database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

More SSL fixes:

Browse Source 
- verification functions for key and cert now use SSL_context
        - Added support for server cert verification (hostname must match)
        - minor bug fixes
This commit is contained in:
holzboote@googlemail.com
2013-09-19 15:14:11 +02:00
parent b2e83a163f
commit b382649f50
18 changed files with 341 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -129,7 +129,7 @@ INCLUDE(${CMAKE_SOURCE_DIR}/cmake/CheckFunctions.cmake)
INCLUDE(${CMAKE_SOURCE_DIR}/cmake/CheckTypes.cmake)
# Check for OpenSSL
IF(WITH_SSL)
IF(WITH_OPENSSL)
FIND_PACKAGE(OpenSSL)
IF(OPENSSL_FOUND)
ADD_DEFINITIONS(-DHAVE_OPENSSL)

10
libmariadb/libmariadb.c
View File

@@ -1321,17 +1321,12 @@ mysql_init(MYSQL *mysql)
#ifdef ENABLED_LOCAL_INFILE
mysql->options.client_flag|= CLIENT_LOCAL_FILES;
#endif
mysql->reconnect= 0;
return mysql;
}
//#ifdef HAVE_OPENSSL
/**************************************************************************
** Fill in SSL part of MYSQL structure and set 'use_ssl' flag.
** NB! Errors are not reported until you do mysql_real_connect.
**************************************************************************/
int STDCALL
mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert,
const char *ca, const char *capath, const char *cipher)
@@ -1341,8 +1336,7 @@ mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert,
mysql->options.ssl_ca = ca==0 ? 0 : my_strdup(ca,MYF(0));
mysql->options.ssl_capath = capath==0 ? 0 : my_strdup(capath,MYF(0));
mysql->options.ssl_cipher = cipher==0 ? 0 : my_strdup(cipher,MYF(0));
mysql->options.use_ssl = 1;
//mysql->connector_fd = new_VioSSLConnectorFd(key, cert, ca, capath);
/* todo: add crl stuff */
return 0;
}

