database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

TLS/SSL changes (major rework)

Browse Source 
Peer certificate validation:

Since version 3.4 peer certificate verification is enabled by default.
It can be disabled via `mysql_optionsv`, using option
MYSQL_OPT_SSL_VERIFY_SERVER_CERT:

    my_bool verify= 0;
    mysql_options(mariadb, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);

Self signed certificates

If the client obtained a self signed peer certificate from MariaDB server
the verification will fail, with the following exceptions:

* If the connection between client and server is considered to be secure:, e.g.
  * a unix_socket is used for client server communication
  * hostname is localhost (Windows operating system), 127.0.0.1 or ::1
* a specified fingerprint matches the fingerprint of the peer certificate (see below)
* a client can verify the certificate using account password, it's possible if
  * account has a password
  * authentication plugin is "secure without TLS", that is, one of
    mysql_native_password, ed25519 or parsec.

Fingerprint verification of the peer certificate

A fingerprint is a cryptographic hash (SHA-256, SHA-384 or SHA-512) of the peer
certificate's binary data. Even if the fingerprint matches, an expired or
revoked certificate will not be accepted.

For security reasons support for MD5 and SHA1 has been removed.

Technical details:
==================

- Peer certificate verification call was removed from ma_tls_connect, instead it
  will be called directly after the handshake succeeded (my_auth.c)

- mysql->net.tls_self_signed_error was replaced by mysql->net.tls_verify_status which
  contains the result of the peer certfificate verification:

  The verification status can be obtained with mariadb_get_infov using new parameter
  MARIADB_TLS_VERIFY_STATUS.

  unsigned int tls_verify_status;
  mariadb_get_infov(mysql, MARIADB_TLS_VERIFY_STATUS, &tls_verify_status);

  The result is a combination of the following flags:

  MARIADB_TLS_VERIFY_OK                  0
  MARIADB_TLS_VERIFY_TRUST               1
  MARIADB_TLS_VERIFY_HOST                2
  MARIADB_TLS_VERIFY_PERIOD              4
  MARIADB_TLS_VERIFY_FINGERPRINT         8
  MARIADB_TLS_VERIFY_REVOKED            16
  MARIADB_TLS_VERIFY_UNKNOWN            32

- GnuTLS peer certificate verification callback was removed and replaced by
  gnutls_verify_peers2() api function, so the peer certificate validation
  will happen after handshake.

- OpenSSL implementation will no longer use SSL_verify_result to check the
  validity of the peer certificate. Instead a callback function will be called
  during the handshake, which collects all certificate validation errors.

- If the peer certificate is not trusted, hostname verification will be
  skipped.

- Testing
  Added new test tls, which implements a python based dummy server, which allows
  to set different certificates and TLS options. Please note. that tests are
  expected to fail, since the server doesn't support further steps like user
  authentication etc. after the handshake. Prerequisite for running the tls test
  is Python3.
This commit is contained in:
Georg Richter
2024-07-16 13:12:26 +02:00
parent 5386f1a3f2
commit 1287c901dc
33 changed files with 1950 additions and 431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
unittest/libmariadb/CMakeLists.txt
View File

@@ -19,6 +19,7 @@ ENDIF()
ENABLE_TESTING()
find_package (Python3 COMPONENTS Interpreter)
INCLUDE_DIRECTORIES(${CC_SOURCE_DIR}/include
${CC_BINARY_DIR}/include
@@ -26,6 +27,7 @@ INCLUDE_DIRECTORIES(${CC_SOURCE_DIR}/include
${CC_SOURCE_DIR}/unittest/libmariadb)
ADD_DEFINITIONS(-DLIBMARIADB)
SET(API_TESTS "conc336" "bulk1" "performance" "basic-t" "fetch" "charset" "logs" "cursor" "errors" "view" "ps" "ps_bugs" "sp" "result" "connection" "misc" "ps_new" "thread" "features-10_2")
IF(WITH_DYNCOL)
SET(API_TESTS ${API_TESTS} "dyncol")
@@ -50,6 +52,15 @@ ENDIF()
ADD_LIBRARY(ma_getopt ma_getopt.c)
IF(${Python3_FOUND})
CONFIGURE_FILE(${CC_SOURCE_DIR}/unittest/libmariadb/tls.c.in
${CC_BINARY_DIR}/unittest/libmariadb/tls.c)
ADD_EXECUTABLE(tls ${CC_BINARY_DIR}/unittest/libmariadb/tls.c)
TARGET_LINK_LIBRARIES(tls cctap ma_getopt mariadbclient)
ADD_TEST(tls ${EXECUTABLE_OUTPUT_PATH}/tls)
ENDIF()
FOREACH(API_TEST ${API_TESTS})
IF (NOT TARGET ${API_TEST})
ADD_EXECUTABLE(${API_TEST} ${API_TEST}.c)
@@ -63,7 +74,17 @@ FOREACH(API_TEST ${API_TESTS})
ENDIF()
ENDFOREACH(API_TEST)
FOREACH(API_TEST ${MANUAL_TESTS})
ADD_EXECUTABLE(${API_TEST} ${API_TEST}.c)
TARGET_LINK_LIBRARIES(${API_TEST} cctap ma_getopt mariadbclient)
ENDFOREACH()
SET(ADDITIONAL_FILES "tls_server.py" "certs/server-cert.pem"
"certs/server-cert.crl" "certs/server-key.pem" "certs/cacert.pem")
FOREACH(FILE ${ADDITIONAL_FILES})
CONFIGURE_FILE(${CC_SOURCE_DIR}/unittest/libmariadb/${FILE}
${CC_BINARY_DIR}/unittest/libmariadb/${FILE}
COPYONLY)
ENDFOREACH()

20
unittest/libmariadb/basic-t.c
View File

@@ -44,7 +44,7 @@ static int test_conc75(MYSQL *my)
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_OPT_RECONNECT, &reconnect);
my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0| CLIENT_MULTI_RESULTS | CLIENT_REMEMBER_OPTIONS);
my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0| CLIENT_MULTI_RESULTS | CLIENT_REMEMBER_OPTIONS, 1);
rc= mysql_query(mysql, "DROP TABLE IF EXISTS a");
check_mysql_rc(rc, mysql);
@@ -85,7 +85,7 @@ static int test_conc74(MYSQL *unused __attribute__((unused)))
mysql= mysql_init(NULL);
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0| CLIENT_MULTI_RESULTS | CLIENT_REMEMBER_OPTIONS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0| CLIENT_MULTI_RESULTS | CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -128,7 +128,7 @@ static int test_conc71(MYSQL *my)
mysql_options(mysql, MYSQL_INIT_COMMAND, "/*!40101 set @@session.wait_timeout=28800 */");
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
diag("kill server");
@@ -161,7 +161,7 @@ static int test_conc70(MYSQL *my)
mysql_options(mysql, MYSQL_OPT_COMPRESS, (void *)1);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1");
check_mysql_rc(rc, mysql);
@@ -223,7 +223,7 @@ static int test_conc68(MYSQL *my)
mysql_query(my, "SET global max_allowed_packet=1024*1024*22");
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1");
check_mysql_rc(rc, mysql);
@@ -274,7 +274,7 @@ static int basic_connect(MYSQL *unused __attribute__((unused)))
FAIL_IF(!my, "mysql_init() failed");
FAIL_IF(!my_test_connect(my, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
rc= mysql_query(my, "SELECT @@version");
check_mysql_rc(rc, my);
@@ -671,7 +671,7 @@ static int test_status(MYSQL *mysql)
static int bug_conc1(MYSQL *mysql)
{
my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
port, socketname, 0, 1);
diag("errno: %d", mysql_errno(mysql));
FAIL_IF(mysql_errno(mysql) != CR_ALREADY_CONNECTED,
"Expected errno=CR_ALREADY_CONNECTED");
@@ -688,7 +688,7 @@ static int test_options_initcmd(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_INIT_COMMAND, "INSERT INTO t1 VALUES (1),(2),(3)");
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname,
CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS), mysql_error(mysql));
CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS, 1), mysql_error(mysql));
rc= mysql_query(mysql, "SELECT a FROM t1");
check_mysql_rc(rc, mysql);
@@ -734,7 +734,7 @@ static int test_reconnect_maxpackage(MYSQL *unused __attribute__((unused)))
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname,
CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS), mysql_error(mysql));
CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS, 1), mysql_error(mysql));
mysql_options(mysql, MYSQL_OPT_RECONNECT, &reconnect);
rc= mysql_query(mysql, "SELECT @@max_allowed_packet");
@@ -792,7 +792,7 @@ static int test_compressed(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_OPT_COMPRESS, (void *)1);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname,
CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS), mysql_error(mysql));
CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS, 1), mysql_error(mysql));
mysql_options(mysql, MYSQL_OPT_RECONNECT, &reconnect);
rc= mysql_query(mysql, "SHOW VARIABLES");

6
unittest/libmariadb/bulk1.c
View File

@@ -1106,7 +1106,7 @@ static int bulk_with_unit_result_insert(MYSQL *my)
stmt= mysql_stmt_init(mysql);
mysql_options(mysql, MARIADB_OPT_BULK_UNIT_RESULTS, &unique_result);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql));
port, socketname, 0, 1), mysql_error(mysql));
mysql_get_option(mysql, MARIADB_OPT_BULK_UNIT_RESULTS, &bool_val);
FAIL_UNLESS(bool_val, "bool_val != true");
@@ -1223,7 +1223,7 @@ static int bulk_with_unit_result_delete(MYSQL *my)
stmt= mysql_stmt_init(mysql);
mysql_options(mysql, MARIADB_OPT_BULK_UNIT_RESULTS, &unique_result);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql));
port, socketname, 0, 1), mysql_error(mysql));
if (!bulk_enabled)
return SKIP;
@@ -1331,7 +1331,7 @@ static int bulk_with_unit_result_update(MYSQL *my)
mysql_options(mysql, MARIADB_OPT_BULK_UNIT_RESULTS, &unique_result);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql));
port, socketname, 0, 1), mysql_error(mysql));
if (!bulk_enabled)
return SKIP;

