mariadb/mariadb-cipherspec.patch

116 lines
5.7 KiB
Diff
Raw Normal View History

2013-01-10 17:35:12 +00:00
Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA,
which is no longer the case as of openssl 1.0.1.
This patch enhances connect command by an option to specify a cipher
and tests are adjusted to specify the expected cipher explicitly.
Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
2014-05-14 12:05:26 +00:00
diff -up --recursive mariadb-10.0.11.p6/client/mysqltest.cc mariadb-10.0.11/client/mysqltest.cc
--- mariadb-10.0.11.p6/client/mysqltest.cc 2014-05-14 13:48:57.021925254 +0200
+++ mariadb-10.0.11/client/mysqltest.cc 2014-05-14 13:55:20.192711847 +0200
@@ -5908,6 +5908,7 @@ void do_connect(struct st_command *comma
2013-01-10 17:35:12 +00:00
my_bool con_pipe= 0;
my_bool con_shm __attribute__ ((unused))= 0;
struct st_connection* con_slot;
+ char *con_cipher=NULL;
static DYNAMIC_STRING ds_connection_name;
static DYNAMIC_STRING ds_host;
2014-05-14 12:05:26 +00:00
@@ -5998,6 +5999,8 @@ void do_connect(struct st_command *comma
2013-01-10 17:35:12 +00:00
con_pipe= 1;
else if (length == 3 && !strncmp(con_options, "SHM", 3))
con_shm= 1;
+ else if (!strncmp(con_options, "CIPHER:", 7))
+ con_cipher = con_options + 7;
else
die("Illegal option to connect: %.*s",
(int) (end - con_options), con_options);
2014-05-14 12:05:26 +00:00
@@ -6047,8 +6050,11 @@ void do_connect(struct st_command *comma
2013-01-10 17:35:12 +00:00
if (con_ssl)
{
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
2014-04-07 19:07:33 +00:00
+ /* default cipher */
2013-01-10 17:35:12 +00:00
+ if (con_cipher == NULL && opt_ssl_cipher != NULL)
+ con_cipher = opt_ssl_cipher;
mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
- opt_ssl_capath, opt_ssl_cipher);
+ opt_ssl_capath, con_cipher);
2014-04-07 19:07:33 +00:00
mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
2013-01-10 17:35:12 +00:00
#if MYSQL_VERSION_ID >= 50000
2014-04-07 19:07:33 +00:00
diff -up --recursive mariadb-10.0.10.p6/mysql-test/t/openssl_1.test mariadb-10.0.10/mysql-test/t/openssl_1.test
--- mariadb-10.0.10.p6/mysql-test/t/openssl_1.test 2014-03-30 19:56:53.000000000 +0200
+++ mariadb-10.0.10/mysql-test/t/openssl_1.test 2014-04-07 17:58:49.924934666 +0200
2013-01-10 17:35:12 +00:00
@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@loca
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
-connect (con1,localhost,ssl_user1,,,,,SSL);
-connect (con2,localhost,ssl_user2,,,,,SSL);
-connect (con3,localhost,ssl_user3,,,,,SSL);
-connect (con4,localhost,ssl_user4,,,,,SSL);
+connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
-connect (con5,localhost,ssl_user5,,,,,SSL);
+connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
connection con1;
# Check ssl turned on
@@ -129,7 +129,7 @@ drop table t1;
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
--echo End of 5.0 tests
#
@@ -254,7 +254,7 @@ select 'is still running; no cipher requ
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
-connect(con1,localhost,bug42158,,,,,SSL);
+connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con1;
connection default;
2014-04-07 19:07:33 +00:00
diff -up --recursive mariadb-10.0.10.p6/mysql-test/t/ssl_compress.test mariadb-10.0.10/mysql-test/t/ssl_compress.test
--- mariadb-10.0.10.p6/mysql-test/t/ssl_compress.test 2014-03-30 19:56:35.000000000 +0200
+++ mariadb-10.0.10/mysql-test/t/ssl_compress.test 2014-04-07 18:00:39.199845919 +0200
2013-01-10 17:35:12 +00:00
@@ -8,7 +8,7 @@
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
-connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
+connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2014-04-07 19:07:33 +00:00
diff -up --recursive mariadb-10.0.10.p6/mysql-test/t/ssl.test mariadb-10.0.10/mysql-test/t/ssl.test
--- mariadb-10.0.10.p6/mysql-test/t/ssl.test 2014-03-30 19:56:36.000000000 +0200
+++ mariadb-10.0.10/mysql-test/t/ssl.test 2014-04-07 18:01:14.270854601 +0200
2013-01-10 17:35:12 +00:00
@@ -8,7 +8,7 @@
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
-connect (ssl_con,localhost,root,,,,,SSL);
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
2014-04-07 19:07:33 +00:00
diff -up --recursive mariadb-10.0.10.p6/mysql-test/t/ssl_8k_key.test mariadb-10.0.10/mysql-test/t/ssl_8k_key.test
--- mariadb-10.0.10.p6/mysql-test/t/ssl_8k_key.test 2014-03-30 19:56:36.000000000 +0200
+++ mariadb-10.0.10/mysql-test/t/ssl_8k_key.test 2014-04-07 17:59:31.586757044 +0200
@@ -5,7 +5,7 @@
#
# Bug#29784 YaSSL assertion failure when reading 8k key.
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
## This test file is for testing encrypted communication only, not other
## encryption routines that the SSL library happens to provide!