--source include/have_fips.inc

--echo # Few positive cases
SET GLOBAL ssl_fips_mode=0;
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode=1;
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode=2;
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode=off;
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode=on;
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode=strict;
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode='oFf';
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode='oN';
SELECT @@GLOBAL.ssl_fips_mode;

SET GLOBAL ssl_fips_mode='Strict';
SELECT @@GLOBAL.ssl_fips_mode;

--echo # Few negative cases
--Error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL ssl_fips_mode='';

--Error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL ssl_fips_mode=3;

--Error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL ssl_fips_mode=-1;

--Error ER_GLOBAL_VARIABLE
SET SESSION ssl_fips_mode=1;

CREATE USER u1 IDENTIFIED BY 'pwd';

--echo ##Test: User without admin/super privilege
connect(con1,localhost,u1,pwd,test,,,);
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SET GLOBAL ssl_fips_mode=ON;

connection default;

--echo ##Test: User with admin privilege
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO u1;
disconnect con1;
connect(con1,localhost,u1,pwd,test,,,);
SET GLOBAL ssl_fips_mode=ON;
connection default;
REVOKE SYSTEM_VARIABLES_ADMIN ON *.* FROM u1;

--echo ##Test: User with SUPER privilege
GRANT SUPER ON *.* TO u1;
disconnect con1;
connect(con1,localhost,u1,pwd,test,,,);
SET GLOBAL ssl_fips_mode=ON;

--echo CLEANUP
disconnect con1;
connection default;
SET GLOBAL ssl_fips_mode=OFF;
DROP USER u1;