121
unittest/libmariadb/certs/cacert.pem Executable file
View File

@@ -0,0 +1,121 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:81:fd:b9:82:69:e0:46:8d:99:ed:d0:95:4b:d3:d6:62:8a:69:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB
Validity
Not Before: Mar 3 03:03:03 2020 GMT
Not After : Feb 27 03:03:03 2040 GMT
Subject: CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bc:72:01:10:68:c1:df:fa:d1:77:55:7c:09:13:
19:51:41:cd:ed:4f:51:43:22:e7:97:0e:94:fc:0d:
1d:a9:c6:f3:17:79:31:6f:12:7a:9b:7f:87:e2:55:
16:d5:a4:dd:6a:d3:5e:4f:e2:e0:bc:c4:9f:c5:95:
1a:47:13:a5:cd:6d:f3:76:e2:9a:12:31:76:e4:f1:
01:94:37:45:10:32:18:9e:cc:d8:7f:04:ca:18:97:
bf:22:2e:51:ba:73:6f:46:50:36:fe:df:82:4c:8a:
9e:34:be:44:f4:12:61:72:18:b3:81:b5:d9:b2:69:
8f:7d:f4:8b:41:62:34:59:71:f7:e4:26:a6:cf:55:
4d:d4:52:a3:37:24:bd:82:21:9f:d1:db:cd:e9:12:
a9:cf:60:48:3d:da:ea:a0:a7:d0:57:16:68:49:e5:
b4:e8:dc:d0:b0:12:b3:c7:1c:f1:b3:b1:eb:12:8b:
c7:3e:3c:02:fe:f6:4c:a8:35:d8:cf:74:64:63:89:
84:3e:75:88:a0:0b:80:5c:ea:68:b2:9c:bb:e3:ae:
4f:cd:24:b9:97:89:95:4e:3f:78:48:ba:ad:97:4c:
bf:f8:8b:14:80:f4:78:03:11:4b:a7:e3:99:1c:82:
59:bf:b6:f3:3e:3e:db:db:38:73:91:8d:f0:6f:e5:
5d:02:e7:c0:a5:8b:ad:69:f1:17:29:2c:16:41:ad:
ac:0f:64:c8:f7:62:58:da:73:66:f7:91:2c:89:f7:
80:6b:d7:91:f1:c8:4a:5a:c4:2d:3d:0b:18:83:f1:
e9:74:2d:83:bb:09:46:bd:f0:40:ad:0b:dd:0c:45:
64:8d:9e:cf:a7:a0:6c:d2:cc:f1:f9:05:15:7a:e3:
02:15:b0:e6:99:cd:81:5b:dd:52:9b:c0:35:25:fa:
4c:88:47:1d:16:19:9f:9d:f0:54:01:6e:20:6a:10:
ab:4f:d2:a2:a7:31:db:6d:76:26:0d:35:9d:ac:1f:
4e:4d:37:87:2c:78:26:d4:1f:f0:87:fc:f4:e2:2a:
af:9a:a4:d6:69:93:16:4f:ed:fb:e0:78:99:36:49:
d2:2e:7d:44:15:94:58:bd:ba:bc:d3:b9:75:5c:58:
13:69:18:8e:5d:0e:c9:0c:dd:06:c4:7b:fc:34:3e:
df:51:46:8d:5e:33:40:ba:39:75:9a:29:a5:f0:be:
d3:a1:2c:72:88:85:4a:a0:2e:d9:71:15:30:49:57:
f4:1b:73:e4:b3:b1:9e:3e:e6:0b:30:0a:eb:e9:cc:
ec:98:4c:36:ea:58:8a:aa:b1:4b:b9:e1:5e:4a:d0:
81:65:f0:ba:2c:b0:a6:8e:02:f1:c6:e0:78:b9:49:
eb:8e:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:FC:7A:19:F3:2B:0C:7D:F6:C0:7C:4D:F8:72:34:4C:8C:35:52:74
X509v3 Authority Key Identifier:
keyid:4D:FC:7A:19:F3:2B:0C:7D:F6:C0:7C:4D:F8:72:34:4C:8C:35:52:74
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
3c:e7:3a:e8:b6:d1:be:ca:27:ad:02:00:08:b7:1f:2d:e9:cd:
81:9f:98:f0:f0:a4:c5:dd:dc:94:a1:a6:bd:31:56:54:05:6a:
da:b1:1b:42:35:ef:f8:75:1c:0d:0f:00:77:24:a7:ef:5f:f1:
ce:38:3a:05:a7:22:a6:40:b6:6c:57:46:31:e8:ba:2f:b5:9e:
fb:7c:07:93:5c:cb:82:59:1a:2f:13:5b:6d:55:8d:d9:dd:ec:
44:b2:7f:89:26:37:da:fc:e8:aa:af:87:8b:5e:c3:3e:21:c2:
a0:ca:2a:49:78:fa:9d:10:5c:e8:2c:24:ac:e8:f3:61:25:cb:
86:6c:8f:1d:4c:2f:83:bd:d4:72:dc:54:1b:fa:3d:1a:d4:54:
a9:ac:87:70:ff:cf:53:26:1f:e7:11:bc:b3:89:d0:71:25:09:
d9:80:09:42:b1:5a:8d:01:a9:89:1e:2c:cc:89:e7:f8:c2:43:
4b:20:cd:ce:9c:2f:67:99:35:4f:e2:ec:00:07:3d:69:6e:9e:
48:93:d4:56:b1:0b:52:00:d9:86:05:1e:ea:64:68:a1:87:04:
0f:17:45:82:8e:f5:13:7a:90:79:c8:fd:42:e8:80:df:3b:46:
bc:39:c9:76:14:90:8e:cd:80:98:84:56:43:88:33:1e:ac:4a:
cb:48:8d:ff:35:d4:68:0e:ef:bf:1a:b5:34:17:7a:c8:c2:e8:
f0:18:f6:58:07:9b:09:9f:b5:e2:29:e2:5e:cb:b9:71:ce:13:
90:6d:b7:4e:23:31:bc:ab:17:b4:3d:96:17:4b:f8:01:49:b9:
0a:0c:73:1d:54:de:51:79:3a:fb:f0:b5:10:8d:38:ad:87:36:
0f:36:48:11:f7:1b:d6:2f:ed:a7:1d:73:74:45:19:69:1d:9f:
86:ec:a3:2b:8e:fd:5a:33:08:4d:17:41:df:57:8a:1e:99:c1:
bc:aa:15:a1:af:2c:23:67:4e:31:45:91:fb:8f:af:1e:19:a6:
0f:bb:d9:3a:55:cc:b0:a2:41:a5:99:20:cc:64:91:f7:8e:6b:
c4:ad:5a:c8:ca:3d:74:36:91:97:34:f1:f8:c5:22:87:6b:e3:
cf:9c:0a:75:5a:09:30:88:9d:07:99:2d:ef:87:75:45:ed:0f:
75:8a:88:6c:b0:7e:dc:c3:d4:50:c4:25:0c:de:f7:53:f6:12:
bd:5a:8b:81:3a:30:83:b7:66:5e:7e:8f:d8:65:ab:2a:fa:85:
d4:4b:61:fb:27:98:79:cb:d6:06:07:23:7f:d9:1d:79:3e:71:
a7:0c:c8:e8:0e:e0:40:66:4d:8d:0e:9c:41:c0:d2:2c:91:95:
63:d5:c4:12:cd:9b:bc:f4
-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIUXIH9uYJp4EaNme3QlUvT1mKKaZcwDQYJKoZIhvcNAQEL
BQAwVjEPMA0GA1UEAwwGY2FjZXJ0MQswCQYDVQQGEwJGSTERMA8GA1UECAwISGVs
c2lua2kxETAPBgNVBAcMCEhlbHNpbmtpMRAwDgYDVQQKDAdNYXJpYURCMB4XDTIw
MDMwMzAzMDMwM1oXDTQwMDIyNzAzMDMwM1owVjEPMA0GA1UEAwwGY2FjZXJ0MQsw
CQYDVQQGEwJGSTERMA8GA1UECAwISGVsc2lua2kxETAPBgNVBAcMCEhlbHNpbmtp
MRAwDgYDVQQKDAdNYXJpYURCMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAvHIBEGjB3/rRd1V8CRMZUUHN7U9RQyLnlw6U/A0dqcbzF3kxbxJ6m3+H4lUW
1aTdatNeT+LgvMSfxZUaRxOlzW3zduKaEjF25PEBlDdFEDIYnszYfwTKGJe/Ii5R
unNvRlA2/t+CTIqeNL5E9BJhchizgbXZsmmPffSLQWI0WXH35Camz1VN1FKjNyS9
giGf0dvN6RKpz2BIPdrqoKfQVxZoSeW06NzQsBKzxxzxs7HrEovHPjwC/vZMqDXY
z3RkY4mEPnWIoAuAXOpospy7465PzSS5l4mVTj94SLqtl0y/+IsUgPR4AxFLp+OZ
HIJZv7bzPj7b2zhzkY3wb+VdAufApYutafEXKSwWQa2sD2TI92JY2nNm95EsifeA
a9eR8chKWsQtPQsYg/HpdC2DuwlGvfBArQvdDEVkjZ7Pp6Bs0szx+QUVeuMCFbDm
mc2BW91Sm8A1JfpMiEcdFhmfnfBUAW4gahCrT9KipzHbbXYmDTWdrB9OTTeHLHgm
1B/wh/z04iqvmqTWaZMWT+374HiZNknSLn1EFZRYvbq807l1XFgTaRiOXQ7JDN0G
xHv8ND7fUUaNXjNAujl1miml8L7ToSxyiIVKoC7ZcRUwSVf0G3Pks7GePuYLMArr
6czsmEw26liKqrFLueFeStCBZfC6LLCmjgLxxuB4uUnrjnkCAwEAAaNTMFEwHQYD
VR0OBBYEFE38ehnzKwx99sB8TfhyNEyMNVJ0MB8GA1UdIwQYMBaAFE38ehnzKwx9
9sB8TfhyNEyMNVJ0MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
ADznOui20b7KJ60CAAi3Hy3pzYGfmPDwpMXd3JShpr0xVlQFatqxG0I17/h1HA0P
AHckp+9f8c44OgWnIqZAtmxXRjHoui+1nvt8B5Ncy4JZGi8TW21Vjdnd7ESyf4km
N9r86Kqvh4tewz4hwqDKKkl4+p0QXOgsJKzo82Ely4Zsjx1ML4O91HLcVBv6PRrU
VKmsh3D/z1MmH+cRvLOJ0HElCdmACUKxWo0BqYkeLMyJ5/jCQ0sgzc6cL2eZNU/i
7AAHPWlunkiT1FaxC1IA2YYFHupkaKGHBA8XRYKO9RN6kHnI/ULogN87Rrw5yXYU
kI7NgJiEVkOIMx6sSstIjf811GgO778atTQXesjC6PAY9lgHmwmfteIp4l7LuXHO
E5Btt04jMbyrF7Q9lhdL+AFJuQoMcx1U3lF5OvvwtRCNOK2HNg82SBH3G9Yv7acd
c3RFGWkdn4bsoyuO/VozCE0XQd9Xih6ZwbyqFaGvLCNnTjFFkfuPrx4Zpg+72TpV
zLCiQaWZIMxkkfeOa8StWsjKPXQ2kZc08fjFIodr48+cCnVaCTCInQeZLe+HdUXt
D3WKiGywftzD1FDEJQze91P2Er1ai4E6MIO3Zl5+j9hlqyr6hdRLYfsnmHnL1gYH
I3/ZHXk+cacMyOgO4EBmTY0OnEHA0iyRlWPVxBLNm7z0
-----END CERTIFICATE-----

