Add MTR to verify TLS with chain of trust

Add tests to verify that TLS configurations with certificate chain of trust are
supported.

The contents of the commit are inspired from the MySQL project:
mysql/mysql-server@969afef

Credits to salman.s.khan@oracle.com

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.

Author: tonychen2001

mysql-test/lib/generate-ssl-certs.sh

@@ -64,3 +64,156 @@ rm -fv crldir/*
 cp -v client-cert.crl crldir/`openssl x509 -in client-cert.pem -noout -issuer_hash`.r0
 
 rm -rf demoCA
+
+# --- Certificate Chain ---
+# These tests are inspired from the following commit from MySQL Server
+# https://github.com/mysql/mysql-server/commit/969afef933f1872c5f38ea93047ef05c4509c335
+#
+# Credits to salman.s.khan@oracle.com
+#
+# -------------------------------------------------------------------------------------
+#
+# STEPS TO GENERATE THE FOLLOWING CHAINED CERTIFICATES WHICH IS USED IN THE TEST CASE :
+#
+#                       +---------+
+#                       | Root CA |
+#                       +---------+
+#                            |
+#               /------------+-----------\
+#               |                        |
+#      +------------------+     +------------------+
+#      | Intermediate CA1 |     | Intermediate CA2 |
+#      +------------------+     +------------------+
+#               |                        |
+#        +-------------+          +-------------+
+#        |   Server    |          |   Client    |
+#        | certificate |          | certificate |
+#        +-------------+          +-------------+
+
+cd cachain
+
+mkdir ca
+mkdir server
+mkdir clients
+
+mkdir ca/root.certs
+touch ca/root.index.txt
+touch ca/root.index.txt.attr
+echo '01' > ca/root.serial
+
+cat > ca/root.cfg << EOF
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+dir = $PWD/ca
+certs = \$dir/certs
+database = \$dir/root.index.txt
+serial   = \$dir/root.serial
+policy= policy_match
+[ policy_match ]
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+[ v3_ca_intermediate ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical,CA:TRUE,pathlen:0
+keyUsage = critical,keyCertSign,cRLSign
+EOF
+
+# Generate Root CA key and cert
+openssl genrsa -out ca/root.key 4096
+openssl req -new -x509 '-sha256' -key ca/root.key -out ca/root.crt -days 7200 -subj "/O=MariaDB/OU=MariaDB/CN=Root CA" -config ca/root.cfg -extensions v3_ca
+
+# Generate Intermediate CA1 key and cert
+openssl genrsa -out ca/intermediate_ca1.key 4096
+openssl req -new '-sha256' -key ca/intermediate_ca1.key -out ca/intermediate_ca1.csr -subj "/O=MariaDB/OU=MariaDB/CN=Intermediate CA1"
+
+openssl ca -batch -days 7200 -notext -md sha256 -in ca/intermediate_ca1.csr -out ca/intermediate_ca1.crt -keyfile ca/root.key -cert ca/root.crt -outdir ca/root.certs/ -config ca/root.cfg -extensions v3_ca_intermediate
+
+mkdir ca/intermediate_ca1.certs
+touch ca/intermediate_ca1.index.txt
+touch ca/intermediate_ca1.index.txt.attr
+echo '01' > ca/intermediate_ca1.serial
+
+cat > ca/intermediate_ca1.cfg << EOF