103
libmariadb/ma_secure.c
View File

@@ -30,10 +30,8 @@ static SSL_CTX *SSL_context= NULL;
#define MAX_SSL_ERR_LEN 100
#ifdef THREAD
extern pthread_mutex_t LOCK_ssl_config;
static pthread_mutex_t *LOCK_crypto;
#endif
/*
SSL error handling
@@ -46,9 +44,12 @@ static void my_SSL_error(MYSQL *mysql)
DBUG_ENTER("my_SSL_error");
if (mysql_errno(mysql))
DBUG_VOID_RETURN;
if (!ssl_errno)
{
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "No SSL error");
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "Unknown SSL error");
DBUG_VOID_RETURN;
}
if ((ssl_error_reason= ERR_reason_error_string(ssl_errno)))
@@ -63,7 +64,6 @@ static void my_SSL_error(MYSQL *mysql)
DBUG_VOID_RETURN;
}
#ifdef THREAD
/*
thread safe callbacks for OpenSSL
Crypto call back functions will be
@@ -83,7 +83,6 @@ my_cb_locking(int mode, int n, const char *file, int line)
else
pthread_mutex_unlock(&LOCK_crypto[n]);
}
#endif
/*
Initializes SSL and allocate global
@@ -101,14 +100,11 @@ int my_ssl_start(MYSQL *mysql)
{
int rc= 0;
DBUG_ENTER("my_ssl_start");
#ifdef THREAD
/* lock mutex to prevent multiple initialization */
pthread_mutex_lock(&LOCK_ssl_config);
#endif
if (!my_ssl_initialized)
{
#ifdef THREAD
if (!(LOCK_crypto=
(pthread_mutex_t *)my_malloc(sizeof(pthread_mutex_t) *
CRYPTO_num_locks(), MYF(0))))
@@ -124,7 +120,6 @@ int my_ssl_start(MYSQL *mysql)
CRYPTO_set_id_callback(my_cb_threadid);
CRYPTO_set_locking_callback(my_cb_locking);
}
#endif
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
OPENSSL_config(NULL);
#endif
@@ -145,9 +140,7 @@ int my_ssl_start(MYSQL *mysql)
my_ssl_initialized= TRUE;
}
end:
#ifdef THREAD
pthread_mutex_unlock(&LOCK_ssl_config);
#endif
DBUG_RETURN(rc);
}
@@ -166,12 +159,9 @@ end:
void my_ssl_end()
{
DBUG_ENTER("my_ssl_end");
#ifdef THREAD
pthread_mutex_lock(&LOCK_ssl_config);
#endif
if (my_ssl_initialized)
{
#ifdef THREAD
int i;
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
@@ -180,27 +170,26 @@ void my_ssl_end()
pthread_mutex_destroy(&LOCK_crypto[i]);
my_free((gptr)LOCK_crypto, MYF(0));
#endif
if (SSL_context)
{
SSL_CTX_free(SSL_context);
SSL_context= FALSE;
}
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ENGINE_cleanup();
CONF_modules_free();
CONF_modules_unload(1);
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
my_ssl_initialized= FALSE;
}
#ifdef THREAD
pthread_mutex_unlock(&LOCK_ssl_config);
#endif
pthread_mutex_destroy(&LOCK_ssl_config);
DBUG_VOID_RETURN;
}
#ifdef THREAD
#endif
/*
Set certification stuff.
*/
@@ -228,9 +217,7 @@ static int my_ssl_set_certs(SSL *ssl)
/* set cert */
if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0)
{
if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) != 1)
goto error;
if (SSL_use_certificate_file(ssl, mysql->options.ssl_cert, SSL_FILETYPE_PEM) != 1)
if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) <= 0)
goto error;
have_cert= 1;
}
@@ -238,11 +225,11 @@ static int my_ssl_set_certs(SSL *ssl)
/* set key */
if (mysql->options.ssl_key && mysql->options.ssl_key[0])
{
if (SSL_use_PrivateKey_file(ssl, mysql->options.ssl_key, SSL_FILETYPE_PEM) != 1)
if (SSL_CTX_use_PrivateKey_file(SSL_context, mysql->options.ssl_key, SSL_FILETYPE_PEM) <= 0)
goto error;
/* verify key */
if (have_cert && SSL_check_private_key(ssl) != 1)
if (have_cert && SSL_CTX_check_private_key(SSL_context) != 1)
goto error;
}
/* ca_file and ca_path */
@@ -250,30 +237,37 @@ static int my_ssl_set_certs(SSL *ssl)
mysql->options.ssl_ca,
mysql->options.ssl_capath) == 0)
{
if (mysql->options.ssl_ca || mysql->options.ssl_capath)
goto error;
if (SSL_CTX_set_default_verify_paths(SSL_context) == 0)
goto error;
}
if (mysql->options.ssl_ca || mysql->options.ssl_capath)
#ifdef CRL_IMPLEMENTED
if (mysql->options.ssl_crl || mysql->options.ssl_crlpath)
{
X509_STORE *certstore;
if ((certstore= SSL_CTX_get_cert_store(SSL_context)))
{
if (X509_STORE_load_locations(certstore, mysql->options.ssl_ca,
mysql->options.ssl_capath) == 1)
mysql->options.ssl_capath) == 0)
{
#ifdef X509_V_FLAG_CRL_CHECK
X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "OpenSSL library doesn't support CRL certificates");
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR),
"Loading certificate failed");
DBUG_RETURN(1);
}
if (X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK |
X509_V_FLAG_CRL_CHECK_ALL) == 0)
{
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR),
"X509_STORE_set_flags failed");
DBUG_RETURN(1);
}
}
}
#endif
}
else
goto error;
}
}
DBUG_RETURN(0);
@@ -285,20 +279,41 @@ error:
static int my_verify_callback(int ok, X509_STORE_CTX *ctx)
{
X509 *check_cert;
SSL *ssl;
MYSQL *mysql;
DBUG_ENTER("my_verify_callback");
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
DBUG_ASSERT(ssl != NULL);
mysql= (MYSQL *)SSL_get_app_data(ssl);
DBUG_ASSERT(mysql != NULL);
/* skip verification if no ca_file/path was specified */
if (!mysql->options.ssl_ca && !mysql->options.ssl_capath)
{
ok= 1;
DBUG_RETURN(1);
}
if (!ok)
{
uint depth;
if (!(check_cert= X509_STORE_CTX_get_current_cert(ctx)))
DBUG_RETURN(0);
depth= X509_STORE_CTX_get_error_depth(ctx);
DBUG_PRINT("info", ("error_depth=%d", depth));
if (depth == 0)
{
ok= 1;
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ctx->error= %d", ctx->error));
}
else
DBUG_RETURN(1);
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR),
X509_verify_cert_error_string(ctx->error));
DBUG_RETURN(0);
}
/*
@@ -317,7 +332,7 @@ SSL *my_ssl_init(MYSQL *mysql)
int verify;
SSL *ssl= NULL;
DBUG_ENTER("my_get_ssl");
DBUG_ENTER("my_ssl_init");
DBUG_ASSERT(mysql->net.vio->ssl == NULL);
@@ -335,6 +350,7 @@ SSL *my_ssl_init(MYSQL *mysql)
verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ?
SSL_VERIFY_NONE : SSL_VERIFY_PEER;
SSL_set_verify(ssl, verify, my_verify_callback);
SSL_set_verify_depth(ssl, 1);
DBUG_RETURN(ssl);
error:
@@ -365,6 +381,7 @@ int my_ssl_connect(SSL *ssl)
DBUG_ASSERT(ssl != NULL);
mysql= (MYSQL *)SSL_get_app_data(ssl);
CLEAR_CLIENT_ERROR(mysql);
/* Set socket to blocking if not already set */
if (!(blocking= vio_is_blocking(mysql->net.vio)))
@@ -395,6 +412,7 @@ int my_ssl_connect(SSL *ssl)
SYNOPSIS
my_ssl_verify_server_cert()
MYSQL mysql
mybool verify_server_cert;
RETURN VALUES
1 Error
@@ -504,6 +522,7 @@ int my_ssl_close(Vio *vio)
int i, rc;
DBUG_ENTER("my_ssl_close");
/* 2 x pending + 2 * data = 4 */
for (i=0; i < 4; i++)
if ((rc= SSL_shutdown(vio->ssl)))