17
unittest/libmariadb/certs/server-cert.crl Executable file
View File

@@ -0,0 +1,17 @@
-----BEGIN X509 CRL-----
MIICxTCBrgIBATANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNlcnQxCzAJ
BgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVsc2lua2kx
EDAOBgNVBAoMB01hcmlhREIXDTIwMDMwMzAzMDMwM1oXDTQwMDIyNzAzMDMwM1ow
FDASAgEBFw0yMDAzMDMwMzAzMDNaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
AQsFAAOCAgEAFsQCul/9vZ1qSxnYoVVlHPspJ6JFgg0kEK5ZQsiGaAKyvV1d9xpT
uu1FxOEajbeOGdGk9kRqy928KFynPSTpWphl+bJ2E+uey4a9PTgAlxPEcdbnGf2f
1je7i0pOlOximKkeRb8GB4EwNvS9MPKd2pkJnGgIK6eyTtOnKgvmkA3vwXIqB1wJ
dbQMscQlWyCN7lz5A2D6T9xOYY5gKthBAdM73OgzivGKJekoCCirGqVjA7Kurpmt
zV+UbDrHqxsBB4BS+X4sFp7n9K4dqD/acR7aYsjpxKUzc43rEzuTE8flQw1Hzk/h
lGJKg0XfIs2ol7zSeADocZMQR8G0wpeFsz5abm5/oCQ007Rxn+2d/8ZPfOw75u2p
vdcOARoU1q1qF1lGL3x5PFpam693VxB07js3qi6sCqJjsVETAmz08Bvck0+HeHpr
nyQndk7EZPl7W+8Ls68kZZB+77DDNS9Gwb8BQxzazuvN4G6DQsZLYNhWyV6vPeOt
sJF7mdvr4PElbtNG1WQFySt7SJKaA21hG1qVUqto8ZTd+/KU5b7MMnTM7nxFXQ3a
WwHq79xK1xC4f87rrc423yYEjAQkb/1NSseGa/gfqo6wRcxXbRQETq2r9KIsLwAN
sK1gO7Cl0SW9PtrCF4lWNOES9iSZ3BaacOHT7kD8qoBAL83CIlDFgWg=
-----END X509 CRL-----

128
unittest/libmariadb/certs/server-cert.pem Executable file
View File

@@ -0,0 +1,128 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
Validity
Not Before: Mar 3 03:03:03 2020 GMT
Not After : Feb 27 03:03:03 2040 GMT
Subject: C=FI, ST=state or province within country, in other certificates in this file it is the same as L, L=location, usually an address but often ambiguously used, O=organization name, typically a company name, OU=organizational unit name, a division name within an organization, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c9:f9:46:27:69:68:4b:5a:26:dd:1f:98:0f:44:
ba:40:83:ca:82:c2:7a:53:cc:b9:30:f1:ca:3e:e2:
6d:de:3a:11:aa:ce:c5:90:27:e6:f3:4f:3b:e9:af:
1a:ec:21:d7:ca:14:1f:f1:9b:cb:cd:7e:57:b4:c8:
5d:6c:cd:5a:54:dd:8a:9a:a9:27:ef:49:d3:6c:ac:
99:2d:dc:e5:c0:1e:3c:05:9f:c5:04:c7:2d:81:66:
21:27:16:d6:c3:e4:97:53:db:21:a6:43:50:70:cb:
2e:95:fb:da:52:55:27:1b:17:ef:19:83:eb:ff:a1:
fc:62:63:ea:2f:fe:53:35:e6:d9:bc:03:2d:e5:c2:
18:b1:29:91:e4:a4:79:2c:f1:05:dd:d5:3f:ff:b1:
9e:64:8d:60:29:74:43:f0:3d:31:e7:78:ce:9f:17:
74:e5:9f:fb:7b:69:a9:45:3b:e8:76:03:c6:ca:52:
85:84:50:0d:2b:98:6f:ff:d8:41:66:6d:39:f6:1a:
a3:61:e2:82:5f:dc:ec:ca:97:dc:b2:dc:cf:aa:97:
ef:13:10:ea:fb:8f:99:91:bb:d9:e8:61:25:2d:68:
04:af:2f:89:56:0d:89:90:77:e0:ad:c2:25:eb:3c:
d2:4e:3d:ca:6e:ae:35:c8:f2:94:7a:09:74:d3:8e:
73:30:e6:39:fe:b6:9c:c7:4d:23:4e:b0:bf:90:97:
29:b2:b3:30:b2:bb:49:ae:47:09:fe:cd:23:3a:01:
a4:ac:cb:53:25:74:98:27:20:85:6b:18:74:bb:1c:
bf:ff:05:dc:06:7c:02:78:81:1e:96:ad:8f:c6:a2:
0d:b3:5c:8e:ad:d5:fd:af:c5:8d:8b:9f:31:b1:4f:
a7:1e:9b:cd:57:68:d5:ad:ed:4e:7b:5f:0d:0c:d2:
47:85:b4:65:4b:23:1c:5b:a5:ec:88:fa:42:80:73:
84:cb:75:05:a6:39:f1:e6:a9:4e:15:e6:2f:f7:61:
0b:f3:08:cc:a6:2b:2b:64:6e:04:a1:fc:da:5e:34:
ad:7c:54:be:85:e4:ed:64:74:31:30:2a:ed:ab:3e:
d2:cd:c7:3e:de:18:04:8a:a7:bd:ad:52:74:13:b1:
b0:7d:4d:7e:87:7b:cb:82:1f:29:11:e1:0e:4b:42:
2b:83:e8:88:7e:92:80:20:eb:ee:da:d4:dd:1e:9c:
54:5c:67:a7:00:5f:a1:b7:bf:5d:c0:5a:25:2a:c1:
1e:7c:93:32:dd:17:c8:02:6d:1a:42:26:f6:50:01:
4b:df:29:7f:72:f1:90:72:80:8a:ba:2f:8c:86:7d:
56:45:c5:0e:82:16:d8:29:03:57:87:ce:22:1c:7f:
31:a8:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
DB:DF:8B:BC:C2:EE:A9:2A:4E:FD:0E:7A:5F:15:CF:94:A3:0C:CA:CC
X509v3 Authority Key Identifier:
keyid:4D:FC:7A:19:F3:2B:0C:7D:F6:C0:7C:4D:F8:72:34:4C:8C:35:52:74
Signature Algorithm: sha256WithRSAEncryption
09:d1:af:0e:0b:e8:a2:5e:c8:ee:0a:9f:21:c3:2c:da:a4:38:
d5:cc:a6:ca:8e:ef:df:94:ab:32:5a:ec:32:84:01:7a:97:bb:
38:e0:a8:7d:20:d9:ca:51:3d:a3:74:f9:fe:85:14:26:95:37:
de:2d:74:7e:16:eb:14:14:1b:80:e9:12:54:de:cc:94:cc:38:
ca:df:9a:d0:ce:3e:6c:f1:de:e8:40:f5:3e:6e:c0:ee:05:50:
5a:38:4b:97:69:3c:7a:1f:a8:11:67:e5:9a:9e:50:2e:62:e8:
f8:bf:1a:54:84:ad:9d:0e:1e:ec:64:22:1b:38:85:87:0b:f3:
c7:47:80:aa:c1:99:72:a5:0d:fd:ce:2c:6e:0d:52:4d:d7:55:
2f:4e:52:6e:4a:b9:9a:61:34:08:59:d9:30:cc:30:4a:dc:35:
34:b9:b0:a4:97:a1:b8:d7:ce:ee:63:2d:3a:ad:73:9c:99:49:
11:0a:04:94:60:97:19:4f:4b:66:d4:fb:bf:14:46:39:27:da:
01:3f:d8:6a:46:cb:77:12:f2:77:86:3a:45:e1:f7:44:3d:2b:
3d:e6:26:06:5e:29:20:be:1f:aa:74:43:0c:85:79:e2:14:9c:
03:bf:49:21:64:7e:c3:4a:7b:a1:60:f6:ce:fb:7c:59:e4:65:
7c:fb:1e:84:38:53:ec:1f:80:c2:b5:f7:c2:0e:46:19:4b:4d:
a3:32:6e:59:40:32:9b:6b:2c:bb:fa:1a:89:2e:96:22:71:d5:
71:92:9b:0d:86:0e:60:60:19:ba:34:22:e1:f1:f3:c9:87:5c:
5c:f5:d3:52:1c:11:0d:d3:91:7a:6b:bd:6f:cc:ba:78:60:e0:
20:b4:c2:d1:91:70:5f:74:33:a1:bc:aa:db:d1:35:91:b5:cb:
46:a8:28:7a:26:fc:8c:6c:64:05:4d:73:f1:00:bb:eb:70:87:
fd:9f:04:55:8f:7b:00:b1:c0:50:09:3a:58:44:19:a7:bd:f1:
34:5b:4d:d9:10:6b:d5:38:fa:64:f5:d3:28:4f:c4:23:14:29:
98:3e:2f:c2:87:6f:69:a0:89:0e:ee:f7:c4:50:9e:33:b9:0a:
84:f0:c6:38:45:38:91:10:14:ac:c4:03:8e:4b:e2:61:f9:78:
85:02:b9:c6:d5:c2:9f:ba:ac:21:1a:3a:4e:1a:f8:a9:12:ae:
67:37:79:ce:ec:94:54:cf:28:c4:33:3b:45:23:d2:cb:37:3b:
09:ee:e2:c4:9f:12:dc:e3:8f:06:1d:d5:54:b7:73:2c:34:36:
97:41:91:81:30:06:2c:90:14:9b:aa:4e:33:2a:38:29:f5:3d:
f4:c7:f2:03:6d:d9:d7:3e
-----BEGIN CERTIFICATE-----
MIIGlTCCBH2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNl
cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs
c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMjAwMzAzMDMwMzAzWhcNNDAwMjI3
MDMwMzAzWjCCAUcxCzAJBgNVBAYTAkZJMWEwXwYDVQQIDFhzdGF0ZSBvciBwcm92
aW5jZSB3aXRoaW4gY291bnRyeSwgaW4gb3RoZXIgY2VydGlmaWNhdGVzIGluIHRo
aXMgZmlsZSBpdCBpcyB0aGUgc2FtZSBhcyBMMUAwPgYDVQQHDDdsb2NhdGlvbiwg
dXN1YWxseSBhbiBhZGRyZXNzIGJ1dCBvZnRlbiBhbWJpZ3VvdXNseSB1c2VkMTQw
MgYDVQQKDCtvcmdhbml6YXRpb24gbmFtZSwgdHlwaWNhbGx5IGEgY29tcGFueSBu
YW1lMUkwRwYDVQQLDEBvcmdhbml6YXRpb25hbCB1bml0IG5hbWUsIGEgZGl2aXNp
b24gbmFtZSB3aXRoaW4gYW4gb3JnYW5pemF0aW9uMRIwEAYDVQQDDAlsb2NhbGhv
c3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ+UYnaWhLWibdH5gP
RLpAg8qCwnpTzLkw8co+4m3eOhGqzsWQJ+bzTzvprxrsIdfKFB/xm8vNfle0yF1s
zVpU3YqaqSfvSdNsrJkt3OXAHjwFn8UExy2BZiEnFtbD5JdT2yGmQ1Bwyy6V+9pS
VScbF+8Zg+v/ofxiY+ov/lM15tm8Ay3lwhixKZHkpHks8QXd1T//sZ5kjWApdEPw
PTHneM6fF3Tln/t7aalFO+h2A8bKUoWEUA0rmG//2EFmbTn2GqNh4oJf3OzKl9yy
3M+ql+8TEOr7j5mRu9noYSUtaASvL4lWDYmQd+CtwiXrPNJOPcpurjXI8pR6CXTT
jnMw5jn+tpzHTSNOsL+QlymyszCyu0muRwn+zSM6AaSsy1MldJgnIIVrGHS7HL//
BdwGfAJ4gR6WrY/Gog2zXI6t1f2vxY2LnzGxT6cem81XaNWt7U57Xw0M0keFtGVL
IxxbpeyI+kKAc4TLdQWmOfHmqU4V5i/3YQvzCMymKytkbgSh/NpeNK18VL6F5O1k
dDEwKu2rPtLNxz7eGASKp72tUnQTsbB9TX6He8uCHykR4Q5LQiuD6Ih+koAg6+7a
1N0enFRcZ6cAX6G3v13AWiUqwR58kzLdF8gCbRpCJvZQAUvfKX9y8ZBygIq6L4yG
fVZFxQ6CFtgpA1eHziIcfzGoTwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG
+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
29+LvMLuqSpO/Q56XxXPlKMMyswwHwYDVR0jBBgwFoAUTfx6GfMrDH32wHxN+HI0
TIw1UnQwDQYJKoZIhvcNAQELBQADggIBAAnRrw4L6KJeyO4KnyHDLNqkONXMpsqO
79+UqzJa7DKEAXqXuzjgqH0g2cpRPaN0+f6FFCaVN94tdH4W6xQUG4DpElTezJTM
OMrfmtDOPmzx3uhA9T5uwO4FUFo4S5dpPHofqBFn5ZqeUC5i6Pi/GlSErZ0OHuxk
Ihs4hYcL88dHgKrBmXKlDf3OLG4NUk3XVS9OUm5KuZphNAhZ2TDMMErcNTS5sKSX
objXzu5jLTqtc5yZSREKBJRglxlPS2bU+78URjkn2gE/2GpGy3cS8neGOkXh90Q9
Kz3mJgZeKSC+H6p0QwyFeeIUnAO/SSFkfsNKe6Fg9s77fFnkZXz7HoQ4U+wfgMK1
98IORhlLTaMybllAMptrLLv6GokuliJx1XGSmw2GDmBgGbo0IuHx88mHXFz101Ic
EQ3TkXprvW/Munhg4CC0wtGRcF90M6G8qtvRNZG1y0aoKHom/IxsZAVNc/EAu+tw
h/2fBFWPewCxwFAJOlhEGae98TRbTdkQa9U4+mT10yhPxCMUKZg+L8KHb2mgiQ7u
98RQnjO5CoTwxjhFOJEQFKzEA45L4mH5eIUCucbVwp+6rCEaOk4a+KkSrmc3ec7s
lFTPKMQzO0Uj0ss3Ownu4sSfEtzjjwYd1VS3cyw0NpdBkYEwBiyQFJuqTjMqOCn1
PfTH8gNt2dc+
-----END CERTIFICATE-----