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+dir = $PWD/ca
+certs = \$dir/intermediate_ca1.certs
+database = \$dir/intermediate_ca1.index.txt
+serial   = \$dir/intermediate_ca1.serial
+policy= policy_match
+[ policy_match ]
+commonName = supplied
+[ alt_names ]
+DNS.1 = localhost
+IP.1 = 127.0.0.1
+[ server_cert ]
+basicConstraints = CA:FALSE
+keyUsage = critical,digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+EOF
+
+# Generate Server key and cert
+openssl genrsa -out server/server.key 4096
+openssl req -new '-sha256' -key server/server.key -out server/server.csr -subj "/CN=localhost"
+
+openssl ca -batch -days 7200 -notext -md sha256 -in server/server.csr -out server/server.crt -keyfile ca/intermediate_ca1.key -cert ca/intermediate_ca1.crt -outdir ca/intermediate_ca1.certs/ -config ca/intermediate_ca1.cfg -extensions server_cert
+
+# Generate Intermediate CA2 key and cert
+openssl genrsa -out ca/intermediate_ca2.key 4096
+
+openssl req -new '-sha256' -key ca/intermediate_ca2.key -out ca/intermediate_ca2.csr -subj "/O=MariaDB/OU=MariaDB/CN=Intermediate CA2"
+openssl ca -batch -days 7200 -notext -md sha256 -in ca/intermediate_ca2.csr -out ca/intermediate_ca2.crt -keyfile ca/root.key -cert ca/root.crt -outdir ca/root.certs/ -config ca/root.cfg -extensions v3_ca_intermediate
+
+mkdir ca/intermediate_ca2.certs
+touch ca/intermediate_ca2.index.txt
+touch ca/intermediate_ca2.index.txt.attr
+echo '01' > ca/intermediate_ca2.serial
+
+cat > ca/intermediate_ca2.cfg << EOF
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+dir = $PWD/ca
+certs = \$dir/intermediate_ca2.certs
+database = \$dir/intermediate_ca2.index.txt
+serial   = \$dir/intermediate_ca2.serial
+policy= policy_match
+[ policy_match ]
+commonName = supplied
+[ client_cert ]
+basicConstraints = CA:FALSE
+keyUsage = critical,digitalSignature,keyEncipherment
+extendedKeyUsage = clientAuth
+EOF
+
+# Generate Client key and cert
+openssl genrsa -out clients/client.key 4096
+openssl req -new '-sha256' -key clients/client.key -out clients/client.csr -subj "/CN=client"
+
+openssl ca -batch -days 7200 -notext -md sha256 -in clients/client.csr -out clients/client.crt -keyfile ca/intermediate_ca2.key -cert ca/intermediate_ca2.crt -outdir ca/intermediate_ca2.certs/ -config ca/intermediate_ca2.cfg -extensions client_cert
+
+cat server/server.crt ca/intermediate_ca1.crt > server/server.cachain
+
+cat clients/client.crt ca/intermediate_ca2.crt > clients/client.cachain
+
+cat ca/root.crt ca/intermediate_ca1.crt > ca/root_intermediate_ca1.crt
+
+# Generate Unrelated Root CA key and cert
+openssl genrsa -out ca/unrelated_root.key 4096
+openssl req -new -x509 '-sha256' -key ca/unrelated_root.key -out ca/unrelated_root.crt -days 7200 -subj "/O=MariaDB/OU=MariaDB/CN=Root CA" -config ca/root.cfg -extensions v3_ca
+
+cp -v ca/root.crt ca/root_intermediate_ca1.crt ca/unrelated_root.crt server/server.key server/server.cachain clients/client.key clients/client.cachain ./
+rm -rf ca server clients
+
+cd ..

