Travis fixes (TLS/SSL)

mariadb-corporation · Feb 1, 2018 · 209c4f8 · 209c4f8
1 parent fca3ef7
commit 209c4f8
Show file tree

Hide file tree

Showing 6 changed files with 265 additions and 76 deletions.
diff --git a/.travis/gen-ssl.sh b/.travis/gen-ssl.sh
@@ -29,10 +29,12 @@ main () {
   local caCertFile="${sslDir}/ca.crt"
   local caKeyFile="${sslDir}/ca.key"
   local certFile="${sslDir}/server.crt"
+  local certShaFile="${sslDir}/server-cert.sha1"
   local keyFile="${sslDir}/server.key"
   local csrFile=$(mktemp)
-  local clientCertFile="${sslDir}/client.crt"
-  local clientKeyFile="${sslDir}/client.key"
+  local clientCertFile="${sslDir}/client-cert.pem"
+  local clientKeyFile="${sslDir}/client-key.pem"
+  local clientEncryptedKeyFile="${sslDir}/client-key-enc.pem"
   local clientKeystoreFile="${sslDir}/client-keystore.jks"
   local fullClientKeystoreFile="${sslDir}/fullclient-keystore.jks"
   local tmpKeystoreFile=$(mktemp)
@@ -89,6 +91,26 @@ main () {
     -keyout "${clientKeyFile}" \
     -out "${clientReqFile}"
 
+  log "Generating password protected client key file"
+  openssl rsa \
+     -aes256 \
+     -in "${clientKeyFile}" \
+     -out "${clientEncryptedKeyFile}" \
+     -passout pass:qwerty
+
+   log "Generating finger print of server certificate"
+   openssl x509 \
+     -noout \
+     -fingerprint \
+     -sha1 \
+     -inform pem \
+     -in "${certFile}" | \
+     sed -e  "s/SHA1 Fingerprint=//g" \
+     > "${certShaFile}"
+
+  log "copy ca file"
+    cp "${caCertFile}" "${sslDir}/cacert.pem"
+
   openssl x509 \
     -req \
     -in "${clientReqFile}" \
@@ -120,7 +142,6 @@ main () {
     -passout pass:kspass
 
 
-
   # Clean up CSR file:
   rm "$csrFile"
   rm "$clientReqFile"

diff --git a/.travis/script.sh b/.travis/script.sh
@@ -43,18 +43,17 @@ ls -lrt ${SSLCERT}
 
 
 #build C connector
-DEBIAN_FRONTEND=noninteractive sudo apt-get install --allow-unauthenticated -y --force-yes -m unixodbc-dev
-time git clone --depth 1 "https://github.com/MariaDB/mariadb-connector-c.git" build
-cd build
-
-cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=OPENSSL
+cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=OPENSSL -DCERT_PATH=${SSLCERT}
 make
 
 export MYSQL_TEST_HOST=mariadb.example.com
 export MYSQL_TEST_DB=ctest
 export MYSQL_TEST_USER=bob
 export MYSQL_TEST_PORT=3305
-# todo: plugin dir
+export MYSQL_TEST_TRAVIS=1
+
+## list ciphers
+openssl ciphers -v
 
 ###################################################################################################################
 # run test suite

diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c
@@ -79,6 +79,7 @@ static long ma_tls_version_options(const char *version)
        disable_all_protocols;
 
   protocol_options= disable_all_protocols=
+    SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
     SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
 
   if (!version)
@@ -512,7 +513,7 @@ void *ma_tls_init(MYSQL *mysql)
 {
   SSL *ssl= NULL;
   SSL_CTX *ctx= NULL;
-  long options= SSL_OP_ALL;
+  long options= SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
 #ifdef HAVE_TLS_SESSION_CACHE
   MA_SSL_SESSION *session= ma_tls_get_session(mysql);
 #endif

diff --git a/unittest/libmariadb/bulk1.c b/unittest/libmariadb/bulk1.c
@@ -861,8 +861,142 @@ static int bulk_skip_row(MYSQL *mysql)
   return OK;
 }
 
