From 39de317fb5cea2cd2d233f7088d02fa10a8a911f Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Fri, 15 Jul 2016 10:49:28 +0200 Subject: [PATCH] Fix ssl tests and run them separately --- mariadb-ssltest.patch | 89 ------------------------------ mariadb-ssltests-replace.patch | 98 ++++++++++++++++++++++++++++++++++ mariadb.spec | 6 +++ 3 files changed, 104 insertions(+), 89 deletions(-) delete mode 100644 mariadb-ssltest.patch create mode 100644 mariadb-ssltests-replace.patch diff --git a/mariadb-ssltest.patch b/mariadb-ssltest.patch deleted file mode 100644 index bb41fd1..0000000 --- a/mariadb-ssltest.patch +++ /dev/null @@ -1,89 +0,0 @@ -DHE-RSA-AES256-GCM-SHA384 is not what we get in Fedora openssl, so we need -to replace a different cipher. - -diff -up mariadb-10.0.18/mysql-test/t/openssl_1.test.ssltest mariadb-10.0.18/mysql-test/t/openssl_1.test ---- mariadb-10.0.18/mysql-test/t/openssl_1.test.ssltest 2015-05-08 07:26:43.836965643 +0200 -+++ mariadb-10.0.18/mysql-test/t/openssl_1.test 2015-05-08 07:28:16.144215861 +0200 -@@ -132,7 +132,7 @@ drop table t1; - # verification of servers certificate by setting both ca certificate - # and ca path to NULL - # ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 - --echo End of 5.0 tests - -@@ -257,7 +257,7 @@ select 'is still running; no cipher requ - GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; - FLUSH PRIVILEGES; - connect(con1,localhost,bug42158,,,,,SSL); ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - SHOW STATUS LIKE 'Ssl_cipher'; - disconnect con1; - connection default; -diff -up mariadb-10.0.18/mysql-test/t/ssl_timeout.test.ssltest mariadb-10.0.18/mysql-test/t/ssl_timeout.test ---- mariadb-10.0.18/mysql-test/t/ssl_timeout.test.ssltest 2015-05-08 07:22:24.504341009 +0200 -+++ mariadb-10.0.18/mysql-test/t/ssl_timeout.test 2015-05-08 07:26:04.192885581 +0200 -@@ -7,7 +7,7 @@ - connect (ssl_con,localhost,root,,,,,SSL read_timeout=5); - - --echo # Check ssl turned on ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - SHOW STATUS LIKE 'Ssl_cipher'; - - # --error CR_SERVER_LOST -diff -rup mysql-test-orig/t/ssl_8k_key.test mysql-test/t/ssl_8k_key.test ---- mariadb-10.0.20/mysql-test-orig/t/ssl_8k_key.test 2015-06-23 22:19:52.926707552 -0400 -+++ mariadb-10.0.20/mysql-test/t/ssl_8k_key.test 2015-06-23 22:24:28.304261714 -0400 -@@ -5,6 +5,7 @@ - # - # Bug#29784 YaSSL assertion failure when reading 8k key. - # -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 - - ## This test file is for testing encrypted communication only, not other -diff -rup mysql-test-orig/t/ssl_compress.test mysql-test/t/ssl_compress.test ---- mariadb-10.0.20/mysql-test-orig/t/ssl_compress.test 2015-06-23 22:19:52.912707611 -0400 -+++ mariadb-10.0.20/mysql-test/t/ssl_compress.test 2015-06-23 22:22:38.760221667 -0400 -@@ -11,7 +11,7 @@ - connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS); - - # Check ssl turned on ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - SHOW STATUS LIKE 'Ssl_cipher'; - - # Check compression turned on -@@ -21,7 +21,7 @@ SHOW STATUS LIKE 'Compression'; - -- source include/common-tests.inc - - # Check ssl turned on ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - SHOW STATUS LIKE 'Ssl_cipher'; - - # Check compression turned on -diff -rup mysql-test-orig/t/ssl.test mysql-test/t/ssl.test ---- mariadb-10.0.20/mysql-test-orig/t/ssl.test 2015-06-23 22:19:52.902707654 -0400 -+++ mariadb-10.0.20/mysql-test/t/ssl.test 2015-06-23 22:25:26.153282864 -0400 -@@ -11,7 +11,7 @@ - connect (ssl_con,localhost,root,,,,,SSL); - - # Check ssl turned on ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - SHOW STATUS LIKE 'Ssl_cipher'; - - # Check ssl expiration -@@ -22,7 +22,7 @@ SHOW STATUS LIKE 'Ssl_server_not_after'; - -- source include/common-tests.inc - - # Check ssl turned on ----replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA -+--replace_result AES128-GCM-SHA256 DHE-RSA-AES256-SHA - SHOW STATUS LIKE 'Ssl_cipher'; - - # diff --git a/mariadb-ssltests-replace.patch b/mariadb-ssltests-replace.patch new file mode 100644 index 0000000..084c14b --- /dev/null +++ b/mariadb-ssltests-replace.patch @@ -0,0 +1,98 @@ +diff -up mariadb-10.1.14/mysql-test/t/openssl_1.test.sslnew mariadb-10.1.14/mysql-test/t/openssl_1.test +--- mariadb-10.1.14/mysql-test/t/openssl_1.test.sslnew 2016-07-15 08:24:17.393378642 +0200 ++++ mariadb-10.1.14/mysql-test/t/openssl_1.test 