4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/xengine_main/t/ssl_verify_identity.test

59 lines
4.7 KiB
Plaintext
Raw Blame History

# === Purpose ===
# This test verifies that while verifying the server certificates
# when ssl-mode=VERIFY_IDENTITY, the DNS/IPs provided in the Subject
# Alternative Names (which can be provided as an extension in X509)
# fields are also checked for apart from the Common Name in the subject.
# Applicable for openssl versions 1.0.2 and greater.
#
# === Related bugs and/or worklogs ===
# Bug #16211011 - SSL CERTIFICATE SUBJECT ALT NAMES WITH IPS NOT RESPECTED WITH ssl-mode=VERIFY_IDENTITY
#
# Note that these test cases are written keeping in mind that the openssl version used by the system will
# be 1.0.2+. For older versions of openssl, the test will be skipped.
--source include/have_openssl_binary.inc
--source include/have_openssl.inc
--source include/check_openssl_version.inc
--echo ### Trying to connect with ssl-mode as DISABLED. This should establish an unencrypted connection.
--exec $MYSQL --ssl-mode=DISABLED --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--echo ### Trying to connect with ssl-mode as REQUIRED. This should establish an encrypted connection.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --ssl-mode=REQUIRED --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--echo ### Trying to connect with ssl-mode as VERIFY_CA. This should establish an encrypted connection.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY. This should establish an encrypted connection.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY and hostname as nonexistent. This should fail.
--error 1
--exec $MYSQL --host=nonexistent --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
let SEARCH_FILE= $MYSQLTEST_VARDIR/tmp/bug24732452_stderr;
--echo #Search for the error in the file
--let SEARCH_PATTERN= ERROR 2005 \(HY000\): Unknown MySQL server host 'nonexistent'
--source include/search_pattern.inc
--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY and hostname as localhost. This should establish an encrypted connection as localhost is present in Alternative Subject Name in the certificate.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --host=localhost --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY and hostname as 127.0.0.1. This should establish an encrypted connection as localhost is present in Alternative Subject Name in the certificate.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --host=127.0.0.1 --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
#Cleanup
--remove_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--source suite/xengine/include/check_xengine_log_error.inc
Reference in New Issue View Git Blame Copy Permalink