diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2019-01-26 22:29:24 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2019-01-28 14:41:39 +0100 |
| commit | 9c60535f867678e65ade1258ca10b7d2ee2bdc53 (patch) | |
| tree | 98896eddfe74b7f9c9ae7b91894b5b14897bc399 /mysql-test/main/ssl_crl.test | |
| parent | eff7f9bea26a327974bb87ddfaa18ad57e7391a2 (diff) | |
| download | mariadb-git-9c60535f867678e65ade1258ca10b7d2ee2bdc53.tar.gz | |
SSL test fixesmariadb-10.4.2
* fix CRL tests to work
* regenerate certificates to be at least 2048 bit
(fixes buster and rhel8 in buildbot)
* update generate-ssl-cert.sh to generate crl files
* make all SSL tests to use certificates generated
in generate-ssl-cert.sh, remove unused certificates
Diffstat (limited to 'mysql-test/main/ssl_crl.test')
| -rw-r--r-- | mysql-test/main/ssl_crl.test | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/mysql-test/main/ssl_crl.test b/mysql-test/main/ssl_crl.test index 65c14837e50..dc30a9b5934 100644 --- a/mysql-test/main/ssl_crl.test +++ b/mysql-test/main/ssl_crl.test @@ -2,15 +2,12 @@ -- source include/not_embedded.inc -- source include/have_openssl.inc ---echo # test --crl for the client : should connect ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';" - ---echo # test --crlpath for the client : should connect ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-valid-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-valid-cert.pem --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';" +--echo # try logging in with a certificate not in the server's --ssl-crl : should succeed +--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-new-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" --echo # try logging in with a certificate in the server's --ssl-crl : should fail ---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR +# OpenSSL 1.1.1a correctly rejects the certificate, but the error message is wrong +--replace_result "ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 0" "ERROR 2026 (HY000): SSL connection error: sslv3 alert certificate revoked" --error 1 ---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW VARIABLES like '%ssl%';" +--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 |