2;
}
#
# passwordless root cannot connect w/o fingerprint:
#
--echo # mysql --protocol tcp -uroot --ssl-verify-server-cert -e "select test.have_ssl()"
--replace_regex /TLS\/SSL error.*certificate[^\n]*/TLS\/SSL error: Failed to verify the server certificate/
--error 1
--exec $MYSQL --protocol tcp $host -uroot --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
#
# fingerprint based cert verification:
#
--echo # mysql --protocol tcp -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()"
--exec $MYSQL --protocol tcp $host -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
#
# wrong fingerprint fails even with --disable-ssl-verify-server-cert
#
--echo # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
--error 1
--exec $MYSQL --protocol tcp $host -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()" 2>&1

drop function have_ssl;