mysql-test/main/chained_ssl_certificates.opt

@@ -0,0 +1,3 @@
+--ssl-ca=$MYSQL_TEST_DIR/std_data/cachain/root.crt
+--ssl-key=$MYSQL_TEST_DIR/std_data/cachain/server.key
+--ssl-cert=$MYSQL_TEST_DIR/std_data/cachain/server.cachain

mysql-test/main/chained_ssl_certificates.result

@@ -0,0 +1,12 @@
+call mtr.add_suppression("Server SSL certificate doesn't verify");
+CREATE USER 'user1'@'%' REQUIRE SSL;
+Variable_name	Value
+Ssl_version	TLS
+
+Restart server and provide ssl-ca comprising intermediate_ca1 in addition to the root ca.
+Variable_name	Value
+Ssl_version	TLS
+
+Restart server and provide unrelated ssl-ca at server startup
+ERROR 2026 (HY000): TLS/SSL error:
+DROP USER 'user1';

mysql-test/main/chained_ssl_certificates.test

@@ -0,0 +1,74 @@
+# These tests are inspired from the following commit from MySQL Server
+# https://github.com/mysql/mysql-server/commit/969afef933f1872c5f38ea93047ef05c4509c335
+
+# Credits to salman.s.khan@oracle.com
+
+#####################################################################################
+# This test verifies MariaDB can handle chained ssl certificate
+# This test uses chained ssl certificates which is depicted as
+# below:-
+#
+#                      +---------+
+#                      | Root CA |
+#                      +---------+
+#                           |
+#              /------------+-----------\
+#              |                        |
+#     +------------------+     +------------------+
+#     | Intermediate CA1 |     | Intermediate CA2 |
+#     +------------------+     +------------------+
+#              |                        |
+#       +-------------+          +-------------+
+#       |   Server    |          |   Client    |
+#       | certificate |          | certificate |
+#       +-------------+          +-------------+
+#
+# certificates that may be helpful for chain construction.
+# In order to validate server cert correctly, we need to
+# provide the trusted root certificate and the untrusted
+# intermediate certificates as part of ssl-ca. Hence
+# root_intermediate_ca1.crt (trusted root certificate +
+# untrusted intermediate ca1 certificate) is passed as with
+# --ssl-ca option
+
+--source include/not_embedded.inc
+--source include/have_ssl_communication.inc
+
+#Suppress warning by the server certificate verification check: unrelated CA
+call mtr.add_suppression("Server SSL certificate doesn't verify");
+
+CREATE USER 'user1'@'%' REQUIRE SSL;
+
+--replace_result TLSv1.3 TLS TLSv1.2 TLS
+--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cachain/root.crt --ssl-cert=$MYSQL_TEST_DIR/std_data/cachain/client.cachain --ssl-key=$MYSQL_TEST_DIR/std_data/cachain/client.key -e "SHOW STATUS LIKE 'ssl_version'"
+
+--echo
+--echo Restart server and provide ssl-ca comprising intermediate_ca1 in addition to the root ca.
+--write_line wait $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--shutdown_server
+--source include/wait_until_disconnected.inc
+
+--write_line "restart:--ssl-ca=$MYSQL_TEST_DIR/std_data/cachain/root_intermediate_ca1.crt --ssl-key=$MYSQL_TEST_DIR/std_data/cachain/server.key --ssl-cert=$MYSQL_TEST_DIR/std_data/cachain/server.cachain" $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--enable_reconnect
+--source include/wait_until_connected_again.inc
+
+--replace_result TLSv1.3 TLS TLSv1.2 TLS
+--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cachain/root.crt --ssl-cert=$MYSQL_TEST_DIR/std_data/cachain/client.cachain --ssl-key=$MYSQL_TEST_DIR/std_data/cachain/client.key -e "SHOW STATUS LIKE 'ssl_version'"
+
+--echo
+--echo Restart server and provide unrelated ssl-ca at server startup
+--write_line wait $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--shutdown_server
+--source include/wait_until_disconnected.inc
+
+--write_line "restart:--ssl-ca=$MYSQL_TEST_DIR/std_data/cachain/unrelated_root.crt --ssl-key=$MYSQL_TEST_DIR/std_data/cachain/server.key --ssl-cert=$MYSQL_TEST_DIR/std_data/cachain/server.cachain" $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
+--enable_reconnect
+--source include/wait_until_connected_again.inc
+
+--replace_regex /(ERROR 2026 \(HY000\): TLS\/SSL error:).*/\1/
+--error 1
+--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cachain/unrelated_root.crt --ssl-cert=$MYSQL_TEST_DIR/std_data/cachain/client.cachain --ssl-key=$MYSQL_TEST_DIR/std_data/cachain/client.key -e "SHOW STATUS LIKE 'ssl_version'" 2>&1
+--echo
+
+# Cleanup
+DROP USER 'user1';

