4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/auth_sec/r/openssl_cert_generation.result

191 lines
7.5 KiB
Plaintext
Raw Permalink Blame History

# Setup
call mtr.add_suppression("Failed to setup SSL");
call mtr.add_suppression("SSL error: SSL_CTX_set_default_verify_paths failed");
# Restart completed.
# Test 1 : System variable tests
# auto_generate_certs should be OFF.
select @@global.auto_generate_certs;
@@global.auto_generate_certs
0
# sha256_password_auto_generate_rsa_keys should be OFF.
select @@global.sha256_password_auto_generate_rsa_keys;
@@global.sha256_password_auto_generate_rsa_keys
0
set @@global.auto_generate_certs='OFF';
ERROR HY000: Variable 'auto_generate_certs' is a read only variable
set @@global.sha256_password_auto_generate_rsa_keys='OFF';
ERROR HY000: Variable 'sha256_password_auto_generate_rsa_keys' is a read only variable
# Test 2 : Restarting mysqld with :
# --auto_generate_certs=0
# --sha256_password_auto_generate_rsa_keys=0
# Restart completed.
# Search for : Skipping generation of SSL certificates as --auto_generate_certs is set to OFF.
Pattern "Skipping generation of SSL certificates as --auto_generate_certs is set to OFF" found
# Search completed.
# Search for : Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF.
Pattern "Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF" found
# Search completed.
# Ensure that certificate files are not there after server is started
# Ensure that server is not ssl enabled
# Ensure that sha connection is not possible in absence of certificates and keys
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
drop user wl7699_sha256;
# Test 3 : SSL certificates
# 3.1 : Restarting mysqld with : --auto-generate-certs=1
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
Pattern "Auto generated SSL certificates are placed in data directory." found
# Search completed.
# Search for SSL certificate and key files in Data directory.
# Search completed.
# Ensure that RSA files are not there in data directory
# Ensure that server is ssl enabled
Variable_name Value
Ssl_cipher SSL_CIPHER
# Test 4 : RSA key pair
# 4.1 : Restarting mysqld with :
# --sha256_password_auto_generate_rsa_keys=1
# Restart completed.
# Search for : Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory.
Pattern "Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory." found
# Search completed.
# Search for RSA key files in Data directory.
# Search completed.
# Ensure that server is not ssl enabled
# Test 5 : Skipping SSL Certificates/Key File Generation
# 5.1 : Restarting mysqld with :
# --auto_generate_certs=ON
# --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Generation of SSL ceritificates/key files and
# RSA key pair files is skipped.
# Search for : Messages related to skipped generation of SSL certificates and RSA key pair files.
Pattern "Skipping generation of SSL certificates as certificate files are present in data directory" found
Pattern "Skipping generation of RSA key pair" found
# Search completed.
# 5.2 : System variables
# auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
show variables like 'ssl%';
Variable_name Value
ssl_ca ca.pem
ssl_capath
ssl_cert server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_fips_mode OFF
ssl_key server-key.pem
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
show variables like 'sha256%';
Variable_name Value
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
# 5.3 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
# Should be able to connect to server using generated SSL certificates.
Variable_name Value
Ssl_cipher SSL_CIPHER
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
# Test 6 : SSL Certificates/Key File Generation and tests
# 6.1 : Restarting mysqld with :
# --auto_generate_certs=ON
# --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
Pattern "Auto generated SSL certificates are placed in data directory." found
# Search completed.
# Search for : Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory.
Pattern "Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory." found
# Search completed.
# 6.2 : System variables
# auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
show variables like 'ssl%';
Variable_name Value
ssl_ca ca.pem
ssl_capath
ssl_cert server-cert.pem
ssl_cipher
ssl_crl
ssl_crlpath
ssl_fips_mode OFF
ssl_key server-key.pem
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
show variables like 'sha256%';
Variable_name Value
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
# 6.3 : SSL connection
# Should be able to connect to server using generated SSL certificates.
Variable_name Value
Ssl_cipher SSL_CIPHER
# 6.4 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
# Should be able to connect to server using generated SSL certificates.
Variable_name Value
Ssl_cipher SSL_CIPHER
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
# Test 7 : SSL Certificates/Key File Generation and tests
# 7.1 : Restarting mysqld with :
# --skip-ssl
# --auto_generate_certs=ON
# --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Search for : Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory.
Pattern "Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory." found
# Search completed.
# 7.2 : System variables
# No ssl variables should be set
show variables like 'ssl%';
Variable_name Value
ssl_ca
ssl_capath
ssl_cert
ssl_cipher
ssl_crl
ssl_crlpath
ssl_fips_mode OFF
ssl_key
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
show variables like 'sha256%';
Variable_name Value
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
# 7.3 : SSL connection
# Should not be able to connect to server using generated SSL certificates.
# 7.4 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
# Should not be able to connect to server using generated SSL certificates.
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
#
# Bug#21108296 : --SSL-CIPHER OPTION CAUSES SSL INITIALIZATION FAILURE
#
# Restarting mysqld with :
# --auto_generate_certs=ON
# --ssl-cipher=DHE-RSA-AES256-SHA
# --skip-sha256_password_auto_generate_rsa_keys
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
Pattern "Auto generated SSL certificates are placed in data directory." found
# Search completed.
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
# Clean-up
Reference in New Issue View Git Blame Copy Permalink