2016-07-15 08:28:00.918177536 +0200 +@@ -134,7 +134,7 @@ drop table t1; + # verification of servers certificate by setting both ca certificate + # and ca path to NULL + # +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 + --echo End of 5.0 tests + +@@ -259,7 +259,7 @@ select 'is still running; no cipher requ + GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; + FLUSH PRIVILEGES; + connect(con1,localhost,bug42158,,,,,SSL); +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + disconnect con1; + connection default; +diff -up mariadb-10.1.14/mysql-test/t/ssl_compress.test.sslnew mariadb-10.1.14/mysql-test/t/ssl_compress.test +--- mariadb-10.1.14/mysql-test/t/ssl_compress.test.sslnew 2016-07-15 08:24:17.395378649 +0200 ++++ mariadb-10.1.14/mysql-test/t/ssl_compress.test 2016-07-15 08:29:53.924562035 +0200 +@@ -11,7 +11,7 @@ + connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS); + + # Check ssl turned on +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + + # Check compression turned on +@@ -21,7 +21,7 @@ SHOW STATUS LIKE 'Compression'; + -- source include/common-tests.inc + + # Check ssl turned on +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + + # Check compression turned on +diff -up mariadb-10.1.14/mysql-test/t/ssl.test.sslnew mariadb-10.1.14/mysql-test/t/ssl.test +--- mariadb-10.1.14/mysql-test/t/ssl.test.sslnew 2016-07-15 08:24:17.397378656 +0200 ++++ mariadb-10.1.14/mysql-test/t/ssl.test 2016-07-15 08:29:06.339400129 +0200 +@@ -11,7 +11,7 @@ + connect (ssl_con,localhost,root,,,,,SSL); + + # Check ssl turned on +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + + # Check ssl expiration +@@ -22,7 +22,7 @@ SHOW STATUS LIKE 'Ssl_server_not_after'; + -- source include/common-tests.inc + + # Check ssl turned on +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + + # +diff -up mariadb-10.1.14/mysql-test/t/ssl_timeout.test.sslnew mariadb-10.1.14/mysql-test/t/ssl_timeout.test +--- mariadb-10.1.14/mysql-test/t/ssl_timeout.test.sslnew 2016-07-15 08:24:17.398378660 +0200 ++++ mariadb-10.1.14/mysql-test/t/ssl_timeout.test 2016-07-15 08:28:51.920351068 +0200 +@@ -7,7 +7,7 @@ + connect (ssl_con,localhost,root,,,,,SSL read_timeout=5); + + --echo # Check ssl turned on +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + + # --error CR_SERVER_LOST +diff -up mariadb-10.1.14/mysql-test/t/userstat.test.sslnew mariadb-10.1.14/mysql-test/t/userstat.test +--- mariadb-10.1.14/mysql-test/t/userstat.test.sslnew 2016-07-15 08:24:17.399378663 +0200 ++++ mariadb-10.1.14/mysql-test/t/userstat.test 2016-07-15 08:28:40.693312869 +0200 +@@ -35,7 +35,7 @@ drop table t1; + + # test SSL connections + --connect (ssl_con,localhost,root,,,,,SSL) +---replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + SHOW STATUS LIKE 'Ssl_cipher'; + --connection default + +diff -up mariadb-10.1.14/mysql-test/t/ssl_8k_key.test.newsslfix mariadb-10.1.14/mysql-test/t/ssl_8k_key.test +--- mariadb-10.1.14/mysql-test/t/ssl_8k_key.test.newsslfix 2016-07-15 10:45:15.158140490 +0200 ++++ mariadb-10.1.14/mysql-test/t/ssl_8k_key.test 2016-07-15 10:37:13.886657684 +0200 +@@ -5,6 +5,7 @@ + # + # Bug#29784 YaSSL assertion failure when reading 8k key. + # ++--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-SHA AES256-GCM-SHA384 DHE-RSA-AES256-SHA + --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 + + ## This test file is for testing encrypted communication only, not other diff --git a/mariadb.spec b/mariadb.spec index 10079dd..ba39775 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -173,6 +173,7 @@ Patch12: %{pkgnamepatch}-admincrash.patch Patch30: %{pkgnamepatch}-errno.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32: %{pkgnamepatch}-basedir.patch +Patch33: %{pkgnamepatch}-ssltests-replace.patch Patch34: %{pkgnamepatch}-covscan-stroverflow.patch Patch37: %{pkgnamepatch}-notestdb.patch @@ -562,6 +563,7 @@ MariaDB is a community developed branch of MySQL. %patch30 -p1 %patch31 -p1 %patch32 -p1 +%patch33 -p1 %patch34 -p1 %patch37 -p1 %patch40 -p1 @@ -938,6 +940,10 @@ export MTR_BUILD_THREAD=%{__isa_bits} || : %else --skip-test-list=rh-skipped-tests.list + + # from unknown reasons ssl tests fail when run as part of whole + # test-suite, but pass when running separately, so do it: + perl ./mysql-test-run.pl --ssl --do-test=ssl %endif # cmake build scripts will install the var cruft if left alone :-( rm -rf var