51
unittest/libmariadb/certs/server-key.pem Executable file
View File

@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAyflGJ2loS1om3R+YD0S6QIPKgsJ6U8y5MPHKPuJt3joRqs7F
kCfm80876a8a7CHXyhQf8ZvLzX5XtMhdbM1aVN2Kmqkn70nTbKyZLdzlwB48BZ/F
BMctgWYhJxbWw+SXU9shpkNQcMsulfvaUlUnGxfvGYPr/6H8YmPqL/5TNebZvAMt
5cIYsSmR5KR5LPEF3dU//7GeZI1gKXRD8D0x53jOnxd05Z/7e2mpRTvodgPGylKF
hFANK5hv/9hBZm059hqjYeKCX9zsypfcstzPqpfvExDq+4+ZkbvZ6GElLWgEry+J
Vg2JkHfgrcIl6zzSTj3Kbq41yPKUegl0045zMOY5/racx00jTrC/kJcpsrMwsrtJ
rkcJ/s0jOgGkrMtTJXSYJyCFaxh0uxy//wXcBnwCeIEelq2PxqINs1yOrdX9r8WN
i58xsU+nHpvNV2jVre1Oe18NDNJHhbRlSyMcW6XsiPpCgHOEy3UFpjnx5qlOFeYv
92EL8wjMpisrZG4EofzaXjStfFS+heTtZHQxMCrtqz7Szcc+3hgEiqe9rVJ0E7Gw
fU1+h3vLgh8pEeEOS0Irg+iIfpKAIOvu2tTdHpxUXGenAF+ht79dwFolKsEefJMy
3RfIAm0aQib2UAFL3yl/cvGQcoCKui+Mhn1WRcUOghbYKQNXh84iHH8xqE8CAwEA
AQKCAgEAtn2LvKqJ+KOhP+R/ETSpEQfDX7h2rObqYWXmtkECwms3cVzYtzLGgwsR
eEimC7tcbZMXdceuMqM4ffkYKOm2970gsjOrCJNs++FLmlvgH2FyHCbK7lFFNYjg
5Z/GN0OA09zIH6Dsuq1rD0t7bS7RYbKTcDt5bgWftArRG8IwzyAhlbZNry5b/x8v
Wiad8lRoV5KJ++8xzWrL+0i45gV05M+L6cVY8u1FXbIPpqXFmXQ6Fq7PQsjNzZkz
gTiVhwWj/FD/VL9Dy3gjX74tRFMtM9eJxXFg0CFkwX+5GTVFUSyOJvfNoDolFKqs
EHO+rTjMULOWB8FSiZldPJL0wv4P5wEAZ+aqQ4mWsDHVDyACRlmLbOvMriiHrCMj
uDOWQwMsWOc/vCt6WPuNv3PlagACqOGQf0Pj62OcWTJGRzHoOXCw1OMgW3nNgg9X
f5UvXE8nn1hfJMePh6u1BXuOmoyOi2zTIng8ubfE8nw4pw35fkvfkY8BqllUw0XO
Kq5ICr1eqrHJNnicL+ITfiFm7yo0qUPlQnkBA7pCvrNDEdh6mLIEUE/NSqZd2XKB
TZeXLh6/0+djK1899sTsjr75yB1mVc6Jgo0OC4Em6T/u+VKw5LptxAoBnY7et2/7
6oJe8trQDEwBBE0ihwAvlElwG+kUyKS7P01Ow7ctmYzUuDoLgqECggEBAOV6LQ2H
/OfKfgyP/0pM3ngDUC0H49FLIXAKRdY/gLzecPauTleUX1aGOBkfscuHlKjKCllS
qUCHBLyE3bwAK5t0E3aHLtV9gGjNZvi7O6DZHwnMWP5AwN+eW1TASWUKfPVS6uUk
uMzkTkUowDK38EF7iabinSEYmpNxt0G7T4K9pV6O2HgMkKdIHvyxJ0dME3VOgG6m
miYTe2faRDaqRNY2Kn/r1NhSpRKb/iBovFcHLEQpffbtoJs4hzSUa8gk+iTk7WRX
k5a/74nJpB+v1m8ywHEmZ9wFBTCjoVNzBj0f7vZOrs6pP/3niJPEbyi1oK42I1GN
g6J16jgjVv+Q21ECggEBAOFRUVM61Yqz9mt34MqJgp0bqGEShDuFY4kvttAbtHK5
FLYc2Jxvn657jp1r2ksAb6UsDbp92UXmxxTw5H+PWsQ/nbNxmhPfjbjdvhoB4IHr
l3YxgWL9Ex0bi1vB8i/RYEOZs+Q9yyjB7rJqR6gw2jDJ0CQe/RsZUFh4RdzvrWoz
gqddlFUzfkS8KAjvmUA6rOrAgIdYhBRP85gXDtV+bc331q6NH8wu0hkJ0Q6gj0WZ
l/Nu1wWg8goHMuCU5GCDtrjQaXSECCo+XL4+VheGk8ZkDF+EkD4tW0oRKyao1rex
+aZ7IykGikXpMGtoQ+gUyiQzOzodFD5aycfJ+vO0IZ8CggEBANHXREWAWfM3xsYE
E2XFHxZNqU5UTa5AbqY+rpf5X+bV3iSlRfxuMDQ17iyDQBkmtPkYMBh4L09TaDBf
q0fUPAwePAICIgCVkAvF8Gh5BlDS2sAh/isZ2YVjEI9SeosL6TKIjUXWq6qpBy3U
0tROQUQQDNLvnNH75rX3oaVY/J9IfmUWaLp2evyNRdC6ynk3BwAZNfZ5ILK60/km
rYPzdZkQ1RI+/FaIVGzM+rh2LevDImZ+LrLTny7xpSmeo2TU820zbiV4s/yBLTEp
k4xqRcNPfIy7mvOmH5XXu5lMsKLKhcD0OIPAX0T2KX0+fouScwl7dhaIOpwgCXsm
TdLLitECggEAcJMYduUmXC6eKAO1JHyf7a8r6ZQ+zR5QJPLZ/BBbkBY46uRutXpv
5dWF49FHN8H4BiaElXDbZblwLl5NTA5r4zGFsWpI+TTwsjTYDlZxvXfgLQV/B945
9okUj7vPLWUHG79nydm17581i57ePoJqAYZToDh7bVawdgNhpIl7s1wZI1X2Druz
ktQPjKdpglXOn1ue3AC1vRBVPOAIYVLRud7iPEP2ZyXdgvUMpqpB6xxadx4iAIXx
aGFAYkUB9dbZLG20wqpVCgYugD7U9NwgaTcDl5W8G9S9j7wUOzSQUydw/GT5pD3I
SDXCI2fsxb/dX0jZhqeQvbbOqiuYXrrZMQKCAQEAqE3ZWDqhx4obUCkAiSnADnmh
v4/yzeHByCXH71uhou/C+y1f3RQLIZN8oAgnSKpFeAdue3Gwk6BA8FYBjSF2hhrM
LaYkzZ0fhFKhTbNmJ2LVJgFtOO8C/95UWY9tKuToRfndXv+99c1d1o85C97KE7C1
zREnTgIf990e5gx2KQCA5irELpKltu0g1wDfbD6hCxJhuvsg869Q0JcXcktg8c0D
sbJQWZrlr9i7TG6TEs7bWxH77hOdrpPyaRUiELt8ZfJJrrctYaY4ogd8NDctDbma
WJWdco8kyiWauoRBJuJJwRtTTMQ+JBiomOhDb1moQd19lNQiBjW5pTfr92NSVg==
-----END RSA PRIVATE KEY-----

2
unittest/libmariadb/charset.c
View File

@@ -757,7 +757,7 @@ static int charset_auto(MYSQL *my __attribute__((unused)))
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, "auto");
FAIL_IF(!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0),
password, schema, port, socketname, 0, 1),
mysql_error(mysql));
csname1= mysql_character_set_name(mysql);