mysql-test/std_data/cachain/client.cachain

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIFPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MRAwDgYDVQQKDAdNYXJp
+YURCMRAwDgYDVQQLDAdNYXJpYURCMRkwFwYDVQQDDBBJbnRlcm1lZGlhdGUgQ0Ey
+MB4XDTI1MTIxMjE2NTY0NFoXDTQ1MDgyOTE2NTY0NFowETEPMA0GA1UEAwwGY2xp
+ZW50MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtP9k21MRWxut47OV
+CjK9jn+nJHnZ0agpAJbgdvsIFKrkV4v0VHb7m5dURaqV1lF1WhrSmc8k7gcSB32O
+l+6Fo0OToe80KxH3NeYN5YscfnVOtrtbpwEkoYt4CFSn95TpjFrEaF0nZUwg5mJb
++ZZsXzYk60GBA1It9uLMbqWAioRHbLprV6bIn0yDqKlf5JTQRk4JORxw3J66ppWC
+y+4OI8UmuOF4jJx3nWHTmPmtZEA7FgNisW9ReQC46+A8mdJCUqupIq6M7foG682+
+eKarvX1kjlOhL60PeuzazCmaGYTnkYI1wFC6Js6nE9xRTzS0UWR2UhBfgf9/FB86
+dqtD4qnwleW3VbnOim7XnXFrVq7yJ22sBO0KGRLRmBa2RCb8qvAogZ8zzYj/Jt4x
+QBHoqjFjGreaXZod0/P1yxTqgZBAz526WtH5EP4sO7xiFPvQONmrDsWAkG7PBRbw
+QZkpnYyH+IiGWQuL4Xsv8uSK6aKDvnXyvY97xKNQ3R4Nm/U5lsif9Uuw/dJHsIZl
+FkqG5m9p++7Kj5lAfliFtUmOOIHp3Vb3pMWds3muiJ5BH5g/1Ba2pe69GArWPx6P
+e63nhgUJ6DbUcS0xGX4lCeQg9/NPEimIk1CyqIcqSM6WN8//UUSiJuPArHxV1t5C
+Cv1BFIn27BPrTWGfrSEf4YThpDcCAwEAAaNyMHAwCQYDVR0TBAIwADAOBgNVHQ8B
+Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFDE0JF4hyOMP
+qskQdLbeJ/HEDQglMB8GA1UdIwQYMBaAFBvttDY6KgFqqyQy/GPUCB7wjMIjMA0G
+CSqGSIb3DQEBCwUAA4ICAQBgWR9PtXBDD6FPeZPkm5THyopYdueTHQ2MY4zH01mf
+tAgFJUOZGqaLPgnvhN1wd1JgU5K4kRR1MShz9JWo9B72t5PBL3Pr41xrhcoFja5C
+P+A4VOQ8yzQwA+V96Na11iXa+DiS6K3Vv7dp/bhAtWEk+6O/FTSdGdL5GAjbDXtd
+DKadvMx4tSrFZj4MW6V6xe3FzlCbg5ciEruhWUXPoW9XUOXqPScauPumXPJmYcsL
+OSz0br/Wh46vc6c7nYFTQd8UbyXU63/IdbTqB1AbY/uAZ47bzj9vGketKDWtYgJy
+uLFRybDZ5JX+S/p4kNYisfNeBwXr+Jc0ayTzWYnd2JjbIzeKBwcEsgCieT/rYJwt
+tUWcUb2I9936eeb7cBpqAcxaXSSABfqRdP/tIoVZrfEaufIeou/Gvglc1/PlIdlt
+nwURZBrwI6O2wWT6bZIlcM/kvIYpSVRV028p9SpZ9FGgn6aTYGVxcc50waWz6lSF
+WAaFkhiTeSQZugIPzk7SgDVsLQzL0YudAEb6afNTlF/k0qXrjjLsw1PbFJeVKkON
+guHQtkPAQaNgSRSPJtcG8s9+Qtcg8nGLTs33S0bY/BRF2M5v+aGVHTzlF9FNwVPx
+sLwekeDo75H/IMiB2CWQLsQbkwoCNIVsYaDrcfWGvaWt4OUkNKRjSTQ8OgJn4+OD
