database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

MDEV-14101: tls-version

Browse Source 
Client part of MDEV-14101: Add support for tls-version, via
mysql_options(mysql, MARIADB_OPT_TLS_VERSION, value)
Accepted values are "TLSv1.1", "TLSv1.2" and "TLSv1.3".

Fixed testcase openssl_1 for schannel
This commit is contained in:
Georg Richter
2017-10-23 11:04:14 +02:00
parent a09510671e
commit b241f8995f
10 changed files with 187 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
unittest/libmariadb/CMakeLists.txt
View File

@@ -41,6 +41,9 @@ IF(WITH_SSL)
FILE(READ ${CERT_PATH}/server-cert.sha1 CERT_FINGER_PRINT)
STRING(REPLACE "\n" "" CERT_FINGER_PRINT "${CERT_FINGER_PRINT}")
SET(API_TESTS ${API_TESTS} "ssl")
IF(WIN32)
STRING(REPLACE "\\" "\\\\" CERT_PATH ${CERT_PATH})
ENDIF()
CONFIGURE_FILE(${CC_SOURCE_DIR}/unittest/libmariadb/ssl.c.in
${CC_BINARY_DIR}/unittest/libmariadb/ssl.c)
ADD_EXECUTABLE(ssl ${CC_BINARY_DIR}/unittest/libmariadb/ssl.c)

77
unittest/libmariadb/ssl.c.in
View File

@@ -112,7 +112,7 @@ static int test_ssl(MYSQL *mysql)
MYSQL_ROW row;
char *tls_library;
rc= mysql_query(mysql, "SELECT @@have_ssl UNION SELECT @@have_openssl");
rc= mysql_query(mysql, "SELECT @@have_ssl, @@have_openssl");
check_mysql_rc(rc, mysql);
res= mysql_store_result(mysql);
@@ -422,7 +422,7 @@ static int test_conc50(MYSQL *unused __attribute__((unused)))
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "/home/georg/work/mariadb/bb-10.2-georg/unittest/libmariadb/certs/my_cert.pem", NULL, NULL);
mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting_cert.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
port, socketname, 0);
@@ -471,7 +471,7 @@ static int test_conc50_2(MYSQL *unused __attribute__((unused)))
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "/home/georg/work/mariadb/bb-10.2-georg/unittest/libmariadb/certs/not-found.pem", NULL, NULL);
mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting_cert.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
port, socketname, 0);
@@ -494,7 +494,7 @@ static int test_conc127(MYSQL *unused __attribute__((unused)))
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "/home/georg/work/mariadb/bb-10.2-georg/unittest/libmariadb/certs/dummy.pem", NULL, NULL);
mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
port, socketname, 0);
@@ -649,9 +649,9 @@ DWORD WINAPI thread_conc102(void)
mysql_thread_init();
mysql= mysql_init(NULL);
mysql_ssl_set(mysql, "/home/georg/work/mariadb/bb-10.2-georg/unitt/libmariadb/certs/client-key.pem",
sslcert,
sslca,
mysql_ssl_set(mysql, sslkey,
sslcert,
sslca,
NULL, NULL);
mysql_ssl_set(mysql,0, 0, sslca, 0, 0);
@@ -975,7 +975,6 @@ static int test_openssl_1(MYSQL *mysql)
my= mysql_init(NULL);
mysql_options(my, MYSQL_OPT_SSL_ENFORCE, &val);
my->options.use_ssl= 1;
FAIL_IF(!mysql_real_connect(my, hostname, "ssluser1", NULL, schema,
port, socketname, 0), mysql_error(my));
FAIL_IF(!mysql_get_ssl_cipher(my), "No TLS connection");
@@ -985,11 +984,18 @@ static int test_openssl_1(MYSQL *mysql)
rc= mysql_query(mysql, query);
check_mysql_rc(rc, mysql);
/* ssl_user1: connect with enforce should work */
/* ssl_user2: connect with enforce should work */
my= mysql_init(NULL);
mysql_options(my, MYSQL_OPT_SSL_ENFORCE, &val);
FAIL_IF(mysql_real_connect(my, hostname, "ssluser2", NULL, schema,
port, socketname, 0), "Error expected");
mysql_real_connect(my, hostname, "ssluser2", NULL, schema,
port, socketname, 0);
if (!mysql_error(my) &&
strcmp(mysql_get_ssl_cipher(my), "AES256-SHA"))
{
diag("Expected error or correct cipher");
return FAIL;
}
mysql_close(my);
/* ssl_user2: connect with cipher should work */
@@ -1158,8 +1164,57 @@ static int test_mdev14027(MYSQL *mysql __attribute__((unused)))
return OK;
}
static int test_mdev14101(MYSQL *my __attribute__((unused)))
{
struct {
bool do_yassl;
const char *opt_tls_version;
const char *expected;
} combinations[]= {
{1, "TLSv1.0", "TLSv1.0"},
{1, "TLSv1.1", "TLSv1.1"},
{1, "TLSv1,TLSv1.1", "TLSv1.1"},
{0, "TLSv1.2", "TLSv1.2"},
{0, NULL, "TLSv1.2"},
{0, "TLSv1.0,TLSv1.1,TLSv1.2", "TLSv1.2"},
{1, NULL, NULL}
};
int i;
#ifdef HAVE_SCHANNEL
bool skip_tlsv12= 1;
#else
bool skip_tlsv12= !have_openssl;
#endif
diag("%d %d", skip_tlsv12, have_openssl);
for (i=0; combinations[i].expected; i++)
{
MYSQL *mysql;
bool val=1;
char *tls_version;
if (!combinations[i].do_yassl && skip_tlsv12)
break;
mysql= mysql_init(NULL);
mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &val);
mysql_options(mysql, MARIADB_OPT_TLS_VERSION, combinations[i].opt_tls_version);
FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql));
mariadb_get_infov(mysql, MARIADB_CONNECTION_TLS_VERSION, &tls_version);
diag("options: %s", combinations[i].opt_tls_version);
diag("protocol: %s", tls_version);
FAIL_IF(strcmp(combinations[i].expected, tls_version), "Wrong tls_version");
mysql_close(mysql);
}
return OK;
}
struct my_tests_st my_tests[] = {
{"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_mdev14101", test_mdev14101, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_mdev14027", test_mdev14027, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc286", test_conc286, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_ssl_timeout", test_ssl_timeout, TEST_CONNECTION_NEW, 0, NULL, NULL},