97
unittest/libmariadb/connection.c
View File

@@ -65,7 +65,7 @@ static int test_conc66(MYSQL *my)
rc= mysql_query(my, "FLUSH PRIVILEGES");
check_mysql_rc(rc, my);
if (!my_test_connect(mysql, hostname, NULL,
NULL, schema, port, socketname, 0))
NULL, schema, port, socketname, 0, 1))
{
diag("user: %s", mysql->options.user);
diag("Error: %s", mysql_error(mysql));
@@ -463,7 +463,7 @@ static int test_bug31669(MYSQL *mysql)
static int test_bug33831(MYSQL *mysql)
{
FAIL_IF(my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0),
password, schema, port, socketname, 0, 1),
"Error expected");
return OK;
@@ -493,7 +493,7 @@ static int test_opt_reconnect(MYSQL *mysql)
if (!(my_test_connect(mysql, hostname, username,
password, schema, port,
socketname, 0)))
socketname, 0, 1)))
{
diag("connection failed");
mysql_close(mysql);
@@ -513,7 +513,7 @@ static int test_opt_reconnect(MYSQL *mysql)
if (!(my_test_connect(mysql, hostname, username,
password, schema, port,
socketname, 0)))
socketname, 0, 1)))
{
diag("connection failed");
mysql_close(mysql);
@@ -544,7 +544,7 @@ static int test_compress(MYSQL *mysql)
if (!(my_test_connect(mysql, hostname, username,
password, schema, port,
socketname, 0)))
socketname, 0, 1)))
{
diag("connection failed");
return FAIL;
@@ -583,7 +583,7 @@ static int test_reconnect(MYSQL *mysql)
if (!(my_test_connect(mysql1, hostname, username,
password, schema, port,
socketname, 0)))
socketname, 0, 1)))
{
diag("connection failed");
return FAIL;
@@ -647,14 +647,14 @@ int test_conc26(MYSQL *unused __attribute__((unused)))
MYSQL *mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, "ascii");
FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, CLIENT_REMEMBER_OPTIONS),
FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1),
"Error expected");
FAIL_IF(!mysql->options.charset_name || strcmp(mysql->options.charset_name, "ascii") != 0,
"expected charsetname=ascii");
mysql_close(mysql);
mysql= mysql_init(NULL);
FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, 0),
FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, 0, 1),
"Error expected");
FAIL_IF(mysql->options.charset_name, "Error: options not freed");
mysql_close(mysql);
@@ -669,7 +669,7 @@ int test_connection_timeout(MYSQL *unused __attribute__((unused)))
MYSQL *mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (unsigned int *)&timeout);
start= time(NULL);
if (my_test_connect(mysql, "192.168.1.101", "notexistinguser", "password", schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (my_test_connect(mysql, "192.168.1.101", "notexistinguser", "password", schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Error expected - maybe you have to change hostname");
return FAIL;
@@ -697,7 +697,7 @@ int test_connection_timeout2(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_INIT_COMMAND, "set @a:=SLEEP(7)");
mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &no);
start= time(NULL);
if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
elapsed= time(NULL) - start;
diag("elapsed: %lu", (unsigned long)elapsed);
@@ -723,7 +723,7 @@ int test_connection_timeout3(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_OPT_WRITE_TIMEOUT, (unsigned int *)&read_write_timeout);
mysql_options(mysql, MYSQL_INIT_COMMAND, "set @a:=SLEEP(6)");
start= time(NULL);
if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("timeout error expected");
elapsed= time(NULL) - start;
@@ -740,7 +740,7 @@ int test_connection_timeout3(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (unsigned int *)&read_write_timeout);
mysql_options(mysql, MYSQL_OPT_WRITE_TIMEOUT, (unsigned int *)&read_write_timeout);
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -801,7 +801,7 @@ static int test_wrong_bind_address(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_OPT_BIND, bind_addr);
if (my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error expected");
mysql_close(mysql);
@@ -848,7 +848,7 @@ static int test_bind_address(MYSQL *my)
mysql_options(mysql, MYSQL_OPT_BIND, bind_addr);
if (!my_test_connect(mysql, bind_addr, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s\n", mysql_error(mysql));
mysql_close(mysql);
@@ -1081,7 +1081,7 @@ static int test_unix_socket_close(MYSQL *unused __attribute__((unused)))
for (i=0; i < 10000; i++)
{
my_test_connect(mysql, "localhost", "user", "passwd", NULL, 0, "./dummy_sock", 0);
my_test_connect(mysql, "localhost", "user", "passwd", NULL, 0, "./dummy_sock", 0, 1);
/* check if we run out of sockets */
if (mysql_errno(mysql) == 2001)
{
@@ -1194,7 +1194,7 @@ static int test_auth256(MYSQL *my)
rc= mysql_query(my, query);
check_mysql_rc(rc, my);
if (!my_test_connect(mysql, hostname, "sha256user", "foo", NULL, port, socketname, 0))
if (!my_test_connect(mysql, hostname, "sha256user", "foo", NULL, port, socketname, 0, 1))
{
diag("error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -1204,7 +1204,7 @@ static int test_auth256(MYSQL *my)
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_SERVER_PUBLIC_KEY, "rsa_public_key.pem");
if (!my_test_connect(mysql, hostname, "sha256user", "foo", NULL, port, socketname, 0))
if (!my_test_connect(mysql, hostname, "sha256user", "foo", NULL, port, socketname, 0, 1))
{
diag("error: %s", mysql_error(mysql));
diag("host: %s", this_host);
@@ -1240,7 +1240,7 @@ static int test_mdev13100(MYSQL *my __attribute__((unused)))
check_mysql_rc(rc, mysql);
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -1265,7 +1265,7 @@ static int test_mdev13100(MYSQL *my __attribute__((unused)))
check_mysql_rc(rc, mysql);
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -1292,7 +1292,7 @@ if (!(fp= fopen("./mdev13100.cnf", "w")))
check_mysql_rc(rc, mysql);
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -1322,7 +1322,7 @@ if (!(fp= fopen("./mdev13100.cnf", "w")))
check_mysql_rc(rc, mysql);
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -1350,7 +1350,7 @@ if (!(fp= fopen("./mdev13100.cnf", "w")))
check_mysql_rc(rc, mysql);
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -1373,7 +1373,7 @@ static int test_conc276(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &val);
mysql_options(mysql, MYSQL_OPT_RECONNECT, &val);
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0, 1))
{
diag("Connection failed. Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -1423,7 +1423,7 @@ static int test_expired_pw(MYSQL *my)
mysql= mysql_init(NULL);
my_test_connect(mysql, hostname, "foo", "foo", schema,
port, socketname, 0);
port, socketname, 0, 1);
FAIL_IF(!mysql_errno(mysql), "Error expected");
mysql_close(mysql);
@@ -1432,7 +1432,7 @@ static int test_expired_pw(MYSQL *my)
mysql_optionsv(mysql, MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS, &expire);
my_test_connect(mysql, hostname, "foo", "foo", schema,
port, socketname, 0);
port, socketname, 0, 1);
/* we should be in sandbox mode now, only set commands should be allowed */
rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1");
@@ -1503,7 +1503,7 @@ static int test_conc317(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0);
schema, port, socketname, 0, 1);
remove(cnf_file1);
@@ -1551,7 +1551,7 @@ static int test_conc327(MYSQL *unused __attribute__((unused)))
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0);
schema, port, socketname, 0, 1);
remove(cnf_file1);
remove(cnf_file2);
@@ -1575,7 +1575,7 @@ static int test_conc327(MYSQL *unused __attribute__((unused)))
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_READ_DEFAULT_FILE, cnf_file2);
my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0);
schema, port, socketname, 0, 1);
remove(cnf_file1);
remove(cnf_file2);
@@ -1601,7 +1601,7 @@ static int test_conc332(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, "utf8mb4");
my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
port, socketname, 0, 1);
FAIL_IF(mysql_errno(mysql), "Error during connect");
@@ -1640,7 +1640,7 @@ static int test_conc351(MYSQL *unused __attribute__((unused)))
ulong capabilities= 0;
my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
port, socketname, 0, 1);
FAIL_IF(mysql_errno(mysql), "Error during connect");
@@ -1690,7 +1690,7 @@ static int test_conc312(MYSQL *my)
check_mysql_rc(rc, my);
mysql= mysql_init(NULL);
if (!my_test_connect(mysql, hostname, "foo", "foo", schema, port, socketname, 0))
if (!my_test_connect(mysql, hostname, "foo", "foo", schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
return FAIL;
@@ -1749,7 +1749,7 @@ static int test_conc366(MYSQL *mysql)
my= mysql_init(NULL);
if (plugindir)
mysql_options(my, MYSQL_PLUGIN_DIR, plugindir);
if (!my_test_connect(my, hostname, "ede", "MySup8%rPassw@ord", schema, port, socketname, 0))
if (!my_test_connect(my, hostname, "ede", "MySup8%rPassw@ord", schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(my));
return FAIL;
@@ -1811,7 +1811,7 @@ static int test_conc443(MYSQL *my __attribute__((unused)))
mysql_options(mysql, MYSQL_INIT_COMMAND, "set @a:=3");
mysql_options(mysql, MYSQL_OPT_RECONNECT, &x);
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Connection failed. Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -1857,7 +1857,7 @@ static int test_default_auth(MYSQL *my __attribute__((unused)))
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_DEFAULT_AUTH, "mysql_clear_password");
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Connection failed. Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -1868,7 +1868,7 @@ static int test_default_auth(MYSQL *my __attribute__((unused)))
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_DEFAULT_AUTH, "caching_sha2_password");
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Connection failed. Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -1926,7 +1926,7 @@ static int test_conc490(MYSQL *my __attribute__((unused)))
MYSQL *mysql= mysql_init(NULL);
if (!my_test_connect(mysql, hostname, username,
password, NULL, port, socketname, CLIENT_CONNECT_WITH_DB))
password, NULL, port, socketname, CLIENT_CONNECT_WITH_DB, 1))
{
diag("error: %s\n", mysql_error(mysql));
return FAIL;
@@ -1961,7 +1961,7 @@ static int test_conc544(MYSQL *mysql)
check_mysql_rc(rc, mysql);
if (my_test_connect(my, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("error expected (restricted auth)");
return FAIL;
@@ -1984,7 +1984,7 @@ static int test_conc544(MYSQL *mysql)
if (plugindir)
mysql_optionsv(my, MYSQL_PLUGIN_DIR, plugindir);
mysql_optionsv(my, MARIADB_OPT_RESTRICTED_AUTH, "client_ed25519, mysql_native_password");
if (!my_test_connect(my, hostname, "ede", "MySup8%rPassw@ord", schema, port, socketname, 0))
if (!my_test_connect(my, hostname, "ede", "MySup8%rPassw@ord", schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(my));
return FAIL;
@@ -2059,7 +2059,7 @@ static int test_conn_str_1(MYSQL *my __attribute__((unused)))
rc= mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
check_mysql_rc(rc, mysql);
if (!my_test_connect(mysql, NULL, NULL, NULL, NULL, 0, NULL, 0))
if (!my_test_connect(mysql, NULL, NULL, NULL, NULL, 0, NULL, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
remove("./conc274.cnf");
@@ -2102,7 +2102,7 @@ static int test_conc365(MYSQL *my __attribute__((unused)))
mysql= mysql_init(NULL);
snprintf(tmp, sizeof(tmp) -1, "127.0.0.1:3300,%s:%d", hostname ? hostname : "localhost", port);
if (!my_test_connect(mysql, tmp, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
rc= FAIL;
@@ -2116,7 +2116,7 @@ static int test_conc365(MYSQL *my __attribute__((unused)))
mysql= mysql_init(NULL);
mysql_options(mysql, MARIADB_OPT_HOST, tmp);
if (!my_test_connect(mysql, NULL, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
rc= FAIL;
@@ -2151,13 +2151,14 @@ static int test_conc365_reconnect(MYSQL *my)
}
if (!my_test_connect(mysql, tmp, username,
password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Error: %s", mysql_error(mysql));
rc= FAIL;
}
sprintf(tmp, "KILL %ld", mysql_thread_id(mysql));
diag("KILL %ld", mysql_thread_id(mysql));
rc= mysql_query(my, tmp);
check_mysql_rc(rc, my);
@@ -2232,7 +2233,7 @@ static int test_status_callback(MYSQL *my __attribute__((unused)))
rc= mysql_optionsv(mysql, MARIADB_OPT_STATUS_CALLBACK, my_status_callback, &data);
if (!my_test_connect(mysql, hostname, username,
password, NULL, port, socketname, 0))
password, NULL, port, socketname, 0, 1))
{
diag("error1: %s", mysql_error(mysql));
return FAIL;
@@ -2278,7 +2279,7 @@ static int test_conc632(MYSQL *my __attribute__((unused)))
MYSQL *mysql= mysql_init(NULL);
int rc;
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1))
{
diag("Connection failed. Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -2329,7 +2330,7 @@ static int test_x509(MYSQL *my __attribute__((unused)))
mysql_options(mysql1, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
if (!(my_test_connect(mysql1, hostname, username,
password, schema, port,
socketname, 0)))
socketname, 0, 1)))
{
diag("connection failed");
return FAIL;
@@ -2339,7 +2340,7 @@ static int test_x509(MYSQL *my __attribute__((unused)))
mysql_options(mysql2, MARIADB_OPT_TLS_PEER_FP, info->fingerprint);
if (!(my_test_connect(mysql2, hostname, username,
password, schema, port,
socketname, 0)))
socketname, 0, 1)))
{
diag("connection failed");
return FAIL;
@@ -2363,7 +2364,7 @@ static int test_conc505(MYSQL *my __attribute__((unused)))
#define CLIENT_DEPRECATE_EOF (1ULL << 24)
if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_DEPRECATE_EOF))
if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_DEPRECATE_EOF, 1))
{
diag("Error expected: Invalid client flag");
mysql_close(mysql);
@@ -2371,7 +2372,7 @@ static int test_conc505(MYSQL *my __attribute__((unused)))
}
diag("Error (expected): %s", mysql_error(mysql));
FAIL_IF(mysql_errno(mysql) != CR_INVALID_CLIENT_FLAG, "Wrong error number");
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS))
if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_MULTI_STATEMENTS | CLIENT_MULTI_RESULTS, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);

