# Want to skip this test from daily Valgrind execution
--source include/no_valgrind_without_big.inc


# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--source include/allowed_ciphers.inc

--echo #
--echo # WL#8196 TLSv1.2 support
--echo #

--disable_query_log
call mtr.add_suppression("Failed to set up SSL because of");
call mtr.add_suppression("Plugin mysqlx reported: 'Failed at SSL configuration");
--enable_query_log

# We let our server restart attempts write to the file $error_log.
let $error_log= $MYSQLTEST_VARDIR/log/my_restart.err;

--error 0,1
--remove_file $error_log

let $MYSQLD_DATADIR= `SELECT @@datadir`;
let $MYSQL_SOCKET= `SELECT @@socket`;
let $MYSQL_PORT= `SELECT @@port`;

--echo #T1: Default TLS connection
--replace_result TLSv1.2 TLS_VERSION TLSv1.3 TLS_VERSION
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_version'"

--echo #T2: Default SSL cipher
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_cipher'"

--echo #T3: Setting TLS version TLSv1.2 from the client
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --tls-version=TLSv1.2 -e "SHOW STATUS like 'Ssl_version'"

--echo #T7: Setting invalid TLS version value from the client, it should give error.
--error 1
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --tls-version=TLS_INVALID_VERSION -e "SHOW STATUS like 'Ssl_version'"

--echo #T8: Cipher which is not in the cipher list but not restricted permanently
--error 1
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --tls-version=TLSv1.2 --ssl-cipher=CAMELLIA256-SHA -e "SHOW STATUS like 'Ssl_cipher'"

--echo #T9: Cipher which is not in the cipher list but not restricted permanently, setting the server cipher as well

--echo Restart server and provide ssl-cipher at server startup
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc

--exec echo "restart:--tls-version=TLSv1.2 --ssl-cipher=CAMELLIA256-SHA " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc

--exec $MYSQL -h 127.0.0.1 -P $MYSQL_PORT --tls-version=TLSv1.2 --ssl-cipher=CAMELLIA256-SHA -e "SHOW STATUS like 'Ssl_cipher'"

--echo #T10: Permanently restricted cipher, setting in the server as well
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc

--exec echo "restart:--tls-version=TLSv1.2 --ssl-cipher=DHE-DSS-DES-CBC3-SHA --tls-ciphersuites='' " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc

--echo Connection will be possible, but server will not be enabled with ssl and connection is not ssl-enabled
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT --tls-version=TLSv1.2 --ssl-cipher=DHE-DSS-DES-CBC3-SHA -e "SHOW STATUS like 'Ssl_cipher'"

--echo # restart server using restart
--echo Restart server and provide ssl-cipher at server startup
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc

--exec echo "restart: " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc