| Current Path : /home/usr.opt/mysql57/mysql-test/suite/auth_sec/r/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //home/usr.opt/mysql57/mysql-test/suite/auth_sec/r/openssl_cert_generation.result |
# Setup
call mtr.add_suppression("Failed to setup SSL");
call mtr.add_suppression("SSL error: SSL_CTX_set_default_verify_paths failed");
# Restart completed.
# Test 1 : System variable tests
# auto_generate_certs should be OFF.
select @@global.auto_generate_certs;
@@global.auto_generate_certs
0
# sha256_password_auto_generate_rsa_keys should be OFF.
select @@global.sha256_password_auto_generate_rsa_keys;
@@global.sha256_password_auto_generate_rsa_keys
0
set @@global.auto_generate_certs='OFF';
ERROR HY000: Variable 'auto_generate_certs' is a read only variable
set @@global.sha256_password_auto_generate_rsa_keys='OFF';
ERROR HY000: Variable 'sha256_password_auto_generate_rsa_keys' is a read only variable
# Test 2 : Restarting mysqld with :
# --auto_generate_certs=0
# --sha256_password_auto_generate_rsa_keys=0
# Restart completed.
# Search for : Skipping generation of SSL certificates as --auto_generate_certs is set to OFF.
# Search completed.
# Search for : Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF.
# Search completed.
# Ensure that certificate files are not there after server is started
# Ensure that server is not ssl enabled
# Ensure that sha connection is not possible in absence of certificates and keys
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
Warnings:
Warning 1287 Using GRANT statement to modify existing user's properties other than privileges is deprecated and will be removed in future release. Use ALTER USER statement for this operation.
drop user wl7699_sha256;
# Test 3 : SSL certificates
# 3.1 : Restarting mysqld with : --auto-generate-certs=1
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
# Search completed.
# Search for SSL certificate and key files in Data directory.
# Search completed.
# Ensure that RSA files are not there in data directory
# Ensure that server is ssl enabled
Variable_name Value
Ssl_cipher SSL_CIPHER
# Test 4 : RSA key pair
# 4.1 : Restarting mysqld with :
# --sha256_password_auto_generate_rsa_keys=1
# Restart completed.
# Search for : Auto generated RSA key files are placed in data directory.
# Search completed.
# Search for RSA key files in Data directory.
# Search completed.
# Ensure that server is not ssl enabled
# Test 5 : Skipping SSL Certificates/Key File Generation
# 5.1 : Restarting mysqld with :
# --auto_generate_certs=ON
# --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Generation of SSL ceritificates/key files and
# RSA key pair files is skipped.
# Search for : Messages related to skipped generation of SSL certificates and RSA key pair files.
# Search completed.
# 5.2 : System variables
# auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
show variables like 'ssl%';
Variable_name Value
ssl_ca ca.pem
ssl_capath
ssl_cert server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_key server-key.pem
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
show variables like 'sha256%';
Variable_name Value
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
# 5.3 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
Warnings:
Warning 1287 Using GRANT statement to modify existing user's properties other than privileges is deprecated and will be removed in future release. Use ALTER USER statement for this operation.
# Should be able to connect to server using generated SSL certificates.
Variable_name Value
Ssl_cipher SSL_CIPHER
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
# Test 6 : SSL Certificates/Key File Generation and tests
# 6.1 : Restarting mysqld with :
# --auto_generate_certs=ON
# --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
# Search completed.
# Search for : Auto generated RSA key files are placed in data directory.
# Search completed.
# 6.2 : System variables
# auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
show variables like 'ssl%';
Variable_name Value
ssl_ca ca.pem
ssl_capath
ssl_cert server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_key server-key.pem
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
show variables like 'sha256%';
Variable_name Value
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
# 6.3 : SSL connection
# Should be able to connect to server using generated SSL certificates.
Variable_name Value
Ssl_cipher SSL_CIPHER
# 6.4 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
Warnings:
Warning 1287 Using GRANT statement to modify existing user's properties other than privileges is deprecated and will be removed in future release. Use ALTER USER statement for this operation.
# Should be able to connect to server using generated SSL certificates.
Variable_name Value
Ssl_cipher SSL_CIPHER
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
# Test 7 : SSL Certificates/Key File Generation and tests
# 7.1 : Restarting mysqld with :
# --skip-ssl
# --auto_generate_certs=ON
# --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Search for : Auto generated RSA key files are placed in data directory.
# Search completed.
# 7.2 : System variables
# No ssl variables should be set
show variables like 'ssl%';
Variable_name Value
ssl_ca
ssl_capath
ssl_cert
ssl_cipher
ssl_crl
ssl_crlpath
ssl_key
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
show variables like 'sha256%';
Variable_name Value
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
# 7.3 : SSL connection
# Should not be able to connect to server using generated SSL certificates.
# 7.4 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
Warnings:
Warning 1287 Using GRANT statement to modify existing user's properties other than privileges is deprecated and will be removed in future release. Use ALTER USER statement for this operation.
# Should not be able to connect to server using generated SSL certificates.
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
#
# Bug#21108296 : --SSL-CIPHER OPTION CAUSES SSL INITIALIZATION FAILURE
#
# Restarting mysqld with :
# --auto_generate_certs=ON
# --ssl-cipher=DHE-RSA-AES256-SHA
# --skip-sha256_password_auto_generate_rsa_keys
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
# Search completed.
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
# Clean-up