14
unittest/libmariadb/misc.c
View File

@@ -991,7 +991,7 @@ static int test_connect_attrs(MYSQL *my)
mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD, "foo2", "bar2");
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
if (!(mysql->server_capabilities & CLIENT_CONNECT_ATTRS))
{
@@ -1041,7 +1041,7 @@ static int test_conc117(MYSQL *unused __attribute__((unused)))
MYSQL *my= mysql_init(NULL);
SKIP_MAXSCALE;
FAIL_IF(!my_test_connect(my, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
mysql_kill(my, mysql_thread_id(my));
@@ -1060,7 +1060,7 @@ static int test_read_timeout(MYSQL *unused __attribute__((unused)))
SKIP_MAXSCALE;
mysql_options(my, MYSQL_OPT_READ_TIMEOUT, &timeout);
FAIL_IF(!my_test_connect(my, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
rc= mysql_query(my, "SELECT SLEEP(50)");
@@ -1136,7 +1136,7 @@ static int test_remote2(MYSQL *my)
mysql_options(mysql, MYSQL_READ_DEFAULT_FILE, "http://localhost/test.cnf");
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "test");
my_test_connect(mysql, hostname, username, password, schema,
0, socketname, 0), mysql_error(my);
0, socketname, 0, 1), mysql_error(my);
diag("port: %d", mysql->port);
mysql_close(mysql);
return OK;
@@ -1177,7 +1177,7 @@ static int test_mdev12965(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0);
schema, port, socketname, 0, 1);
remove(cnf_file1);
@@ -1461,7 +1461,7 @@ static int test_conc395(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0);
schema, port, socketname, 0, 1);
remove(cnf_file1);
@@ -1501,7 +1501,7 @@ static int test_sslenforce(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0);
schema, port, socketname, 0, 1);
remove(cnf_file1);

20
unittest/libmariadb/my_test.h
View File

@@ -219,12 +219,13 @@ MYSQL *my_test_connect(MYSQL *mysql,
const char *db,
unsigned int port,
const char *unix_socket,
unsigned long clientflag);
unsigned long clientflag,
my_bool auto_fingerprint);
static const char *schema = 0;
static char *hostname = 0;
static char *password = 0;
static char fingerprint[65]= {0};
static char fingerprint[129]= {0};
static unsigned int port = 0;
static unsigned int ssl_port = 0;
static char *socketname = 0;
@@ -542,7 +543,7 @@ MYSQL *test_connect(struct my_tests_st *test)
}
}
if (!(my_test_connect(mysql, hostname, username, password,
schema, port, socketname, (test) ? test->connect_flags:0)))
schema, port, socketname, (test) ? test->connect_flags:0, 1)))
{
diag("Couldn't establish connection to server %s. Error (%d): %s",
hostname, mysql_errno(mysql), mysql_error(mysql));
@@ -654,12 +655,18 @@ MYSQL *my_test_connect(MYSQL *mysql,
const char *db,
unsigned int port,
const char *unix_socket,
unsigned long clientflag)
unsigned long clientflag,
my_bool auto_fingerprint)
{
char *have_fp;
if (force_tls)
mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &force_tls);
if (fingerprint[0])
mysql_get_optionv(mysql, MARIADB_OPT_SSL_FP, &have_fp);
if (fingerprint[0] && auto_fingerprint)
{
printf("setting fingerprint\n");
mysql_options(mysql, MARIADB_OPT_SSL_FP, fingerprint);
}
if (!mysql_real_connect(mysql, host, user, passwd, db, port, unix_socket, clientflag))
{
diag("error: %s", mysql_error(mysql));
@@ -712,11 +719,12 @@ void run_tests(struct my_tests_st *test) {
mysql_free_result(res);
if (mysql_get_ssl_cipher(mysql))
diag("Cipher in use: %s", mysql_get_ssl_cipher(mysql));
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info);
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info, 384);
if (info)
{
strcpy(fingerprint, info->fingerprint);
diag("Peer certificate fingerprint: %s", fingerprint);
diag("Subject: %s", info->subject);
diag("--------------------");
}
}

4
unittest/libmariadb/ps.c
View File

@@ -63,7 +63,7 @@ static int test_conc83(MYSQL *unused __attribute__((unused)))
mysql_options(mysql, MYSQL_OPT_RECONNECT, &reconnect);
FAIL_IF(!(my_test_connect(mysql, hostname, username, password,
schema, port, socketname, 0)), "my_test_connect failed");
schema, port, socketname, 0, 1)), "my_test_connect failed");
/* 1. Status is inited, so prepare should work */
@@ -845,7 +845,7 @@ static int test_prepare_alter(MYSQL *mysql)
mysql_new= mysql_init(NULL);
FAIL_IF(!mysql_new, "mysql_init failed");
FAIL_IF(!(my_test_connect(mysql_new, hostname, username, password,
schema, port, socketname, 0)), "my_test_connect failed");
schema, port, socketname, 0, 1)), "my_test_connect failed");
rc= mysql_query(mysql_new, "ALTER TABLE test_prep_alter change id id_new varchar(20)");
diag("Error: %d %s", mysql_errno(mysql_new), mysql_error(mysql_new));
check_mysql_rc(rc, mysql_new);

12
unittest/libmariadb/rpl_api.c
View File

@@ -44,7 +44,7 @@ static int test_rpl_async(MYSQL *my __attribute__((unused)))
return SKIP;
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -112,7 +112,7 @@ static int test_rpl_semisync(MYSQL *my __attribute__((unused)))
return SKIP;
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -189,7 +189,7 @@ static int test_conc467(MYSQL *my __attribute__((unused)))
return SKIP;
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -271,7 +271,7 @@ static int test_conc592(MYSQL *my __attribute__((unused)))
return SKIP;
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -279,7 +279,7 @@ static int test_conc592(MYSQL *my __attribute__((unused)))
}
if (!my_test_connect(mysql_check, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);
@@ -356,7 +356,7 @@ static int test_conc689(MYSQL *my __attribute__((unused)))
return SKIP;
if (!my_test_connect(mysql, hostname, username,
password, schema, port, socketname, 0))
password, schema, port, socketname, 0, 1))
{
diag("Error: %s", mysql_error(mysql));
mysql_close(mysql);

4
unittest/libmariadb/thread.c
View File

@@ -15,7 +15,7 @@ static int basic_connect(MYSQL *unused __attribute__((unused)))
FAIL_IF(!my, "mysql_init() failed");
FAIL_IF(!my_test_connect(my, hostname, username, password, schema,
port, socketname, 0), mysql_error(my));
port, socketname, 0, 1), mysql_error(my));
rc= mysql_query(my, "SELECT @@version");
check_mysql_rc(rc, my);
@@ -136,7 +136,7 @@ DWORD WINAPI thread_conc27(void)
mysql_thread_init();
mysql= mysql_init(NULL);
if(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0))
port, socketname, 0, 1))
{
diag(">Error: %s", mysql_error(mysql));
mysql_close(mysql);

