# This test should work in embedded server after we fix mysqltest
-- source include/not_embedded.inc
-- source include/have_openssl.inc

--echo # Test clients with and without CRL lists

let $ssl_base = --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-verify-server-cert;
let $ssl_crl = $ssl_base --ssl-crl=$MYSQL_TEST_DIR/std_data/server-cert.crl;
let $ssl_crlpath = $ssl_base --ssl-crlpath=$MYSQL_TMP_DIR;

# See `openssl x509 -in server-cert.pem -noout -issuer_hash`
copy_file $MYSQL_TEST_DIR/std_data/server-cert.crl $MYSQL_TMP_DIR/ed1f42db.r0;

--echo ############ Test mysql ##############

--echo # Test mysql connecting to a server with a certificate revoked by -crl
--error 1
--exec $MYSQL $ssl_crl test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1

--echo # Test mysql connecting to a server with a certificate revoked by -crlpath
--error 1
--exec $MYSQL $ssl_crlpath test -e "SHOW STATUS LIKE 'Ssl_version'" 2>&1


--echo ############ Test mysqladmin ##############
let $admin_suffix = --default-character-set=latin1 -S $MASTER_MYSOCK -P $MASTER_MYPORT -u root --password= ping;

--echo # Test mysqladmin connecting to a server with a certificate revoked by -crl
--replace_regex /.*mysqladmin.*:/mysqladmin:/
--error 1
--exec $MYSQLADMIN $ssl_crl $admin_suffix 2>&1

--echo # Test mysqladmin connecting to a server with a certificate revoked by -crlpath
--replace_regex /.*mysqladmin.*:/mysqladmin:/
--error 1
--exec $MYSQLADMIN $ssl_crlpath $admin_suffix 2>&1