+hA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFVjCCAz6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA2MRAwDgYDVQQKDAdNYXJp
+YURCMRAwDgYDVQQLDAdNYXJpYURCMRAwDgYDVQQDDAdSb290IENBMB4XDTI1MTIx
+MjE2NTY0NFoXDTQ1MDgyOTE2NTY0NFowPzEQMA4GA1UECgwHTWFyaWFEQjEQMA4G
+A1UECwwHTWFyaWFEQjEZMBcGA1UEAwwQSW50ZXJtZWRpYXRlIENBMjCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL+xpdkcY7Xg/B+7ct45WHJtvArOwQdm
+vo6itdVRrXEc+MprySGjbLYvm+MB4QhI/e0Xhwvhh/6WAacSF9nu+GiWw02fZ5hR
+KNiepxAua+uxulPUcDapFRUt+w1H0HfB85qIChvJ1f56t+gtvLZpkNmS+p1U5wnp
+pFdIyBVDF3t6lr0Aoa5LRo1mbcB9MT4lJ7uMzcoTHFFQq4ROeyoRnleFGN0tIbqa
+njMBvN6lRpQToPfstQdD4B8LLwwYmJvPYInxJx76QV39PzPOsmq581WCMi49z3B4
+gBLxNP5/QfrXC6DVCFs1aq9SyuclcIcquMvgvrvQ0hI6l5xbvj6DLySUfJI1unCw
+GUdvg2U1DCQN3TPU3j8tHXHQJgp7y9NNCbaLKi60X+vWB3uhWnAzqV+QMvDxbA3w
+4PZobeBOeygst7f3020UVAcRZLpb4l/MJTzdjTVjmPz0I3wenKPj6m19BH+iVabz
+p4jc4wlBZuyBmhQ4UpYuCYzuIh+ki2daZc43UmdDx8sEKBooE1LBnn85pSQNwBuM
+Iu8FdqN/FpVlfnrbjM1sFKvDfm91knGRRQnd4R1WKm8PB0kmmQ6rq5eMc37Gn7oG
+cCWXomCtaVDExZ7MVscPAWVtfTpHKNkHpKh0WjEtO2+qY1Ts3h1EeJMTjp602rTo
+6vlmm8egTvQ9AgMBAAGjZjBkMB0GA1UdDgQWBBQb7bQ2OioBaqskMvxj1Age8IzC
+IzAfBgNVHSMEGDAWgBQEiu6rzWpHMQmM8hx+uT1eOZrSrDASBgNVHRMBAf8ECDAG
+AQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAFRDs8s5g
+OZu+0XoDGOka5rVEcuKukOd8hM1kx5YXuFOsKISShJywCGtpBbs2acjqEjKMiiME
+uZSAapm/9YwQv1wM3XNqjzypxAl4ibE/5noJR7vDS0ixMgO884pDVdvHYwfw1aEJ
+lxMfDQkY3foMVDLNgkscHtJWH3rQ9icf6ATzvJh03Oxsk/5ku056Fs2hcNzrK0un
+omrycfAEIBikkqlS/OCWAHNp5nBkxcl/ZN1dO5empcbaYIuDSd9d4oPAFkbW3qoa
+cqOYrwWbKjlbPQ1vXmst0KmWnErWurm7e3aSkXzUTLRor12p0pfyydpQ79vNm/md
+uDXzhMc4/xdMQCSHMcVfbD2Oduz/Xh7G5n+NbGHNj1FzChraHj7Mr+/ls6sY8uRA
+oE/xB+Y+BJcJgsghUhulVFnF/tDPWDwHkSiDG8yXxaOr98/hdtdVlk2SZRmhmu5J
+8yVhAyPj/v7dxInQ4aE4AEkEtlSV9qHo1armzyORa9kqKbWUR9h3yba/U65citRQ
+sT7eDkoYueNew6mYcWrh7mCY6HflhM9Kskyem+Ev5BOPjNHyRU/yuSytfOQefa4R
+Zwh4oTAWlPImUlcImnDHaXTlCxu8carg87tk4RNlQX9VhsqJtZEFA9dvhfyCW1k0
+t9zG0FnuvV5vtSrkT/DUEnTHpSbzgO5dpU0=
+-----END CERTIFICATE-----