18
libmariadb/my_auth.c
View File

@@ -326,7 +326,20 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
end= buff+5;
}
#ifdef HAVE_OPENSSL
if (mysql->client_flag & CLIENT_SSL)
if (mysql->options.ssl_key ||
mysql->options.ssl_cert ||
mysql->options.ssl_ca ||
mysql->options.ssl_capath ||
mysql->options.ssl_cipher
#ifdef CRL_IMPLEMENTED
|| (mysql->options.extension &&
(mysql->options.extension->ssl_crl ||
mysql->options.extension->ssl_crlpath))
#endif
)
mysql->options.use_ssl= 1;
if (mysql->options.use_ssl &&
(mysql->client_flag & CLIENT_SSL))
{
SSL *ssl;
/*
@@ -353,7 +366,8 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
goto error;
}
if (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT &&
if ((mysql->options.ssl_ca || mysql->options.ssl_capath) &&
(mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
my_ssl_verify_server_cert(ssl))
goto error;
}

3
libmariadb/my_thr_init.c
View File

@@ -147,6 +147,9 @@ void my_thread_end(void)
if (tmp && tmp->initialized)
{
#ifdef HAVE_OPENSSL
ERR_remove_thread_state(NULL);
#endif
#if !defined(DBUG_OFF)
if (tmp->dbug)
{

21
unittest/libmariadb/certs/ca-cert.pem
View File

@@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKJqUreNtr3EMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTIxMjAxMTExMjA3WhcNMjIxMDEwMTExMjA3WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4jb3yqpNn
sZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64vgmS4Ftdv
+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE218R5UOjg
0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlHLV99looT
T4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw40+X8BUaL
2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABo1AwTjAdBgNVHQ4EFgQUUk+4Eg7w
xG/VQ7r2GdDVnKBMB28wHwYDVR0jBBgwFoAUUk+4Eg7wxG/VQ7r2GdDVnKBMB28w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAvxPUK88FFPpjcnM6k9v/
XdEb4xgivcdTxQD5QH9A9lQZWnaMd+7dWGoeLgwP3/N/b7gV6BgAJt73aWa7AkMV
SKi10qk7IOs2DXlNuFzs1uy7ziBWrftUp5cTIDjZ8B5jZ23vUjkQfMivi9dnhVwp
UUjhh0gjoxYtvP8VJzz7FEMtHNEiwQsQ7G/at4T2xTWR4TlYXdvzE+5x1JdMYoed
vO4sihtZ2REZrXasvwpA2TofTTvOWGiU28SqV0AFh3Kz64WnRuJBkTR3zK5iTQvy
Zc7Loz5yZC+5ebn1hG2yjjpjJUfcEdv2i85hQQBjZarC6ibfptrgeO/bAQEU8ppV
kA==
-----END CERTIFICATE-----

27
unittest/libmariadb/certs/ca-key.pem
View File

@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4
jb3yqpNnsZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64v
gmS4Ftdv+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE2
18R5UOjg0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlH
LV99looTT4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw4
0+X8BUaL2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABAoIBACeVdhL08HSks06n
mNuGYefUOFpSq0RcVmKvUWv4/XgyGvniDI4k/EoUdUTW8aaMgcMI0tsGlzmoTWtU
ri7QRFphfQ2KgT6EIhjSqvL5iq/pSAzLciJKqOAX6MNwhBW0TVolM61CyK0Ji/ow
K19n+qjfFvo3Pkcz0UxEb8xqh1abfCgjaJnnjj0JlUO+xqNNRh3Gm6M2BrmrNhuR
l4fRr/moOrK+uMD1PCHJcx5zlWSX4FBjF52iD8divsD6vM10dBiyamNc3WrBHiWN
cp7ARtRcMS2k1XrUTAv69ltAll1BPzHQ7yC/HpJq4QBxoDRPPftsiRB9izC5MyDt
HdqArgECgYEA8ByToWHP+Ao+tw/xH26yRz1d/1pe7hq+qB13LEyvDZe4wd1smuv/
3VkNG/43yEYaLy3VxwKhxePrFL5WasLpB1dAmGIwio1hb2LldBlZp6HoW1u8MNYL
grC/3TLp1hQP2WT/yKuuqwKW+ebRpov2oTV7HmO7g+eKUDZOEjhPS90CgYEA1hOK
udBOEAGOYKa7086fSTFvJWMNy3lDEmJuvMVXcaYroaBjKWM2XZnCwKDymj+0mtzl
HY6SVgZEM+mfdm0U9kuRdQSaOCrmmLg0nBqta2fng939hSY1ED8TGMt6rDWA4lOD
SPiJwdeKkZEb7jSkLBojfNwpv/4+IfGZC18+2PECgYBIwjAOIAiX/erBKCiFwNJu
+e6I2UaY2ivZ34vkNZx5/vaycDlfvJG87iYlzGP04SFAGKCF/Isu3wC2OXMQSN26
JrthMafJ5EuZKBulkaT0QgCZ5nNhTQsR4CNTkQEAqPWgh5Vmpnd4RIGhWks/L3xd
n0oejFQfBUOJSNthdAS7VQKBgHRl974Epw1I61NeFS6bYDx55ocbjrqd2nw6jR+S
5XLj+UFOZdxxF3RZUG1QldiM3vR9Ow6RILwpeBgJ5SyNLyKkABjyQbBckzlinyhp
0PVfb6BhqaEmHyAQS5/ls3PDO6rT4cRhbvW47p0rm1YvxTw9kiIny4ObB8mJBcAL
L67hAoGAIg00eMX2tqaY772vho2Q8ba2OT8ZvhGxRd2+eIB8LbK7Nh119+4O37zr
sHEq7QD15i34PM/dI9fbxFXi9cFFsxdwE5b4stTx/ZPdz5og05FCTyBX88L1FzLc
ZPEDbdYcajXSJSeGtbwilNKDtqLx62ANPRvrACZSKYWdfYRwBgw=
-----END RSA PRIVATE KEY-----

