diff options
| author | unknown <tnurnberg@salvation.intern.azundris.com> | 2006-08-22 14:29:48 +0200 |
|---|---|---|
| committer | unknown <tnurnberg@salvation.intern.azundris.com> | 2006-08-22 14:29:48 +0200 |
| commit | 97e0f59b3b63f99db090da697b0c1b52e25b4653 (patch) | |
| tree | fcb364e1f33ed1869657e6c6a5d83b8ca8aee28d /mysql-test/t/openssl_1.test | |
| parent | 698bd7c4faa9c42b11ac5ce55f1450c2112bafcb (diff) | |
| download | mariadb-git-97e0f59b3b63f99db090da697b0c1b52e25b4653.tar.gz | |
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
when X.509 subject was required for a connect, we tested whether it was the right
one, but did not refuse the connexion if not. fixed.
(corrected CS now --replace_results socket-path)
mysql-test/r/openssl_1.result:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
test not only whether we can connect with a correct X.509 subject when one is
required, but also assure that we can't without one.
mysql-test/t/openssl_1.test:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
test not only whether we can connect with a correct X.509 subject when one is
required, but also assure that we can't without one.
sql/sql_acl.cc:
Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both
actually refuse connexion if X.509 is required, but does not match. kudos to Al Smith.
Diffstat (limited to 'mysql-test/t/openssl_1.test')
| -rw-r--r-- | mysql-test/t/openssl_1.test | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index afee381f5b7..49f8fc4d7d4 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -10,14 +10,18 @@ insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; +grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; connect (con1,localhost,ssl_user1,,,,,SSL); connect (con2,localhost,ssl_user2,,,,,SSL); connect (con3,localhost,ssl_user3,,,,,SSL); connect (con4,localhost,ssl_user4,,,,,SSL); +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error 1045 +connect (con5,localhost,ssl_user5,,,,,SSL); connection con1; # Check ssl turned on @@ -49,7 +53,7 @@ delete from t1; connection default; drop user ssl_user1@localhost, ssl_user2@localhost, -ssl_user3@localhost, ssl_user4@localhost; +ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; drop table t1; |