mysql-test/std_data/cachain/client.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0/2TbUxFbG63j
+s5UKMr2Of6ckednRqCkAluB2+wgUquRXi/RUdvubl1RFqpXWUXVaGtKZzyTuBxIH
+fY6X7oWjQ5Oh7zQrEfc15g3lixx+dU62u1unASShi3gIVKf3lOmMWsRoXSdlTCDm
+Ylv5lmxfNiTrQYEDUi324sxupYCKhEdsumtXpsifTIOoqV/klNBGTgk5HHDcnrqm
+lYLL7g4jxSa44XiMnHedYdOY+a1kQDsWA2Kxb1F5ALjr4DyZ0kJSq6kirozt+gbr
+zb54pqu9fWSOU6EvrQ967NrMKZoZhOeRgjXAULomzqcT3FFPNLRRZHZSEF+B/38U
+Hzp2q0PiqfCV5bdVuc6KbtedcWtWrvInbawE7QoZEtGYFrZEJvyq8CiBnzPNiP8m
+3jFAEeiqMWMat5pdmh3T8/XLFOqBkEDPnbpa0fkQ/iw7vGIU+9A42asOxYCQbs8F
+FvBBmSmdjIf4iIZZC4vhey/y5IrpooO+dfK9j3vEo1DdHg2b9TmWyJ/1S7D90kew
+hmUWSobmb2n77sqPmUB+WIW1SY44gendVvekxZ2zea6InkEfmD/UFral7r0YCtY/
+Ho97reeGBQnoNtRxLTEZfiUJ5CD3808SKYiTULKohypIzpY3z/9RRKIm48CsfFXW
+3kIK/UEUifbsE+tNYZ+tIR/hhOGkNwIDAQABAoICAAQY2eQbE8P/suZ6HLAP6PmO
+Sy7IsVUNHOx9/dPDp/Gr0qJmsR+uV9C0UryG+YBR9LmW7Nh9d2UJ9O8FeRJYXF8P
+OwrJ2uD0tadbL0pYZUs5hZAeWptDq9waR5vMqsawcL70GQkRvsAMwpvkcxeJv6dC
+FwDaSTzVgePaS21fwrKf/uvnpmFkDZuJhFtvhhOrCLHmt0+7JJTh5PC7ZqwOFfTa
+VB+QPwXTzuNZoQwP7sxbpdrANd41Wl9GVGlGeKi0uTqc1yXJVLhYVgrFa//YKgAO
+lBWir/3fyX9rWCKR+IKGXyWMkIHrceNJ/z80WATWeRR0lTcTVs4fBfXjJRQlmVJA
+7PkhK3wuhK7AR9B3ErT8H0eGe4pvouTvWD0gw4xjGfsFPyZuMAoHTFHss9SfDM4Z
+5yAxCX2TYw8eE7ZZ8A7DmDAyfn6PEaI8UZQ1zCtcxTwW3mrj8zwKfEiw4Xt9igCq
+EQaXFUtU2W8J2RaZC414THiD05LtYCH3rUlBAbZbH2nlin6s67BovU8P6EVDPb4F
+HIY0xa4KeckHtdFp+EH3eado5KvRr9xk/Hlju+aAV6xu18/T91RhSxktEcG7KGXB
+469RA47uuGRw//WYfH1B0avOLKe4UgCedUK/xU5jwQR7KifJHhc5Lh3xBSrUsGnx
+zhv9ibTWsJkx5AyEZMopAoIBAQDfhXxGLqRm7cNZF6zxjbozb7SCqOQ9XNuKYC0B
+2LjBbN4mKQrqNpetwkrbOlTwEOzDM5+jc5KgwHGJk43k6F1QqTo/2OR0QVNGZmgW
+5xat/KY6Cpeld2i1QPJ++r8ICDWHMhkwN2Sp36GsAoz3MQJQ5H+a3zBRvDImyxev