60
unittest/libmariadb/certs/ca.pem
View File

@@ -1,38 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIDGDCCAgACAQEwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UEBhMCREUxCzAJBgNV
BAgMAkJXMRMwEQYDVQQHDApIZWlkZWxiZXJnMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTIxMTIyMDcxMDM5WhcNMjIxMDAxMDcxMDM5WjBS
MQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcxEzARBgNVBAcMCkhlaWRlbGJlcmcx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAOKiAyhtJXHgjr0cLFx+gYqBZCzg+Bpevh3/+U0t
A5trng5kht8dbI6m0Qjz8Mi09sFxaHmmL6WA+wxL8LqwMjOXpn3aAjNW3+QFu5Ei
Iy+8KrwdJdZVzRHCCLt4HWpeMQBzn2y/MUgZzc8+RhcQSu2KVDBiKLVpa6Z9k3gl
wsezI8ClJ6vWsJGnJX699H9BhMyS85ipVmeL69h5tWsdHQtmbK+XdHPQldi9r/88
f2VfIOo7EFSm9ohJG70P8lhEIqByhQ8Hw0akGWLLsLg4cufPVrOdPZocJ/qJjQVG
OkfSPkIgwKnpzGbXjFG5IMh5rXJCIRbO3ofTxGpSTzNQ0hcCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAb7bIszKyzpCvom4FjnNYT3buQCf0qnUGoPgVpXIpjc4Lsyr0
nmIfgGNo/+5B1cj3iAtIuSojXOK96r8a84TueCaeX9ZDdG+ZZm9ng6mIiyQraZyR
Gl+VsTH40O0QTjMcPB344Yz0ZSHU1E35LzarApHtqZi9TpCBFc0td1EhxX7rdEOD
WzBRTKcMzV+Y0Fslqjy73JVYnaxJ/ZShW7TOowrdjE9DZ8VZ7dVSJOtdTLB5WNQE
mxFInjbUig5vvHzmf4bEsBDz7RXy0W8fMQd2HEcgGBDwdQYq18kZl9H5plORDCgg
S93U+OoInjEU2KEWyDyiBI7OwAZYIQytrxDBOw==
MIICTDCCAbWgAwIBAgIJAMc8o9u+bopUMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZzZXJ2ZXIwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSnS+kxI2wBY1M
eINRxfpyx5BQ8x4hX8o79PT+1PpEYEt/aNL1D2LronG4tbpB6pFTJ+mxnbPAOhns
nGEpYYh5Tz1VOcB1+IMko/Eqa4jComxb1Yxv3c1xbtFNyGaylOCQ1KHs60UNDL8K
eZs827ys293jPjR7Kz3fzTfPRCgc3wIDAQABo1AwTjAdBgNVHQ4EFgQUDYVv8BN8
pzV3lwVpUzg1zSFLm9UwHwYDVR0jBBgwFoAUDYVv8BN8pzV3lwVpUzg1zSFLm9Uw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBkU+Vx9Qkx/l/covoosxUl
xigDiZf0WZhsBNudu3aB5OV08eXLdkPxnF/nmTotiK+FvmIAh1fM65mMLlxbfRpH
3kAlI470shYEaysC1aIgcdha7EHJXcmKeMcGdaJR3UKrg7h/3XX4WdFV/27q9tjx
+CIl79v79TqPaKLL08jWHg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDGDCCAgACAQEwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UEBhMCREUxCzAJBgNV
BAgMAkJXMRMwEQYDVQQHDApIZWlkZWxiZXJnMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTIxMTIyMDcxMTI0WhcNMjIxMDAxMDcxMTI0WjBS
MQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcxEzARBgNVBAcMCkhlaWRlbGJlcmcx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBANofs7wzZpUourQz03gALCHcTYXbuTJ16w/rbvql
WUa1R/qUgaxN9k7SEj260Vr7PMEREAIdKIu54jCy/yCRzYb/03HorQjJgGXjYvtX
nmwwUgLZSz3aLIX2p7jcw3ESiqN1/oZ3fB8+i6HT8igFcmbAOkPEN8TBM9Qenqj7
NNx9iYAOp7r8xJXJXTEWBIy0kJ2eXZQacveLGPgFs6Qq0Hvn8FsXT9zQQH98BQhL
o35vjxas/A8ThZiKd8cCmUbTtGxIlncR7FmJuqKAJVTSg/ZePFoYqW0s9GAtPJfC
DVdaT94uGZIWtOCLPqQgiEyjdHWHdeF+WBdXex3xRI3Ii+UCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAKSXEbcpfgqZiWIJBpQX86kNMWhjA4m8GKwXoxhgxTtEZPju/
VO/ehjsTo8AnRQdW4/sD+KgVqn6F4jw5WVwK6L0TTlat5umn+zKW9c72Cmsf7kiZ
pc6bluyKv1uhS5pK1HLjQaL8vY4WExHkh8nGEuS4IIhAtHzBblE3G4/Kdq7V7IO7
+YaSwO1nRiYaFbrZkF8u+GOIVJlcQ7C7m2332c0NFYBmYoeJ03rwb8kWe40UHaiP
R3Pl/bzrRbcHiSqLawFpfYOG1+Sq9GkBwysv6ADU4wKcu9dYNvjgbRHhHuSLB3am
Dnj09lCHMDxHUtk1PhLsxG65lMw4GaUEqjfUmg==
MIICTDCCAbWgAwIBAgIJAINPYND1suQ5MA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZjbGllbnQwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH0i3GrrSfiYf8
qk4eZfcPpgLW1X7lSOWxB9yvP7xE4rGNeKAIA6ZMCfvsuf4ABBH6ktPVqKEMnOPP
ro40fyUz/Oa77M0j8hhRld7BGRcckcpkz/xfRBQ4bZuuBXlkFKDeGpyGGVdrUBFg
pGx6tCxgLjcss+Mg31QQp2dgfHsuXwIDAQABo1AwTjAdBgNVHQ4EFgQUDrNUQrfC
7FA4jhm5WBPqhpwIBc8wHwYDVR0jBBgwFoAUDrNUQrfC7FA4jhm5WBPqhpwIBc8w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBD0fpXPv6Vv80uibJ1njm9
znClMWKRMRu2jU1P3aSynzLHssqIA+hWCNZZHyXvHOvsizEhJU1aW/zTuUSeWg0Q
Ay4o3Tycw0gh5NbNNMyyLi5ZivsPq6mYBlnYtCdXmDLj7gqrK4qu2xo19ifaIlUY
sD9uawV17DPPers9aYOqVg==
-----END CERTIFICATE-----

