diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2019-12-08 18:14:42 +0100 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2019-12-08 18:26:16 +0100 |
commit | 6484288cd260cc9ad34d93a35502e66c034f01a7 (patch) | |
tree | d7f6cc97860d227135a9dafed6b896d4bcc08560 /mysql-test/t | |
parent | 3cc0e0befb3d6012a7ed9649a2220bf6cc6c614f (diff) | |
download | mariadb-git-6484288cd260cc9ad34d93a35502e66c034f01a7.tar.gz |
CONC-447 ERROR 2026 (HY000): SSL connection error: Certificate signature check failed
Enable CRL checking on Windows.
Enable certificate verification testing in client testing.
Diffstat (limited to 'mysql-test/t')
-rw-r--r-- | mysql-test/t/ssl_7937.test | 13 | ||||
-rw-r--r-- | mysql-test/t/ssl_crl_clients.test | 14 |
2 files changed, 13 insertions, 14 deletions
diff --git a/mysql-test/t/ssl_7937.test b/mysql-test/t/ssl_7937.test index aa8cd225d7b..59c13107e01 100644 --- a/mysql-test/t/ssl_7937.test +++ b/mysql-test/t/ssl_7937.test @@ -21,15 +21,6 @@ create procedure have_ssl() --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 --echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()" -# this is the test where certificate verification fails. -# but yassl doesn't support certificate verification, so -# we fake the test result for yassl -let yassl=`select variable_value='Unknown' from information_schema.session_status where variable_name='Ssl_session_cache_mode'`; -if (!$yassl) { - --replace_result "self signed certificate in certificate chain" "Failed to verify the server certificate" "Error in the certificate." "Failed to verify the server certificate" - --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 -} -if ($yassl) { - --echo ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate -} +--replace_regex /SSL connection error.*certificate[^\n]*/SSL connection error: Failed to verify the server certificate/ +--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 drop procedure have_ssl; diff --git a/mysql-test/t/ssl_crl_clients.test b/mysql-test/t/ssl_crl_clients.test index fc954a2fc38..f1dc4909cc6 100644 --- a/mysql-test/t/ssl_crl_clients.test +++ b/mysql-test/t/ssl_crl_clients.test @@ -1,6 +1,12 @@ # This test should work in embedded server after we fix mysqltest -- source include/not_embedded.inc --- source include/have_openssl.inc + +if (`SELECT COUNT(*) = 0 FROM information_schema.GLOBAL_VARIABLES + WHERE (VARIABLE_NAME ='version_compile_os' AND VARIABLE_VALUE LIKE 'Win%' OR + VARIABLE_NAME='have_openssl' AND VARIABLE_VALUE='YES')`) +{ + skip Need openssl or Windows; +} --echo # Test clients with and without CRL lists @@ -14,10 +20,12 @@ copy_file $MYSQL_TEST_DIR/std_data/server-cert.crl $MYSQL_TMP_DIR/ed1f42db.r0; --echo ############ Test mysql ############## --echo # Test mysql connecting to a server with a certificate revoked by -crl +--replace_result "Server certificate validation failed. The certificate is revoked. Error 0x80092010(CRYPT_E_REVOKED)" "certificate revoked" --error 1 --exec $MYSQL $ssl_crl test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 --echo # Test mysql connecting to a server with a certificate revoked by -crlpath +--replace_result "Server certificate validation failed. The certificate is revoked. Error 0x80092010(CRYPT_E_REVOKED)" "certificate revoked" --error 1 --exec $MYSQL $ssl_crlpath test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1 @@ -26,11 +34,11 @@ copy_file $MYSQL_TEST_DIR/std_data/server-cert.crl $MYSQL_TMP_DIR/ed1f42db.r0; let $admin_suffix = --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping; --echo # Test mysqladmin connecting to a server with a certificate revoked by -crl ---replace_regex /.*mysqladmin.*:/mysqladmin:/ +--replace_regex /.*mysqladmin.*:/mysqladmin:/ /SSL connection error: .*CRYPT_E_REVOKED./SSL connection error: certificate revoked/ --error 1 --exec $MYSQLADMIN $ssl_crl $admin_suffix 2>&1 --echo # Test mysqladmin connecting to a server with a certificate revoked by -crlpath ---replace_regex /.*mysqladmin.*:/mysqladmin:/ +--replace_regex /.*mysqladmin.*:/mysqladmin:/ /SSL connection error: .*CRYPT_E_REVOKED./SSL connection error: certificate revoked/ --error 1 --exec $MYSQLADMIN $ssl_crlpath $admin_suffix 2>&1 |