Skip to content

Commit

Permalink
tests for MDEV-7937: Enforce SSL when --ssl client option is used
Browse files Browse the repository at this point in the history 
* add a test when server certificate is verified successfully
* one test with two combinations (instead of two tests)
* verbose tets: make it print what it is doing
* fix the test to work with yassl and no-ssl builds
  • Loading branch information
@vuvova
vuvova committed Jun 9, 2015
1 parent 80f6b22 commit 5a44e1a
Show file tree
Hide file tree
Showing 8 changed files with 67 additions and 51 deletions.
4 changes: 0 additions & 4 deletions mysql-test/include/have_ssl_disabled.inc
View file

This file was deleted.

1 change: 0 additions & 1 deletion mysql-test/include/have_ssl_disabled.opt
View file

This file was deleted.

15 changes: 15 additions & 0 deletions mysql-test/r/ssl_7937,nossl.result
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
create procedure have_ssl()
select if(variable_value > '','yes','no') as 'have_ssl'
from information_schema.session_status
where variable_name='ssl_cipher';
mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
have_ssl
no
mysql --ssl -e "call test.have_ssl()"
have_ssl
no
mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it
mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it
drop procedure have_ssl;
23 changes: 15 additions & 8 deletions mysql-test/r/ssl_7937.result
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
Variable_name Value
Ssl_cipher DHE-RSA-AES256-GCM-SHA384
#
Variable_name Value
Ssl_cipher DHE-RSA-AES256-GCM-SHA384
#
ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate
#
create procedure have_ssl()
select if(variable_value > '','yes','no') as 'have_ssl'
from information_schema.session_status
where variable_name='ssl_cipher';
mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
have_ssl
yes
mysql --ssl -e "call test.have_ssl()"
have_ssl
yes
mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
have_ssl
yes
mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate
drop procedure have_ssl;
6 changes: 0 additions & 6 deletions mysql-test/r/ssl_without_7937.result
View file

This file was deleted.

5 changes: 5 additions & 0 deletions mysql-test/t/ssl_7937.combinations
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[ssl]
--loose-enable-ssl

[nossl]
--loose-disable-ssl
46 changes: 32 additions & 14 deletions mysql-test/t/ssl_7937.test
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,35 @@
source include/have_ssl_communication.inc;
#
# MDEV-7937: Enforce SSL when --ssl client option is used
#

let $mysql_ssl_cert=$MYSQL --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1;
let $mysql_ssl_no_cert=$MYSQL --ssl -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1;
let $mysql_ssl_no_cert_ver=$MYSQL --ssl --ssl-verify-server-cert -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1;
let $mysql_ssl_cert_ver=$MYSQL --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-verify-server-cert -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1;
source include/have_ssl_crypto_functs.inc;

--exec $mysql_ssl_cert;
--echo #
--exec $mysql_ssl_no_cert;
--echo #
--error 1
--exec $mysql_ssl_no_cert_ver;
--echo #
--error 1
--exec $mysql_ssl_cert_ver;
# create a procedure instead of SHOW STATUS LIKE 'ssl_cipher'
# because the cipher depends on openssl (or yassl) version,
# and it's actual value doesn't matter here anyway
create procedure have_ssl()
select if(variable_value > '','yes','no') as 'have_ssl'
from information_schema.session_status
where variable_name='ssl_cipher';

--disable_abort_on_error
--echo mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "call test.have_ssl()" 2>&1
--echo mysql --ssl -e "call test.have_ssl()"
--exec $MYSQL --ssl -e "call test.have_ssl()" 2>&1
--echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1

--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
# this is the test where certificate verification fails.
# but yassl doesn't support certificate verification, so
# we fake the test result for yassl
let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`;
if (!$yassl) {
--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
}
if ($yassl) {
--echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate
}

drop procedure have_ssl;
18 changes: 0 additions & 18 deletions mysql-test/t/ssl_without_7937.test
View file

This file was deleted.

0 comments on commit 5a44e1a

Please sign in to comment.