30
unittest/libmariadb/certs/client-cert.pem
View File

@@ -1,19 +1,15 @@
-----BEGIN CERTIFICATE-----
MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xMjEyMDExMTE5NTBaFw0yMjExMjkxMTE5NTBaMGAxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQxGTAXBgNVBAMMEGNsaWVudC5sb2NhbGhvc3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCfq0vKNGpEXPHiISQu0sLoIJ81eHzJyKUEHo+z
TKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKnPNoaZK8gja5XoCx/cTIda7D6
/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQrEtjovu/OEqJfgKyaN0N1AC0
mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o7tnsSqLSYyZ+UebJN1O6WAQY
B5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98OynmlVzazUkt0L37Ya8ojxMkUMBon
+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0cgCChGl3FAgMBAAEwDQYJKoZI
hvcNAQEFBQADggEBAC3l+GCH29tKQlY+zyo8CdX0n0LKwKNJKFuxOBWEYG6WHcId
lE99faUlFF2XvN32MN+tFU9VXoxNm0BCOiMu3O9HcqWp3Bfzu36tNbQlBrpcVGYQ
Zq2zAEbWvNoQjVkDAHIRrbGJ9dv3a+ev7O0sjA1BxdfrWhhl4uyfWb3XCSG+0qeb
1S/PmYq+HzGNkmgMlRBZX0Bu+wwTBEreSCaieZrNqJUsLzIxjR+8m7YM6I7U0Ihi
PEGmzMFz70OBeMVc/4h7jzcMMvHRhHNSMnUVsXxhxHl6EW29Uha66nf9zd3A9b1g
/q8S27ufXMLGIPP+6PCRqiF792Kq9OTn67Iq7Tw=
MIICTDCCAbWgAwIBAgIJAINPYND1suQ5MA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZjbGllbnQwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH0i3GrrSfiYf8
qk4eZfcPpgLW1X7lSOWxB9yvP7xE4rGNeKAIA6ZMCfvsuf4ABBH6ktPVqKEMnOPP
ro40fyUz/Oa77M0j8hhRld7BGRcckcpkz/xfRBQ4bZuuBXlkFKDeGpyGGVdrUBFg
pGx6tCxgLjcss+Mg31QQp2dgfHsuXwIDAQABo1AwTjAdBgNVHQ4EFgQUDrNUQrfC
7FA4jhm5WBPqhpwIBc8wHwYDVR0jBBgwFoAUDrNUQrfC7FA4jhm5WBPqhpwIBc8w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBD0fpXPv6Vv80uibJ1njm9
znClMWKRMRu2jU1P3aSynzLHssqIA+hWCNZZHyXvHOvsizEhJU1aW/zTuUSeWg0Q
Ay4o3Tycw0gh5NbNNMyyLi5ZivsPq6mYBlnYtCdXmDLj7gqrK4qu2xo19ifaIlUY
sD9uawV17DPPers9aYOqVg==
-----END CERTIFICATE-----