+rPzvJRsPKtnK/9rpNg7Twnzn2mLSM6tnmSy2dQWLRK+8A3/qW65/87KbQ4cGiLPy
+f4dGCS9XLMzBH3OuZIDuqQqcOFdZezIrOtNJZH+S1I+Xr7tNlqpFAg38S2uXg3xc
+iRaKuPBAvsZy5X+e0ylWm+sRuidiUx6zCoXcPUaADTjk8zBpAoIBAQDPTB17MHOL
+gLLmtux2sKXqrpmdFngPTpOD7Sbq/OzeuaA6ZPzRYZsYAbeuy4yAP5kR0vg/FrmQ
+8JTeCBYTYNhLKYXkBE+zXOtelrYovKBwaLFok9LHqTXsZ9GuRrlaQY35IwZpf6H0
+/1vNbgh10vSLs0uTA+QM0NsVMt2gQSbcW+v8WFaI02t8fOo5WdVvnYrNAUhHtW4/
+lBPaIuM/xZOfePozEJfEE5See/ZI/8OX0C3DCKdueRW3C2rPMGuPzpqPWmNwUDMc
+QhcMHmrdCXvAvTdXohApkZz5rlsQoP2KDtvZlhOEHlSYQNLHvO3QkJEj1YlGs1Rw
+K3V4vKamb5ufAoIBAC8Lx4Z2FsBbVvyPkSUecYyV/GZr6e5IdyT+7TowRWLg6Tka
+9mMprm8yL9NIycvlpA/J89XRY5FWMA+G8Ry3E70AgXQi0KLvhPmSYGJBrXJddRdO
+V3DKW02bJ+82E7M7FxknoEmXvyZKHZs4xjbZJ+Wi0oDkbSUm+V9U691cCbjEFJfy
+qvihNZBUgnZrvyKFwrr/iRo7EUAuDUas5FgsXGYVefsQbg1j/y2O5GEsGmrRUBeH
+JGmZlx2jpceV6NfMvAXnej3DGemer4NWHgsNP90q0xfHQO5TaYfwcuJ/MDFuj5Lx
+FI/mYiApzc+e7bFDfzqgyBtjIZ2jgA0/uzPlQ9ECggEBAMhgZdrvMbE2PTggt5/f
+DvIzxc7/qhv5s0QB1+2rgHembMglV/A47gcdmeT/YpeRYi/FgyrQl50PwIaCwHwI
+z+qPf5mxxSy2c9lhy0DDXD5sJJjW0xcmbDZRAHD6ci5ZUZfyED+oHPBKaf3AD7N8
+r9/d9v5r82Oj+zGZkntWnu7Ad/LbnQHzg2G5CVtYh6S1Xzbct3aBXMleJHZl5M5+
++DxdX1Q/BMSGvNEZOC7F89XqaGGvGtEBgEkIYz1VK5O9fM926snk7BKzm72eJWP1
+x8a94CH4SLE1zMvYirQfOhTaWg8QL1s1SkZF2rkx2ZsSMwm1XlWWANfQWmPTzy7w
+kTcCggEBAIi2uhi60gBDrJ3xIPcXQC6YHtDHA/7p6XNFnp9Nx/9He7tPIULgH7AS
+MbLza+etC45w2mc8Ypqy+w2+a44B8FnWpFZ3ff3fi9IlV6CHM9D0OrnL12GAnmOG
+gUXEBPW4Kk5k8kVRyhw9If38qrh9IW7oSifUiYNdiDgoViv9ZTgw/ZWYiU8krqF9
+sPQlnzdhxhNu7TIEBu8iY0t0dh53f6PPlVWwKAHawyo+UXypM7MGNTE1AP0E+x+a
+mUXVjbI5oCrs+mSFpjTA6BrP2NHHrIA+qPI8dchy7LIfXjOnW+2g0m85F7U/Egd0
+0txeBq/S0KIBpAsLK5G0aqD+qASd630=
+-----END PRIVATE KEY-----