718
unittest/libmariadb/tls.c.in Normal file
View File

@@ -0,0 +1,718 @@
/*
Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
The MySQL Connector/C is licensed under the terms of the GPLv2
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most
MySQL Connectors. There are special exceptions to the terms and
conditions of the GPLv2 as it is applied to this software, see the
FLOSS License Exception
<http://www.mysql.com/about/legal/licensing/foss-exception.html>.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
by the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "my_test.h"
#include "ma_common.h"
#include "ma_pvio.h"
#include <mysql/client_plugin.h>
#ifdef HAVE_GNUTLS
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
#elif HAVE_OPENSSL
#include <openssl/ssl.h>
#endif
#define CHECK_TLS_FLAGS(m, flag, text) \
{\
unsigned int status;\
mariadb_get_infov(mysql, MARIADB_TLS_VERIFY_STATUS, &status);\
FAIL_IF(!(status & (flag)), (text));\
}
#define CHECK_NO_TLS_FLAGS(m)\
{\
unsigned int status;\
mariadb_get_infov(mysql, MARIADB_TLS_VERIFY_STATUS, &status);\
FAIL_IF(status), "Expected MARIADB_TLS_VERIFY_OK");\
}
my_bool auto_generated_cert= 0;
my_bool ignore_self_signed= 0;
static char *tls_dummy_host= NULL;
static int tls_dummy_port= 0;
static my_bool ignore_self_signed_cert_error(MYSQL *mysql)
{
const char *hostname= mysql->host;
const char *local_host_names[]= {
#ifdef _WIN32
/*
On Unix, we consider TCP connections with "localhost"
an insecure transport, for the single reason to run tests for
insecure transport on CI.This is artificial, but should be ok.
Default client connections use unix sockets anyway, so it
would not hurt much.
On Windows, the situation is quite different.
Default connections type is TCP, default host name is "localhost",
non-password plugin gssapi is common (every installation)
In this environment, there would be a lot of faux/disruptive
"self-signed certificates" errors there. Thus, "localhost" TCP
needs to be considered secure transport.
*/
"localhost",
#endif
"127.0.0.1", "::1", NULL};
int i;
/* if CA or CAPath was specified, we don't ignore self signed
certificates */
if (mysql->options.ssl_ca ||
mysql->options.ssl_capath)
return FALSE;
if (mysql->net.pvio->type != PVIO_TYPE_SOCKET)
{
return TRUE;
}
if (!hostname)
return FALSE;
for (i= 0; local_host_names[i]; i++)
{
if (strcmp(hostname, local_host_names[i]) == 0)
{
return TRUE;
}
}
return FALSE;
}
static int test_start_tls_server(MYSQL *my __attribute__((unused)))
{
#ifdef WIN32
STARTUPINFO si;
PROCESS_INFORMATION pi;
char szCmdline[1024];
snprintf(szCmdline, sizeof(szCmdline), "%s tls_server.py --host=%s --port=%d", "@Python3_EXECUTABLE@", tls_dummy_host, tls_dummy_port);
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
GetStartupInfo(&si);
si.cb = sizeof(STARTUPINFO);
si.wShowWindow = SW_SHOWDEFAULT;
if( !CreateProcessA(NULL,
szCmdline,
NULL,
NULL,
FALSE,
CREATE_NEW_CONSOLE,
NULL,
NULL,
&si,
&pi)
)
{
diag("couldn't start tls_server. Error %d", GetLastError());
return FAIL;
}
#else
pid_t tls_server_pid;
if (!(tls_server_pid= fork()))
{
char hostname[1024], port[128];
snprintf(hostname, sizeof(hostname), "--host=%s", tls_dummy_host);
snprintf(port, sizeof(port), "--port=%d", tls_dummy_port);
execlp("@Python3_EXECUTABLE@", "@Python3_EXECUTABLE@", "tls_server.py", hostname, port, NULL);
}
#endif
sleep(10);
return OK;
}
static int set_tls_dummy_options(const char *options)
{
MA_PVIO_CINFO cinfo;
MARIADB_PVIO *pvio;
MYSQL *mysql= mysql_init(NULL);
char buffer[1024];
size_t len;
cinfo.type= PVIO_TYPE_SOCKET;
cinfo.host= tls_dummy_host;
cinfo.port= tls_dummy_port;
cinfo.mysql = mysql;
if (!(pvio= ma_pvio_init(&cinfo)))
{
diag("pvio_init failed");
return 1;
}
if (ma_pvio_connect(pvio, &cinfo))
{
diag("connect failed: %s", mysql_error(mysql));
return 1;
}
if (!(len= ma_pvio_read(pvio, (uchar *)buffer, sizeof(buffer))))
{
diag("Error reading server packet");
return 1;
}
if (!ma_pvio_write(pvio, (uchar *)options, strlen(options)))
{
diag("Error writing configuration");
return 1;
}
ma_pvio_close(pvio);
return OK;
}
static int test_init(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql= mysql_init(NULL);
my_bool verify= 0;
int rc;
int ret= FAIL;
MYSQL_RES *result;
MYSQL_ROW row;
char query[1024];
diag("test_init");
/* Force use of TLS */
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
/* Don't verify peer certificate */
mysql_optionsv(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 0), mysql_error(my));
rc= mysql_query(mysql, "SELECT @@ssl_cert");
check_mysql_rc(rc, mysql);
if ((result= mysql_store_result(mysql)))
{
row= mysql_fetch_row(result);
auto_generated_cert = (row[0] == NULL);
mysql_free_result(result);
}
diag("autogenerated: %d", auto_generated_cert);
ignore_self_signed= ignore_self_signed_cert_error(mysql);
diag("ignore self signed certificates: %d", ignore_self_signed);
ret= OK;
sprintf(query, "CREATE OR REPLACE USER 'tls_user1'@'%s' IDENTIFIED BY 'tls_password'", hostname);
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
sprintf(query, "CREATE OR REPLACE USER 'tls_user2'@'%s'", hostname);
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
mysql_close(mysql);
return ret;
}
static int test_no_cert_check(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql= mysql_init(NULL);
my_bool verify= 0;
/* Force use of TLS */
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
/* Don't verify peer certificate */
mysql_optionsv(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 0), mysql_error(my));
FAIL_IF(!mysql_get_ssl_cipher(mysql), "No TLS connection");
mysql_close(mysql);
return OK;
}
static int test_ca_cert_check(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql= mysql_init(NULL);
int rc= FAIL;
#ifdef HAVE_SCHANNEL
diag("Not supported by schannel");
return SKIP;
#endif
if (ignore_self_signed)
{
diag("Test doesn't work on trusted connection");
return SKIP;
}
/* Force use of TLS with faked ca, which contains the server
certificate */
mysql_ssl_set(mysql, NULL, NULL, "./ca_cert.pem", NULL, NULL);
if (my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 0))
{
if (auto_generated_cert)
{
diag("expected hostname mismatch for autogenerated certificate");
goto end;
}
} else {
if (auto_generated_cert)
{
rc= OK;
goto end;
}
diag("Error: %s", mysql_error(mysql));
goto end;
}
FAIL_IF(!mysql_get_ssl_cipher(mysql), "No TLS connection");
rc= OK;
end:
mysql_close(mysql);
return rc;
}
static int test_fp(MYSQL *my __attribute__((unused)))
{
unsigned int hash_size[3] = {256, 384, 512};
int i;
my_bool verify= 0;
MYSQL *mysql= mysql_init(NULL);
/* Force use of TLS */
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
/* Don't verify peer certificate */
mysql_optionsv(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 1), mysql_error(my));
for (i=0; i < 3; i++)
{
MYSQL *mysql1= mysql_init(NULL);
MARIADB_X509_INFO *info;
diag("testing SHA%d fingerprint", hash_size[i]);
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info, hash_size[i]);
mysql_optionsv(mysql1, MARIADB_OPT_SSL_FP, info->fingerprint);
FAIL_IF(!my_test_connect(mysql1, hostname, username, password, schema,
port, socketname, 0, 0), mysql_error(my));
FAIL_IF(!mysql_get_ssl_cipher(mysql), "No TLS connection");
mysql_close(mysql1);
}
mysql_close(mysql);
return OK;
}
static int test_fp_colon(MYSQL *my __attribute__((unused)))
{
unsigned int hash_size[3] = {256, 384, 512};
int i;
my_bool verify= 0;
MYSQL *mysql= mysql_init(NULL);
char fp[200];
/* Force use of TLS */
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
/* Don't verify peer certificate */
mysql_optionsv(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 0), mysql_error(my));
for (i=0; i < 3; i++)
{
MYSQL *mysql1= mysql_init(NULL);
MARIADB_X509_INFO *info;
char *p= &fp[0];
size_t j;
diag("testing SHA%d fingerprint with colons", hash_size[i]);
memset(fp, 0, sizeof(fp));
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info, hash_size[i]);
for (j=0; j < strlen(info->fingerprint) / 2; j++)
{
memcpy(p, info->fingerprint + j * 2, 2);
p+= 2;
*p++= ':';
}
p--;
*p= 0;
diag ("fp: %s", fp);
mysql_optionsv(mysql1, MARIADB_OPT_SSL_FP, fp);
FAIL_IF(!my_test_connect(mysql1, hostname, username, password, schema,
port, socketname, 0, 0), mysql_error(my));
FAIL_IF(!mysql_get_ssl_cipher(mysql), "No TLS connection");
mysql_close(mysql1);
}
mysql_close(mysql);
return OK;
}
static int test_peer_cert_info_fp(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql= mysql_init(NULL);
my_bool verify= 0;
MARIADB_X509_INFO *info;
char old_fp[129] = {0};
int i;
unsigned int hash_size[3] = {256, 384, 512};
/* Force use of TLS */
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
/* Don't verify peer certificate */
mysql_optionsv(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
FAIL_IF(!my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 0), mysql_error(my));
for (i=0; i < 3; i++)
{
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info, hash_size[i]);
FAIL_IF(!info->version, "Wrong certificate version=0");
FAIL_IF(!strcmp(old_fp, info->fingerprint), "Fingerprint was not updated");
if (strlen(info->fingerprint) != hash_size[i] / 4)
{
diag("Got fingerprint length %zu, expected %u", strlen(info->fingerprint), hash_size[i] / 4);
return FAIL;
}
strcpy(old_fp, info->fingerprint);
}
mysql_close(mysql);
return OK;
}
static int test_fp_garbage(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql= mysql_init(NULL);
char fp[129];
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
/* 1) use non hex chars */
strcpy(fp, "IJKLMNOPQRSTUVWXYZABCDEXXXXXX67IJKLMNOPQRSTUVWXYZABCDEXXXXXX679X");
if (mysql_optionsv(mysql, MARIADB_OPT_SSL_FP, fp))
return FAIL;
if (my_test_connect(mysql, hostname, username, password, schema,
port, socketname, 0, 0))
{
diag("Error expected");
diag("%s", mysql_get_ssl_cipher(mysql));
return FAIL;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_FINGERPRINT, "Fingerprint verification flag not set");
mysql_close(mysql);
return OK;
}
static int test_pw_check(MYSQL *my)
{
MYSQL *mysql= mysql_init(NULL);
int rc;
my_bool local_safe_connection= ignore_self_signed_cert_error(my);
char query[1024];
int ret= FAIL;
/* connect with pasword */
sprintf(query, "CREATE OR REPLACE USER '%s'@'%s' IDENTIFIED BY '%s'", "tlsuser", this_host, "mypw");
rc= mysql_query(my, query);
check_mysql_rc(rc, my);
diag("expected to pass with self signed");
if (!my_test_connect(mysql, hostname, "tlsuser", "mypw", NULL, 0, NULL, 0, 0))
{
diag("Error (password + self signed)");
goto end;
}
diag("ok");
mysql_close(mysql);
mysql= mysql_init(NULL);
/* connect without pasword */
if (!local_safe_connection)
{
sprintf(query, "CREATE OR REPLACE USER '%s'@'%s'", "tlsuser", this_host);
rc= mysql_query(my, query);
check_mysql_rc(rc, my);
if (my_test_connect(mysql, hostname, "tlsuser", NULL, NULL, 0, NULL, 0, 0))
{
diag("Error expected since no password was specified");
goto end;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_TRUST, "Not trusted flag not set")
mysql_close(mysql);
mysql = mysql_init(NULL);
mysql_optionsv(mysql, MARIADB_OPT_RESTRICTED_AUTH, "mysql_native_password, mysql_old_password");
diag("expected to fail with old_password plugin");
/* Test with an authentication plugin, which doesn't support hashing */
sprintf(query, "CREATE OR REPLACE USER '%s'@'%s' IDENTIFIED VIA mysql_old_password USING '7c786c222596437b'", "tlsuser", this_host);
rc= mysql_query(my, query);
check_mysql_rc(rc, my);
rc= mysql_query(my, "SET GLOBAL secure_auth=0");
check_mysql_rc(rc, my);
if (my_test_connect(mysql, hostname, "tlsuser", "foo", NULL, 0, NULL, 0, 0))
{
diag("Error expected since old_password was specified");
goto end;
}
diag("ok");
}
ret= OK;
end:
mysql_close(mysql);
return ret;
}
static int test_cert_expired(MYSQL *my __attribute__((unused)))
{
int ret= OK;
MYSQL *mysql;
/* Set validity in future */
if (set_tls_dummy_options("CMD:create_new=True validityStartInSeconds=10000 validityEndInSeconds=2000"))
{
diag("Error when setting TLS options");
return FAIL;
}
mysql= mysql_init(NULL);
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
if (my_test_connect(mysql, tls_dummy_host, "tlsuser", "foo", NULL, tls_dummy_port, NULL, 0, 0))
{
diag("Error expected since cert is not valid yet");
return FAIL;
}
mysql_close(mysql);
/* Set cert expired */
if (set_tls_dummy_options("CMD:create_new=True validityStartInSeconds=-20000 validityEndInSeconds=-10000"))
{
diag("Error when setting TLS options");
return FAIL;
}
mysql= mysql_init(NULL);
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
if (my_test_connect(mysql, tls_dummy_host, "tlsuser", "foo", NULL, tls_dummy_port, NULL, 0, 0))
{
diag("Error expected since cert is not valid yet");
return FAIL;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_PERIOD, "NotBefore/NotAfter flag not set")
mysql_close(mysql);
return ret;
}
static int test_wrong_ca(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql= mysql_init(NULL);
mysql_ssl_set(mysql, NULL, NULL, "selfsigned.pem", NULL, NULL);
if (my_test_connect(mysql, hostname, "tlsuser", "foo", NULL, 0, NULL, 0, 0))
{
diag("self signed error expected");
return FAIL;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_TRUST, "Not trusted flag not set")
mysql_close(mysql);
return OK;
}
static int test_crl(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql;
/* Set validity in future */
if (set_tls_dummy_options("CMD:KEY_FILE='./certs/server-key.pem' CERT_FILE='./certs/server-cert.pem'"))
{
diag("Error when setting TLS options");
return FAIL;
}
mysql= mysql_init(NULL);
mysql_optionsv(mysql, MYSQL_OPT_SSL_CRL, "./certs/server-cert.crl");
mysql_ssl_set(mysql, NULL, NULL, "./certs/cacert.pem", NULL, NULL);
if (my_test_connect(mysql, tls_dummy_host, "tlsuser", "foo", NULL, tls_dummy_port, NULL, 0, 0))
{
diag("Error expected since cert revoked");
return FAIL;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_REVOKED, "Revocation flag not set")
mysql_close(mysql);
return OK;
}
static int test_crl_with_fp(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql;
/* hardcoded: openssl x509 -noout -fingerprint -sha256 -inform pem -in certs/server-cert.pem */
const char *fp= "4B:EE:BB:12:6D:30:1A:B2:2A:4A:F8:6D:82:7F:63:44:1F:8F:F4:6B:D3:F2:CA:68:0B:D5:E3:5D:1C:47:A7:16";
/* Set validity in future */
if (set_tls_dummy_options("CMD:KEY_FILE='./certs/server-key.pem' CERT_FILE='./certs/server-cert.pem'"))
{
diag("Error when setting TLS options");
return FAIL;
}
mysql= mysql_init(NULL);
mysql_optionsv(mysql, MARIADB_OPT_SSL_FP, fp);
mysql_optionsv(mysql, MYSQL_OPT_SSL_CRL, "./certs/server-cert.crl");
mysql_ssl_set(mysql, NULL, NULL, "./certs/cacert.pem", NULL, NULL);
if (my_test_connect(mysql, tls_dummy_host, "tlsuser", "foo", NULL, tls_dummy_port, NULL, 0, 0))
{
diag("Error expected since cert revoked");
return FAIL;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_REVOKED, "Revocation flag not set")
mysql_close(mysql);
return OK;
}
static int test_wrong_hostname(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql;
/* Set validity in future */
if (set_tls_dummy_options("CMD:create_new=True"))
{
diag("Error when setting TLS options");
return FAIL;
}
mysql= mysql_init(NULL);
mysql_ssl_set(mysql, NULL, NULL, "./selfsigned.pem", NULL, NULL);
if (my_test_connect(mysql, tls_dummy_host, "tlsuser", "foo", NULL, tls_dummy_port, NULL, 0, 0))
{
diag("Error expected since hostname doesn't match");
return FAIL;
}
CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_HOST, "Host name validation flag not set")
mysql_close(mysql);
return OK;
}
static int stop_tls_server(MYSQL *my __attribute__((unused)))
{
if (set_tls_dummy_options("QUIT"))
{
diag("Error when shutting down tls dummy server");
return FAIL;
}
return OK;
}
struct my_tests_st my_tests[] = {
/* Don't add test above, test_init needs to be run first */
{"test_start_tls_server", test_start_tls_server, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_init", test_init, TEST_CONNECTION_NONE, 0, NULL, NULL},
/* Here you can add more tests */
{"test_cert_expired", test_cert_expired, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_pw_check", test_pw_check, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_ca_cert_check", test_ca_cert_check, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_fp_garbage", test_fp_garbage, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_peer_cert_info_fp", test_peer_cert_info_fp, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_no_cert_check", test_no_cert_check, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_fp", test_fp, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_fp_colon", test_fp_colon, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_wrong_ca", test_wrong_ca, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_wrong_hostname", test_wrong_hostname, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_crl", test_crl, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_crl_with_fp", test_crl_with_fp, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"stop_tls_server", stop_tls_server, TEST_CONNECTION_NONE, 0, NULL, NULL},
{NULL, NULL, 0, 0, NULL, 0}
};
int main(int argc, char **argv)
{
char *dummy_port;
if (argc > 1)
get_options(argc, argv);
get_envvars();
if (!(tls_dummy_host= getenv("MARIADB_TLS_DUMMY_HOST")))
tls_dummy_host= (char *)"127.0.0.1";
if ((dummy_port= getenv("MARIADB_TLS_DUMMY_PORT")))
tls_dummy_port= atoi(dummy_port);
if (!tls_dummy_port)
tls_dummy_port= 50000;
run_tests(my_tests);
return(exit_status());
}

