MDEV-21965 main.tls_version and main.tls_version1 fail in buildbot on…

… Ubuntu Focal Not only Ubuntu Focal builds openssl with OPENSSL_TLS_SECURITY_LEVEL=2, but for some unfathomable reason it patches openssl sources to disable TLS < 1.2 at security level 2, even though openssl manual says it should only happen at level 4: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_security_level.html We test TLSv1.1 and TLSv1, so we have to override Focal defaults in mtr.
MariaDB · May 11, 2020 · 15502e5 · 15502e5
1 parent 1b18cdd
commit 15502e5
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf
@@ -0,0 +1,12 @@
+# Toplevel section for openssl (including libssl)
+openssl_conf = default_conf_section
+
+[default_conf_section]
+# We only specify configuration for the "ssl module"
+ssl_conf = ssl_section
+
+[ssl_section]
+system_default = system_default_section
+
+[system_default_section]
+CipherString = ALL:@SECLEVEL=1
diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl
@@ -2283,7 +2283,8 @@ sub environment_setup {
   $ENV{'LC_CTYPE'}=           "C";
   $ENV{'LC_COLLATE'}=         "C";
 
-  $ENV{'OPENSSL_CONF'}=       "/dev/null";
+  $ENV{'OPENSSL_CONF'}= $mysqld_variables{'version-ssl-library'} gt 'OpenSSL 1.1.1'
+                       ? "$glob_mysql_test_dir/lib/openssl.cnf" : '/dev/null';
 
   $ENV{'USE_RUNNING_SERVER'}= using_extern();
   $ENV{'MYSQL_TEST_DIR'}=     $glob_mysql_test_dir;