mysql-test/std_data/cachain/root.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFXTCCA0WgAwIBAgIUMS/WV2Y7lwQy/yLQDAFU66GhILkwDQYJKoZIhvcNAQEL
+BQAwNjEQMA4GA1UECgwHTWFyaWFEQjEQMA4GA1UECwwHTWFyaWFEQjEQMA4GA1UE
+AwwHUm9vdCBDQTAeFw0yNTEyMTIxNjU2NDJaFw00NTA4MjkxNjU2NDJaMDYxEDAO
+BgNVBAoMB01hcmlhREIxEDAOBgNVBAsMB01hcmlhREIxEDAOBgNVBAMMB1Jvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC74Ifa/BBjtlkdANjj
+8IWn8+RL9/CODm5xURmWfJSzW4vebZZPGwkd3J5grTW3Zr+XGpXfbFPwC63pPDAu
+8CzVXCDNSK+Fa2usoLsnYW2CmxeMqrUeBVZk4YCZ0ztjwvvZkwrbN6L/uk0OMpy7
+T6c0lxysMAuTXYPGY8NNDW0tpKh2LbxzGsAkREbM17vAHveHyiJ8YmWHmUeujqir
+IlEcClTVEqSR8sWDwu01W/aD9u9wY1CJZyTNF3lJPZ8XqNBVZ89Ydl0y7W1oXOno
+b/6CTZYUxMQ/xUL00L1i+VcIKjV8jZFrFyrjJsnGlvqLlzUQ3dwFKJISIMcF9Jb2
+PnZTGNjhzROil3zrItjKTbScgLiWuqAh8YNmRRisDIlkMr8kFU2FjznrMkFP3LK8
+BPBKKwNaYzcbeR6xwMgj3rJvT5PDk0ffBn/hjyhgpVJfp10hvkFtV2kSE/ttmU0O
++SQXgjXxsPs9223oTgjxt5FfZei+mdOJ69G6/boupF9eYpKe0cNLYnF0V+rFoxiK
+LFUQhNMJVDBca/cp791N9Nb1bhKSHnR+zQNQjBH4BAmWKzuzKLrt3L6QKK59xyy9
+HdbM/ohbEEKialgm/Lwrr+olcpyPMwujM5B0r9B+Z4b/oPEIsncNpCl553r7YQZ5
+P9PYiJ/kOBxCwnYeYlwk+KygNQIDAQABo2MwYTAdBgNVHQ4EFgQUBIruq81qRzEJ
+jPIcfrk9Xjma0qwwHwYDVR0jBBgwFoAUBIruq81qRzEJjPIcfrk9Xjma0qwwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB
+AD47H7tlk1aWFEf1UK9Xnh2hELTSXX3/uE5Sxx32DINTL2wcqiLOgxTMEaNr1EeF
+dCkuADFclEsJfh+mWmhRsD7KKKlq4grMX9jTobfj0sd84M+d+YgkqAlP9f9b6QrX
+e9pv2FVCL467JARWSZRuLJ7SZOHK88ajNnAG36LFdtXBDOAcogtddRfAil/5PMP4
+HIgZQOG96h0yMDoIJB1RIicf8f56xsC5m1Jbz4B3V8rPcCGK9CKWLrgd0FiXZV45
+GMuXLsOfEaUEtMz/gRIdQlMHgTWk6Inprm9wynL51J0gE3BZIm26G1gpae3GcG5Z
+q8BQQbQfn6Tg/H8a+56H1CDclt9qQjRMRDH81r5w7hK1LvjKrEKjdmzmxaPAqq71
+Ne5gXJxYjgSwpFB5MYX4K0Do2zoqE7HhuGc/0oWhm0IrAy616tOZtmopoNiYoJ88
+xjHXRCKs6w6vPsNew75u5N7mU7IlCXjxVSF6cSyRd4fnBY3kRxZPJWlOe8jsIuED
+PZYfAI+10nOGNY7c3scvxgZCnNU0THryem0PNIM0XaM/fR+SH+Kl+V9x14sDouIS
+B6gCYEk2oZW7EdfLN3FXFufoIPNsR1KkDsh7RKYamMVlSsGEEFPt3h9I0c3kAaOT
+FHZ29DjuAuSGaEvs4NiOsYmaQP51BM1sFs/gkz678KZy
+-----END CERTIFICATE-----