17
unittest/libmariadb/certs/client-key-enc.pem Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQItEtCzxFB1MgCAggA
MBQGCCqGSIb3DQMHBAhQRWSgaevikASCAoD0NCt6KOmLcMeg/gMjodCa66nYftCQ
oQ7j62krniWZq2b5CjvSFuh71cq2M5qOEpgs9a6kOTdQ8aZNxaB4mNDgLqoxY9yV
MACfIRoBqHc7TbWwKCPbE+5PzCjCuG+1Hqr3HQYPpOYTZqXHuHNhBWzeUEr+eITf
fnxdoiVnKbwT5E3fVaHGJI7h5JrUkz3So6ynUbE3blmCroHAqsp9N5YAW+Kabq8p
sCVoDz/xat3cyhHWaj3LZsRzr1WmPgqXQtRde6UU8hECZ6JhkqzvMnYCnOmxtXWu
KcRAGg3SQOqYZi7uc8p3beNvfIHffywhGxzMDDGIDhRbw+eDBQmVAZIdHJpZ70Nf
c8Zgdqx7Q8KT8mpu3JlmQ1dl+7Wh8HNejMIHCS18lV1BU3K2gdYmfpzeiFdzFEvq
2evXcU3zP1OKmrcMTaL8oHtbTKk/ArWb3j19/5KxR5BZoiZuZ9+x1GuZx5oF+T+5
/ExWFtO92EIZvTdhMgLJBnXE0ULUB0vYWN75tVvSc8nKeC+AbZWTYZdB5wtd8YLv
0rz26/kxW/icC5bfNPf8gFojs7bMDDIeqgPLlwLCWkUu6FBTfvlYQYSbHubqAqaH
p76pY2SzMr9ZH0o/mtdjCBxl+Jy6mel7hEa5ADueBoiskUOCWUyy8NndfADX3zaM
uqm45AVI3mu/wEfSpu9DUklhkm9AtXKBi9Ash+Bj8XGWOZixe/xwAU8gABS2VBmB
qXtPPiUqEi2t7wFDEOuqfymnV7khg26Xz45/8LZnHkXJXXZp7aJI4piX/gooLZaT
L5Hso5vidt9tcr3AuNv84ZLXIptZZzun9SIB3klm/tssYFgqxxo/hLaN
-----END ENCRYPTED PRIVATE KEY-----

43
unittest/libmariadb/certs/client-key.pem
View File

@@ -1,28 +1,15 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfq0vKNGpEXPHi
ISQu0sLoIJ81eHzJyKUEHo+zTKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKn
PNoaZK8gja5XoCx/cTIda7D6/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQ
rEtjovu/OEqJfgKyaN0N1AC0mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o
7tnsSqLSYyZ+UebJN1O6WAQYB5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98Oynml
VzazUkt0L37Ya8ojxMkUMBon+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0c
gCChGl3FAgMBAAECggEBAIGbfIQAlBo2ECpsmIBhmNDwWgv/Z9wrwLddT2xN07Ta
JOBtyhJaX4jAhydOwRfGvy3Q1RBuF3zlQxWZsbkm7XlRSKncXQJ+Eh4Lore5uv3F
x91k34o06Tjd4POczRPilbmd3heKyqmOtncqRG/2hr+ro+WDohDMSlPFOWVgd8ft
bP/CcNqQ4J/FqbItQPxXK6dJkFL8BR66SlslEX38bmUK+/9EGTiAttye4BXhZ6Pu
sr9g0A24fYOiHZ6CFawnFDzTZzMXyRpQnXZi0isakgvXq4i8FeSI+p5zQGle2LE1
f2u+QnMOiymAbrXLhLKWrJMS207IQmzFvc3YOumQhKkCgYEA1Jj0999ks42/NPk3
UWzUZRlOCpUbRb+Olo0DfWPR8KhjQYV8B3Sqc3Ao4NZzhGZecJDYWTlNMGiCIGIR
vrtFW8huL5fOE/XZqkrVShXvK/Zhs73EqWnYCRP2i4E3E6RvB5MniRHeRZ0l9FiH
qh+kp9z8OLZ6J7IrXQyWClSt1/sCgYEAwEQhCQwhUPb74zL0UUjk1LZPJAQJHvaD
3PWIYX6FKtjjUIOcCXGgQM6C9omXOdv+mMryKTkpCEt4TrDN1Q9vvMBYAjcHlhhi
QQ041+dFNGwsXa6e24Ei8v5qgzR5mzvAVL3381WfyF22Bsjw0dfVwlTZvI7oUMmu
5pthuYKt9T8CgYBVfz3lAV4KJ5MhxqfMgyvXjJmp/9T789FwEj25C4++bLmd/ASp
Ku3xhsWpxhSmxlRsiJO5LiYwtZa/VzEztzRpeO13DmG9/T0QExA7vx50W51nH4Yb
a4mJ/RFFgS2ZJKPSNAfOQ/VToaNF5OSKMjeRmnmEhT4TAMAXp5wfg3Z2SQKBgFna
fSXhSWCxTJ6tnYivbGIMoYfPawPRaWbGSOpnWozft7xVBYNUWvRujr3xJ3+e1KlL
j0i8sfRycNM1xbwg7rNjoL3IQf9ffeuw5jPgnXMWatWNWihzfYXaaKTQzVRC5Gu2
LD7IcVgOk5cwKXuoRvn+9ZMtply7JMYZL96mt+25AoGBAMnJmRAzIONjtsYAhjvu
SEur63oM2qXTsjMLbVK+jgGww8D7ESPZI2Hr3h9SoyQGebJZXmLbzk0qi3yVVamx
fHCyORgEh7qVSkUqnxVB0nTacbqdKpGUpNDEPyw4+Yad1wTUxMWcii0V3s5K84v/
zVLsxtDOT8M6Z57mZXUzKaTT
-----END PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDH0i3GrrSfiYf8qk4eZfcPpgLW1X7lSOWxB9yvP7xE4rGNeKAI
A6ZMCfvsuf4ABBH6ktPVqKEMnOPPro40fyUz/Oa77M0j8hhRld7BGRcckcpkz/xf
RBQ4bZuuBXlkFKDeGpyGGVdrUBFgpGx6tCxgLjcss+Mg31QQp2dgfHsuXwIDAQAB
AoGBALnq696NlM9PlnBXQOH1uz8bFk8vS6coAVaK2yFPqutpBQx9LGDojGT5cSXc
E+GN5/B9ho2oHVhv7WLBpdxgZIpox1C8JUSaCohjFaY3F9m7SzjpasvZ4g9+5Dap
eWmsWs6DlyV4QZy0+7B/nDmtaOzwJ+IgwbkSfB/mJ8nIItBBAkEA+IlW4h4n1Abv
X7TnYpwCEXS0YACVc+Ms6LNu9+u5Yy7p1MMH5brrbHXZlFHqK6eUqKp83K5fCQsO
n2BBO8h54QJBAM3SVQThp70XOMAv0KIJ/2vwhqhNAwVL2pEwP8SZYSGlobUToX68
RcHCVsGGd9tv2SQAsXeHAK9Oq3paaIarMD8CQQCdN7u3RB4ruMtZvoUUUt3YDvw/
Mn9YFKAG/+K1f+8A999BELKBN1HPhWlCsuKwBM08OMTNkJxbixwP44LAf5vhAkEA
vhgCIAUOOE2nQ5Gl3tLfDmFS7URbgtvBHZFzg++pTzs79BMSeAwJXWBRYmIAdzKB
WYguYFfW4RMGu3WezqpzXwJAf4VPFKjd4om9+44dX8egxFO9vqX2/OV2CdxyGZnB
5VZB3sL3ip2XdKCLnPN4qdDNlulq9TBuMu0SK5dZcwBiCA==
-----END RSA PRIVATE KEY-----

