From 32158be720b85a3ae0e0eeebe1277c36f86dca38 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Fri, 21 Oct 2022 19:50:07 +0200
Subject: MDEV-29811 server advertises ssl even if it's unusable.

Abort startup, if SSL setup fails.
Also, for the server always check that certificate matches private key
(even if ssl_cert is not set, OpenSSL will try to use default one)
---
 mysql-test/main/bad_startup_options.result |  1 +
 mysql-test/main/bad_startup_options.test   | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 mysql-test/main/bad_startup_options.result
 create mode 100644 mysql-test/main/bad_startup_options.test

(limited to 'mysql-test')

diff --git a/mysql-test/main/bad_startup_options.result b/mysql-test/main/bad_startup_options.result
new file mode 100644
index 00000000000..72c05cf5235
--- /dev/null
+++ b/mysql-test/main/bad_startup_options.result
@@ -0,0 +1 @@
+FOUND 1 /\[ERROR\] SSL error: Unable to get certificate/ in errorlog.err
diff --git a/mysql-test/main/bad_startup_options.test b/mysql-test/main/bad_startup_options.test
new file mode 100644
index 00000000000..bd0b6283854
--- /dev/null
+++ b/mysql-test/main/bad_startup_options.test
@@ -0,0 +1,19 @@
+--source include/not_embedded.inc
+--source include/have_ssl_communication.inc
+
+--source include/shutdown_mysqld.inc
+
+# Try to start the server, with bad values for some options.
+# Make sure, the starts fails, and expected message is in the error log
+
+--let errorlog=$MYSQL_TMP_DIR/errorlog.err
+--let SEARCH_FILE=$errorlog
+
+# Bad ssl-cert
+--error 1
+--exec $MYSQLD --defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf --ssl-cert=bad --log-error=$errorlog
+--let SEARCH_PATTERN=\[ERROR\] SSL error: Unable to get certificate
+--source include/search_pattern_in_file.inc
+--remove_file $SEARCH_FILE
+
+--source include/start_mysqld.inc
-- 
cgit v1.2.1