| Current Path : /home/usr.opt/mysql57/mysql-test/suite/auth_sec/t/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //home/usr.opt/mysql57/mysql-test/suite/auth_sec/t/openssl_cert_generation.test |
--source include/no_valgrind_without_big.inc
--source include/not_embedded.inc
--source include/have_sha256_rsa_auth.inc
--source include/allowed_ciphers.inc
#-----------------------------------------------------------------------------
--echo # Setup
call mtr.add_suppression("Failed to setup SSL");
call mtr.add_suppression("SSL error: SSL_CTX_set_default_verify_paths failed");
# We let our server restart attempts write to the file $server_log.
let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err;
# $server_log has to be processed by include/search_pattern_in_file.inc which
# contains Perl code requiring that the environment variable SEARCH_FILE points
# to this file.
let SEARCH_FILE= $server_log;
# Stop the server and cleanup all .pem files.
let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--error 0, 1
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--exec echo "restart:--auto_generate_certs=0 --sha256_password_auto_generate_rsa_keys=0" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
#-----------------------------------------------------------------------------
--echo # Test 1 : System variable tests
--echo # auto_generate_certs should be OFF.
select @@global.auto_generate_certs;
--echo # sha256_password_auto_generate_rsa_keys should be OFF.
select @@global.sha256_password_auto_generate_rsa_keys;
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
set @@global.auto_generate_certs='OFF';
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
set @@global.sha256_password_auto_generate_rsa_keys='OFF';
#-----------------------------------------------------------------------------
--echo # Test 2 : Restarting mysqld with :
--echo # --auto_generate_certs=0
--echo # --sha256_password_auto_generate_rsa_keys=0
let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--exec echo "restart: --auto_generate_certs=0 --sha256_password_auto_generate_rsa_keys=0" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Search for : Skipping generation of SSL certificates as --auto_generate_certs is set to OFF.
let SEARCH_PATTERN= Skipping generation of SSL certificates as --auto_generate_certs is set to OFF;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # Search for : Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF.
let SEARCH_PATTERN= Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # Ensure that certificate files are not there after server is started
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--echo # Ensure that server is not ssl enabled
--error 1
--exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show variables like '%ssl%'"
--echo # Ensure that sha connection is not possible in absence of certificates and keys
connect (test_root_2,localhost,root,,,,,);
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
--error 1
--exec $MYSQL -uwl7699_sha256 -pabcd -e "show status like 'Ssl_cipher'"
drop user wl7699_sha256;
connection default;
disconnect test_root_2;
#-----------------------------------------------------------------------------
--echo # Test 3 : SSL certificates
--echo # 3.1 : Restarting mysqld with : --auto-generate-certs=1
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--exec echo "restart:--auto_generate_certs --skip-sha256_password_auto_generate_rsa_keys" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Search for : Auto generated SSL certificates are placed in data directory.
let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory.;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # Search for SSL certificate and key files in Data directory.
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--echo # Search completed.
--echo # Ensure that RSA files are not there in data directory
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--echo # Ensure that server is ssl enabled
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
#-----------------------------------------------------------------------------
--echo # Test 4 : RSA key pair
--echo # 4.1 : Restarting mysqld with :
--echo # --sha256_password_auto_generate_rsa_keys=1
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--exec echo "restart: --skip-ssl --skip-auto_generate_certs --sha256_password_auto_generate_rsa_keys" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Search for : Auto generated RSA key files are placed in data directory.
let SEARCH_PATTERN= Auto generated RSA key files are placed in data directory.;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # Search for RSA key files in Data directory.
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--echo # Search completed.
--echo # Ensure that server is not ssl enabled
--error 1
--exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
#-----------------------------------------------------------------------------
--echo # Test 5 : Skipping SSL Certificates/Key File Generation
--echo # 5.1 : Restarting mysqld with :
--echo # --auto_generate_certs=ON
--echo # --sha256_password_auto_generate_rsa_keys=ON
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--send_shutdown
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--exec echo "restart:--auto_generate_certs=1 --sha256_password_auto_generate_rsa_keys=1" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Generation of SSL ceritificates/key files and
--echo # RSA key pair files is skipped.
--echo # Search for : Messages related to skipped generation of SSL certificates and RSA key pair files.
let SEARCH_PATTERN= Skipping generation of SSL certificates as certificate files are present in data directory;
--source include/search_pattern_in_file.inc
let SEARCH_PATTERN= Skipping generation of RSA key pair as key files are present in data directory;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # 5.2 : System variables
connect (test_root_4,localhost,root,,,,,);
--echo # auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
show variables like 'ssl%';
--echo # sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
--echo # and sha256_password_public_key_path should be set.
show variables like 'sha256%';
--echo # 5.3 : SHA256_password user
connection test_root_4;
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
# Using SSL certificates
--echo # Should be able to connect to server using generated SSL certificates.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
# Using RSA key pair
--echo # Should be able to connect to server using RSA key pair.