17
unittest/libmariadb/certs/client-req.pem
View File

@@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQY2xp
ZW50LmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+r
S8o0akRc8eIhJC7SwuggnzV4fMnIpQQej7NMo6qj6Yecftm+vHsAGvxwQt0IoMnO
ECfmFzWQQqc82hpkryCNrlegLH9xMh1rsPr84phR34rf1H5BXceAFLgL8AbZ2M9x
XVqjLtzs9BCsS2Oi+784Sol+ArJo3Q3UALSaA/yHJ1fo/j1ZWz9NOC6+p3tLX2WF
LUXOUpx8zmju2exKotJjJn5R5sk3U7pYBBgHkw/HcotS7tl79q4bBzg29VOtGY3T
RjbP3w7KeaVXNrNSS3QvfthryiPEyRQwGif6AwqjpVpcY+Wu14P5+zfs7rgeGlvf
XOygS0rf7RyAIKEaXcUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBOs8sFu+Lh
8wuC1QJ6Wqx4tSjVOsFlu6WQpaZ0fiYb9RpK1V//2sUGTX7SRiKOJE7/zh+Ehu5m
DsIEo5Ptu/JasYbBp3BeRSVVlyLGITvOGpUapUnOebvp+it/v9kjGW33vG2t3+j4
LihduPz6xz1GacCVNU3iQQGCE/I0tv3nSu/E0zTR4EvBneKFeV5ox63Cor9g7kQM
80Pv39YDv/Tc/JWmkZsILxWbzLyIuzyHiPTJMsz5P0GAIxPBl0PiTCaJuXkgIhIh
HIblZuW4I1gqGgAkZBS/iAxwV9VjZkldcc76qOkSfQIqQoTUn5UvDCvTmfAHHQuH
eu7XCpo8W7lx
-----END CERTIFICATE REQUEST-----

15
unittest/libmariadb/certs/create_certs.sh Executable file
View File

@@ -0,0 +1,15 @@
openssl req -x509 -newkey rsa:1024 \
-keyout server-key-enc.pem -out server-cert.pem \
-subj '/DC=com/DC=example/CN=server' -passout pass:qwerty
openssl rsa -in server-key-enc.pem -out server-key.pem \
-passin pass:qwerty -passout pass:
openssl req -x509 -newkey rsa:1024 \
-keyout client-key-enc.pem -out client-cert.pem \
-subj '/DC=com/DC=example/CN=client' -passout pass:qwerty
openssl rsa -in client-key-enc.pem -out client-key.pem \
-passin pass:qwerty -passout pass:
cat server-cert.pem client-cert.pem > ca.pem

