packages/mysql5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mysql5/mysql-5.7.27/mysql-test/suite/auth_sec/t/ssl_mode.test

117 lines
9.5 KiB
Plaintext
Raw Blame History

# Embedded server doesn't support external clients
--source include/not_embedded.inc
# Purpose : To check cases related to the client option -ssl-mode
# Author : Prabeen Pradhan
# Date : 29th Dec 2015
#############################################################
CREATE USER 'user1'@'%' require ssl;
grant all on *.* to 'user1'@'%' ;
--error 2
--exec $MYSQL_CHECK --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=DISABLED mysql user
--error 1
--exec $MYSQL_SHOW --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=DISABLED mysql user user
--error 1
--exec $MYSQL_SLAP --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=DISABLED --create-schema=mysql
# Verification of mysqlimport
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=REQUIRED -e "create table mysql.test(a int)"
--exec echo "" > $MYSQL_TMP_DIR/test.txt
--error 1
--exec $MYSQL_IMPORT --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=DISABLED --local mysql $MYSQL_TMP_DIR/test.txt
--echo # Testing of all clients with ssl mode PREFERRED
--exec $MYSQL_CHECK --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=PREFERRED mysql user
--exec $MYSQL_SHOW --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=PREFERRED mysql user user
--exec $MYSQL_SLAP --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=PREFERRED --create-schema=mysql > $MYSQL_TMP_DIR/mysql_slap_output.txt
# Verification of mysqlimport
--exec $MYSQL_IMPORT --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=PREFERRED --local mysql $MYSQL_TMP_DIR/test.txt
--echo # Testing of all clients with ssl mode REQUIRED
--exec $MYSQL_CHECK --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=REQUIRED mysql user
--exec $MYSQL_SHOW --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=REQUIRED mysql user user
--exec $MYSQL_SLAP --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=REQUIRED --create-schema=mysql > $MYSQL_TMP_DIR/mysql_slap_output.txt
# Verification of mysqlimport
--exec $MYSQL_IMPORT --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=REQUIRED --local mysql $MYSQL_TMP_DIR/test.txt
--echo # Testing of all clients with ssl mode VERIFY_CA
--exec $MYSQL_CHECK --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem mysql user
--exec $MYSQL_SHOW --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem mysql user user
--exec $MYSQL_SLAP --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --create-schema=mysql > $MYSQL_TMP_DIR/mysql_slap_output.txt
# Verification of mysqlimport
--exec $MYSQL_IMPORT --host=127.0.0.1 -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --local mysql $MYSQL_TMP_DIR/test.txt
--echo # Testing of all clients with ssl mode VERIFY_IDENTITY
--exec $MYSQL_CHECK --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem mysql user
--exec $MYSQL_SHOW --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem mysql user user
--exec $MYSQL_SLAP --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --create-schema=mysql > $MYSQL_TMP_DIR/mysql_slap_output.txt
# Verification of mysqlimport
--exec $MYSQL_IMPORT --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --local mysql $MYSQL_TMP_DIR/test.txt
--echo # Tests related to deprecation of ssl options
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--error 1
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --skip-ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=VERIFY_IDENTITY --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--echo # Tests related to invalid option of --ssl-mode
--error 1
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=user1 --ssl-mode=HelloWorld --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--echo # Tests related to valid values of --ssl-mode
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=DISABLED --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --user=root --ssl-mode=PREFERRED --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--error 1
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert1.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--error 1
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=VERIFY_CA --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--echo # Check behavior when --ssl-mode is not passed explicitly
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --user=root --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--echo # Check behavior when multiple times --ssl-mode is passed
--exec $MYSQL --host=localhost -P $MASTER_MYPORT --user=root --ssl-mode=REQUIRED --ssl-mode=DISABLEd --ssl-mode=REQUireD --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_cipher'"
--echo # Check the legacy options
--exec $MYSQL --user=root --ssl-cipher=DHE-RSA-AES256-SHA --ssl-mode=REQUIRED --ssl=0 -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--exec $MYSQL --user=user1 --ssl-cipher=DHE-RSA-AES256-SHA --ssl-mode=DISABLED --ssl=1 -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--error 1
--exec $MYSQL --user=user1 --ssl-cipher=DHE-RSA-AES256-SHA --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert1.pem --ssl=1 -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--exec $MYSQL --user=user1 --ssl-cipher=DHE-RSA-AES256-SHA --ssl-mode=REQUIRED --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert1.pem --ssl-verify_server_cert=0 -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--error 1
--exec $MYSQL --user=root --ssl-cipher=DHE-RSA-AES256-SHA --ssl-mode=REQUIRED --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert1.pem --ssl-verify_server_cert=1 -e "SHOW STATUS LIKE 'ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
--echo # Cleanup
DROP USER 'user1'@'%';
DROP TABLE mysql.test;
--remove_file $MYSQL_TMP_DIR/mysql_slap_output.txt
--remove_file $MYSQL_TMP_DIR/test.txt
--remove_file $MYSQLTEST_VARDIR/tmp/ssl_options_stderr
--remove_file $MYSQLTEST_VARDIR/tmp/legacy_options_stderr
Reference in New Issue View Git Blame Copy Permalink