4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/auth_sec/t/fips.test

173 lines
7.7 KiB
Plaintext
Raw Blame History

# Purpose : ssl fips mode support.
# Author : Yashwant Kumar sahu
#############################################################
# Want to skip this test from daily Valgrind execution
--source include/no_valgrind_without_big.inc
--source include/have_fips.inc
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--echo #
--echo # fips support.
--echo #
--disable_query_log
call mtr.add_suppression("Resizing redo log");
call mtr.add_suppression("Starting to delete and rewrite");
call mtr.add_suppression("New log files created");
--enable_query_log
# We let our server restart attempts write to the file $error_log.
let $error_log= $MYSQLTEST_VARDIR/log/my_restart.err;
perl;
my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/my_restart.err";
while (-e $filetodelete) {
unlink $filetodelete;
sleep 1;
}
EOF
let $MYSQLD_DATADIR= `SELECT @@datadir`;
let $MYSQL_SOCKET= `SELECT @@socket`;
let $MYSQL_PORT= `SELECT @@port`;
--echo ##Test: Default server fips mode.
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Set server fips mode: OFF.
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SET @@global.ssl_fips_mode = 'OFF';"
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Set server fips mode: ON.
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SET @@global.ssl_fips_mode = 'ON';"
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Set server fips mode: STRICT.
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SET @@global.ssl_fips_mode = 'STRICT';"
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Set server fips mode: INVALID.
--error 1
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SET @@global.ssl_fips_mode = 'INVALID';"
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo ##Test: Restart server and provide ssl-fips-mode at server startup:
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--ssl-fips-mode=OFF" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Restart server and provide ssl-fips-mode at server startup: ON
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--ssl-fips-mode=ON" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Restart server and provide ssl-fips-mode at server startup: ON with skip ssl
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--ssl-fips-mode=ON --skip-ssl" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Restart server and provide ssl-fips-mode at server startup: STRICT
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--ssl-fips-mode=STRICT" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--echo Server fips mode:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: Restart server and provide weak cipher CAMELLIA256-SHA
--echo client will only able to connect with only FIPS mode OFF
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--ssl-cipher=CAMELLIA256-SHA" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--exec $MYSQL --host=127.0.0.1 --ssl-cipher=CAMELLIA256-SHA -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--exec $MYSQL --host=127.0.0.1 --ssl-cipher=CAMELLIA256-SHA --ssl-fips-mode=OFF -P $MASTER_MYPORT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--error 1
--exec $MYSQL --host=127.0.0.1 --ssl-cipher=CAMELLIA256-SHA --ssl-fips-mode=ON -P $MASTER_MYPORT
--error 1
--exec $MYSQL --host=127.0.0.1 --ssl-cipher=CAMELLIA256-SHA --ssl-fips-mode=STRICT -P $MASTER_MYPORT
--exec $MYSQLADMIN --no-defaults --host=127.0.0.1 -P $MASTER_MYPORT --ssl-cipher=CAMELLIA256-SHA --ssl-fips-mode=OFF -u root ping 2>&1
--replace_regex /.*mysqladmin.*: connect/mysqladmin: connect/
--error 1
--exec $MYSQLADMIN --no-defaults --host=127.0.0.1 -P $MASTER_MYPORT --ssl-cipher=CAMELLIA256-SHA --ssl-fips-mode=ON -u root status 2>&1
--replace_regex /.*mysqladmin.*: connect/mysqladmin: connect/
--error 1
--exec $MYSQLADMIN --no-defaults --host=127.0.0.1 -P $MASTER_MYPORT --ssl-cipher=CAMELLIA256-SHA --ssl-fips-mode=STRICT -u root status 2>&1
--echo # restart server using restart default values
--echo Restart server.
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart: " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--echo ##Test: MySQL client, Set fips mode: Default
--exec $MYSQL --ssl-mode=REQUIRED --host=127.0.0.1 -P $MASTER_MYPORT --ssl-fips-mode=OFF -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: MySQL client, Set fips mode: OFF
--exec $MYSQL --ssl-mode=REQUIRED --host=127.0.0.1 -P $MASTER_MYPORT --ssl-fips-mode=OFF -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: MySQL client, Set fips mode: ON
--exec $MYSQL --ssl-mode=REQUIRED --host=127.0.0.1 -P $MASTER_MYPORT --ssl-fips-mode=ON -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: MySQL client, Set fips mode: STRICT
--exec $MYSQL --ssl-mode=REQUIRED --host=127.0.0.1 -P $MASTER_MYPORT --ssl-fips-mode=STRICT -e "SHOW VARIABLES LIKE 'ssl_fips%';"
--echo MD5 digest:
--exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "select md5(8);show warnings;"
--echo ##Test: MySQL client, Set fips mode: INVALID
--error 1
--exec $MYSQL --ssl-mode=REQUIRED --host=127.0.0.1 -P $MASTER_MYPORT --ssl-fips-mode=INVALID -e "SHOW VARIABLES LIKE 'ssl_fips%';"
Reference in New Issue View Git Blame Copy Permalink