157
unittest/libmariadb/tls_server.py Executable file
View File

@@ -0,0 +1,157 @@
import socket
import ssl
import argparse
from ast import literal_eval
from OpenSSL import crypto, SSL
import os
class TlsServer():
def __init__(self, *args, **kwargs):
self.host= kwargs.pop("host", "127.0.0.1")
self.port= kwargs.pop("port", 50000)
self.server= None
self.end= False
try:
self.server= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.server.bind((self.host, self.port))
print("# tls dummy_server started: ", self.host, self.port)
self.server.listen()
except Exception as e:
print("Couldn't start tls_server")
print(e)
def check_server(self):
if not self.server:
raise Exception("Server not started")
def send_server_hello(self, conn):
self.check_server()
try:
conn.sendall(server_hello)
except Exception as e:
print("Couldn't send server_hello")
print(e)
return 0
return 1
def generate_cert(self,
create_new=False,
create_crl=False,
emailAddress="emailAddress",
commonName="commonName",
countryName="NT",
localityName="localityName",
stateOrProvinceName="stateOrProvinceName",
organizationName="organizationName",
organizationUnitName="organizationUnitName",
serialNumber=123,
validityStartInSeconds=0,
validityEndInSeconds=10*365*24*60*60,
KEY_FILE = "privkey.pem",
CRL_FILE = "selfsigned.crl",
CERT_FILE="selfsigned.pem"):
self.key_file= KEY_FILE
self.cert_file= CERT_FILE
self.crl_file = CRL_FILE
if create_new:
try:
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 4096)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = countryName
cert.get_subject().ST = stateOrProvinceName
cert.get_subject().L = localityName
cert.get_subject().O = organizationName
cert.get_subject().OU = organizationUnitName
cert.get_subject().CN = commonName
cert.get_subject().emailAddress = emailAddress
cert.set_serial_number(serialNumber)
cert.gmtime_adj_notBefore(validityStartInSeconds)
cert.gmtime_adj_notAfter(validityEndInSeconds)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha512')
with open(CERT_FILE, "wt") as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode("utf-8"))
with open(KEY_FILE, "wt") as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k).decode("utf-8"))
return 1
except Exception as e:
return 0
return 1
def set_tls_context(self, reply):
kwargs= {}
if len(reply) > 0:
cmds= reply.decode()
kwargs= dict((k, literal_eval(v)) for k, v in (pair.split('=') for pair in cmds.split()))
print("# command: ", kwargs)
if self.generate_cert(**kwargs):
print("# loading certs", self.cert_file, self.key_file)
self.context= ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
self.context.load_cert_chain(self.cert_file, self.key_file)
return 1
return 0
def accept(self):
self.check_server()
conn, addr= self.server.accept()
return (conn, addr)
def run(self):
while not self.end:
connection, address= self.accept()
print("# new connection")
self.send_server_hello(connection)
reply= connection.recv(4096)
if reply[:4] == b'CMD:':
if self.set_tls_context(reply[4:]):
connection.sendall(b'OK')
elif reply[:4] == b'QUIT':
print("# exiting tls_dummy_server")
try:
connection.close()
except:
pass
return
else:
try:
tls_sock= self.context.wrap_socket(connection, server_side=True)
except Exception as e:
print("error occured")
print(e)
connection.close()
connection.close()
# Hardcoded server hello packet (captured from MariaDB Server 11.4.2)
server_hello = b'R\x00\x00\x00\n11.4.2-MariaDB\x00\xff\x01\x00\x00Nv\
*hQ;qK\x00\xfe\xff\x08\x02\x00\xff\x81\x15\x00\x00\x00\
\x00\x00\x00\x1d\x00\x00\x00`$-VIJyC!x[?\x00mysql_native_password\x00'
if __name__ == '__main__':
parser= argparse.ArgumentParser(
prog='tls_server',
description='Simple TLS dummy test server')
parser.add_argument('--host', help='Hostaddress of TLS test server (Default 127.0.0.1)')
parser.add_argument('--port', help='Port of TLS test server. (Default 50000)')
args= parser.parse_args()
if not (port := args.port):
port= 50000;
if not (host := args.host):
host= "127.0.0.1"
server= TlsServer(host=host, port=int(port))
print("# Starting tls_dummy_server")
server.run()