--exec $MYSQL -uwl7699_sha256 -pabcd -e "select current_user()"
drop user wl7699_sha256;
connection default;
disconnect test_root_4;
#-----------------------------------------------------------------------------
--echo # Test 6 : SSL Certificates/Key File Generation and tests
--echo # 6.1 : Restarting mysqld with :
--echo # --auto_generate_certs=ON
--echo # --sha256_password_auto_generate_rsa_keys=ON
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--send_shutdown
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--exec echo "restart:--auto_generate_certs=ON --sha256_password_auto_generate_rsa_keys=ON" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Search for : Auto generated SSL certificates are placed in data directory.
let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory.;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # Search for : Auto generated RSA key files are placed in data directory.
let SEARCH_PATTERN= Auto generated RSA key files are placed in data directory.;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--echo # 6.2 : System variables
connect (test_root_6,localhost,root,,,,,);
--echo # auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
show variables like 'ssl%';
--echo # sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
--echo # and sha256_password_public_key_path should be set.
show variables like 'sha256%';
--echo # 6.3 : SSL connection
--echo # Should be able to connect to server using generated SSL certificates.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
--echo # 6.4 : SHA256_password user
connection test_root_6;
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
# Using SSL certificates
--echo # Should be able to connect to server using generated SSL certificates.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
# Using RSA key pair
--echo # Should be able to connect to server using RSA key pair.
--exec $MYSQL -uwl7699_sha256 -pabcd -e "select current_user()"
drop user wl7699_sha256;
connection default;
disconnect test_root_6;
#-----------------------------------------------------------------------------
--echo # Test 7 : SSL Certificates/Key File Generation and tests
--echo # 7.1 : Restarting mysqld with :
--echo # --skip-ssl
--echo # --auto_generate_certs=ON
--echo # --sha256_password_auto_generate_rsa_keys=ON
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--send_shutdown
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--exec echo "restart: --skip-ssl --auto_generate_certs=ON --sha256_password_auto_generate_rsa_keys=ON" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Search for : Auto generated RSA key files are placed in data directory.
let SEARCH_PATTERN= Auto generated RSA key files are placed in data directory.;
--source include/search_pattern_in_file.inc
--echo # Search completed.
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--error 1
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--echo # 7.2 : System variables
connect (test_root_7,localhost,root,,,,,);
--echo # No ssl variables should be set
show variables like 'ssl%';
--echo # sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
--echo # and sha256_password_public_key_path should be set.
show variables like 'sha256%';
--echo # 7.3 : SSL connection
--echo # Should not be able to connect to server using generated SSL certificates.
--error 1
--exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
--echo # 7.4 : SHA256_password user
connection test_root_7;
create user wl7699_sha256 identified with 'sha256_password';
grant usage on *.* to wl7699_sha256 identified by 'abcd';
# Using SSL certificates
--echo # Should not be able to connect to server using generated SSL certificates.
--error 1
--exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
# Using RSA key pair
--echo # Should be able to connect to server using RSA key pair.
--exec $MYSQL -uwl7699_sha256 -pabcd -e "select current_user()"
drop user wl7699_sha256;
connection default;
disconnect test_root_7;
#-----------------------------------------------------------------------------
--echo #
--echo # Bug#21108296 : --SSL-CIPHER OPTION CAUSES SSL INITIALIZATION FAILURE
--echo #
--echo # Restarting mysqld with :
--echo # --auto_generate_certs=ON
--echo # --ssl-cipher=DHE-RSA-AES256-SHA
--echo # --skip-sha256_password_auto_generate_rsa_keys
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--send_shutdown
--source include/wait_until_disconnected.inc
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
--exec echo "restart:--auto_generate_certs=ON --skip-sha256_password_auto_generate_rsa_keys --ssl-cipher=DHE-RSA-AES256-SHA" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--disable_reconnect
--echo # Restart completed.
--echo # Search for : Auto generated SSL certificates are placed in data directory.
let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory.;
--source include/search_pattern_in_file.inc
--echo # Search completed.
# Using SSL Certificates
--exec $MYSQL -uroot --ssl-mode=REQUIRED -e "SHOW STATUS LIKE 'Ssl_cipher'"
#-----------------------------------------------------------------------------
--echo # Clean-up
connection default;
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem
--remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
--disable_warnings
--source include/force_restart.inc
--enable_warnings
#-----------------------------------------------------------------------------