+static int bulk_null_null(MYSQL *mysql)
+{
+  struct st_bulk4 {
+    char char_value[20];
+    char indicator1;
+    int  int_value;
+    char indicator2;
+    double double_value;
+    char indicator3;
+    char time_value[20];
+    char indicator4;
+    char decimal_value[4];
+    char indicator5;
+  };
+
+  struct st_bulk4 val[]= {{"3",      STMT_INDICATOR_NTS,
+                           3,        STMT_INDICATOR_NONE,
+                           3.0,      STMT_INDICATOR_NONE,
+                           "00:00:00",  STMT_INDICATOR_NTS,
+                           "3.0",    STMT_INDICATOR_NTS},
+                          {"3",      STMT_INDICATOR_NULL,
+                           3,        STMT_INDICATOR_NULL,
+                           3.0,      STMT_INDICATOR_NULL,
+                           "00:00:00",  STMT_INDICATOR_NULL,
+                           "3.0",    STMT_INDICATOR_NULL},
+                          {"3",      STMT_INDICATOR_NTS,
+                           3,        STMT_INDICATOR_NONE,
+                           3.0,      STMT_INDICATOR_NONE,
+                           "00:00:00",  STMT_INDICATOR_NTS,
+                           "3.0",    STMT_INDICATOR_NTS}};
+  int rc;
+  MYSQL_BIND bind[5];
+  MYSQL_RES *res;
+  MYSQL_STMT *stmt= mysql_stmt_init(mysql);
+  size_t row_size= sizeof(struct st_bulk4);
+  int array_size= 3;
+  unsigned long server_version= mysql_get_server_version(mysql);
+  unsigned long lengths[3]= {-1, -1, -1};
+
+  if (!bulk_enabled)
+    return SKIP;
+
+  if (server_version > 100300 &&
+      server_version < 100305)
+    return SKIP;
+
+  rc= mysql_query(mysql, "DROP TABLE IF EXISTS bulk_null");
+  check_mysql_rc(rc,mysql);
+  rc= mysql_query(mysql, "CREATE TABLE bulk_null "
+                         "(s varchar(20), "
+                         " i int, "
+                         " d double, "
+                         " t time, "
+                         " c decimal(3,1))");
+  check_mysql_rc(rc,mysql);
+
+  rc= mysql_stmt_prepare(stmt, "INSERT INTO bulk_null VALUES (?,?,?,?,?)", -1);
+  check_stmt_rc(rc, stmt);
+
+  memset(bind, 0, sizeof(MYSQL_BIND)*2);
+
+  rc= mysql_stmt_attr_set(stmt, STMT_ATTR_ARRAY_SIZE, &array_size);
+  check_stmt_rc(rc, stmt);
+  rc= mysql_stmt_attr_set(stmt, STMT_ATTR_ROW_SIZE, &row_size);
+  check_stmt_rc(rc, stmt);
+
+  bind[0].buffer_type= MYSQL_TYPE_STRING;
+  bind[0].u.indicator= &val[0].indicator1;
+  bind[0].buffer= &val[0].char_value;
+  bind[0].length= lengths;
+  bind[1].buffer_type= MYSQL_TYPE_LONG;
+  bind[1].buffer= &val[0].int_value;
+  bind[1].u.indicator= &val[0].indicator2;
+  bind[2].buffer_type= MYSQL_TYPE_DOUBLE;
+  bind[2].buffer= &val[0].double_value;
+  bind[2].u.indicator= &val[0].indicator3;
+  bind[3].buffer_type= MYSQL_TYPE_STRING;
+  bind[3].u.indicator= &val[0].indicator4;
+  bind[3].buffer= &val[0].time_value;
+  bind[3].length= lengths;
+  bind[4].buffer_type= MYSQL_TYPE_NEWDECIMAL;
+  bind[4].u.indicator= &val[0].indicator5;
+  bind[4].buffer= &val[0].decimal_value;
+  bind[4].length= lengths;
+
+  rc= mysql_stmt_bind_param(stmt, bind);
+  check_stmt_rc(rc, stmt);
+  rc= mysql_stmt_execute(stmt);
+  check_stmt_rc(rc, stmt);
+
+  mysql_stmt_close(stmt);
+
+  rc= mysql_query(mysql, "SELECT * FROM bulk_null WHERE s='3'");
+  check_mysql_rc(rc, mysql);
+  res= mysql_store_result(mysql);
+  rc= (int)mysql_num_rows(res);
+  mysql_free_result(res);
+  FAIL_IF(rc != 2, "expected 2 rows");
+
+  rc= mysql_query(mysql, "SELECT * FROM bulk_null WHERE i=3");
+  check_mysql_rc(rc, mysql);
+  res= mysql_store_result(mysql);
+  rc= (int)mysql_num_rows(res);
+  mysql_free_result(res);
+  FAIL_IF(rc != 2, "expected 2 rows");
+
+  rc= mysql_query(mysql, "SELECT * FROM bulk_null WHERE d=3.0");
+  check_mysql_rc(rc, mysql);
+  res= mysql_store_result(mysql);
+  rc= (int)mysql_num_rows(res);
+  mysql_free_result(res);
+  FAIL_IF(rc != 2, "expected 2 rows");
+
+  rc= mysql_query(mysql, "SELECT * FROM bulk_null WHERE t='00:00:00'");
+  check_mysql_rc(rc, mysql);
+  res= mysql_store_result(mysql);
+  rc= (int)mysql_num_rows(res);
+  mysql_free_result(res);
+  FAIL_IF(rc != 2, "expected 2 rows");
+
+  rc= mysql_query(mysql, "SELECT * FROM bulk_null WHERE c=3.0");
+  check_mysql_rc(rc, mysql);
+  res= mysql_store_result(mysql);
+  rc= (int)mysql_num_rows(res);
+  mysql_free_result(res);
+  FAIL_IF(rc != 2, "expected 2 rows");
+
+  rc= mysql_query(mysql, "DROP TABLE bulk_null");
+  check_mysql_rc(rc, mysql);
+  return OK;
+}
+
+
 struct my_tests_st my_tests[] = {
   {"check_bulk", check_bulk, TEST_CONNECTION_DEFAULT, 0,  NULL,  NULL},
+  {"bulk_null_null", bulk_null_null, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
   {"test_char_conv1", test_char_conv1, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
   {"test_char_conv2", test_char_conv2, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
   {"test_conc243", test_conc243, TEST_CONNECTION_DEFAULT, 0,  NULL,  NULL},

diff --git a/unittest/libmariadb/my_test.h b/unittest/libmariadb/my_test.h
@@ -140,6 +140,7 @@ static char *username = 0;
 static int force_tls= 0;
 static char *this_host= 0;
 static uchar is_mariadb= 0;
+static const char *travis_test;
 /*
 static struct my_option test_options[] =
 {
@@ -477,6 +478,8 @@ static int reset_connection(MYSQL *mysql) {
 void get_envvars() {
   char  *envvar;
 
+  travis_test= getenv("MYSQL_TEST_TRAVIS");
+
   if (!hostname && (envvar= getenv("MYSQL_TEST_HOST")))
     hostname= envvar;
   if (!username)