30
unittest/libmariadb/certs/server-cert.pem
View File

@@ -1,19 +1,15 @@
-----BEGIN CERTIFICATE-----
MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xMjEyMDExMTE0NDBaFw0yMjExMjkxMTE0NDBaMGAxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQxGTAXBgNVBAMMEHNlcnZlci5sb2NhbGhvc3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDJF13NPPgprDQC4BSo+f4cSzS4j46n+TEAaCu0
m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dPT0p3Hc8qcvsMtcujKyGIsOYc
bUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbcolq9cjQnQtlXGSPkDzVJCJng
h4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2LgqMG4pewJuXqtu98ue1Je28MnV
S/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6xVrHmKJSyGURUwORSlKvX/lIn
58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuzbiKErGa5AgMBAAEwDQYJKoZI
hvcNAQEFBQADggEBAFCKctZQ2cmR+AmESpzJl6EZspCKtd2gUsla531OrKnUWfYU
FcuZ+DEffnp4jQXtnVqO4mkBjVW5Etr5XF8r3Lm2cVTHkt/IfVjT5LcEdUdFzm4Q
UQHkAikc6pkz60guVXyi4SDkhjKyO/2K0HgwG1ndj+uAuatskAdybmS/OqvelRSL
lw72tND+Fy3RNwdf/cmmbDMGxfZO2LB/LRL1Yknn6CtHuCAWWwdUx7VkpRcjIpsI
X/CcvRgab8rCv/EZtBuhI2bunQ7MkAv4B93Y0o9t7H0mFTywrqj33e6iG/fS+dkK
2l0qvPpJ1YPqjuw0IGVujykdsGBXvXqbtxnGWMY=
MIICTDCCAbWgAwIBAgIJAMc8o9u+bopUMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZzZXJ2ZXIwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSnS+kxI2wBY1M
eINRxfpyx5BQ8x4hX8o79PT+1PpEYEt/aNL1D2LronG4tbpB6pFTJ+mxnbPAOhns
nGEpYYh5Tz1VOcB1+IMko/Eqa4jComxb1Yxv3c1xbtFNyGaylOCQ1KHs60UNDL8K
eZs827ys293jPjR7Kz3fzTfPRCgc3wIDAQABo1AwTjAdBgNVHQ4EFgQUDYVv8BN8
pzV3lwVpUzg1zSFLm9UwHwYDVR0jBBgwFoAUDYVv8BN8pzV3lwVpUzg1zSFLm9Uw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBkU+Vx9Qkx/l/covoosxUl
xigDiZf0WZhsBNudu3aB5OV08eXLdkPxnF/nmTotiK+FvmIAh1fM65mMLlxbfRpH
3kAlI470shYEaysC1aIgcdha7EHJXcmKeMcGdaJR3UKrg7h/3XX4WdFV/27q9tjx
+CIl79v79TqPaKLL08jWHg==
-----END CERTIFICATE-----

17
unittest/libmariadb/certs/server-key-enc.pem Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQILNmuYbHy6EsCAggA
MBQGCCqGSIb3DQMHBAh39D+PX3mtuASCAoBCFRKn73NQZlDOzIhe0oNZcB5NCAaw
bIySG3lwlFU5YUcttZ6aLnaHOPBDjCSf3TFSXmxBDKYDgWz8A54MOa3lHVcjVgAn
U1jpNRRfW82t4b7zyf0EdHi2IsOjjW4VUJLZjsyYqFBhTaT7Wz4nL6iHRnE2lndM
25LGpNkwlrkRyB5tvIQTeEThCWscJj4/DCNtCvTfDtgyCGjAL+Hl1Ggfx6tJRoLO
A8XxdrfP4SGxOBLe9tI65XSviujr+pXt4Gw7SwjnyuqCqZ7zdpmI/A9SmPwLScRk
HSO0h4aXXZOOHvVjR3UtHPltOaHvlotnWuxC2c7OlAK2swa/InHPpXpYdObqRg92
uV6Kn26XpT7+IlY0PrO6TmvbjF5FgKh9R+yBY4S7Faa0Tte32V2nomi0Z6FITrA1
cC5b32ligf/cHn/0i9E/spgW7yyhbAeNdBmq/3Eer8fc6EjKfd7DTF+ieNgC+OxW
hR6OnJcmmTqtw/GYOLpWrguQ5O/BkzIpZXhmpsluAq31XSQRrvWDHKJizj/PoVBg
SYjGPX7C/LGYcAwytRUDZSURZX03vE987KfdzrvqMfwoxmkdhDvWQ2/Nr6lWb488
hpUwcSnGmrKM2bMCuOD5CTz4u77wHXVt6ychdqyrLI1wBQKX7yysutU0jqOwsSxQ
OWzEurh1WGEyDKzTrFSNElTwCA6pF7nvF9aOd2D2U/tMw15Gx5hknu28KeMuQI6+
ueyG3mbE3gKSbKlFlCYhpJv0s0++Dbrp9rh5oPZG1yj+9+D8M8yB4rDFYNiKJ3Ot
X/RoN8PXz9ToD6Z715llXl5t1gYmayzlNjcI/kvAXT68IZr0CzHNJxMM
-----END ENCRYPTED PRIVATE KEY-----

43
unittest/libmariadb/certs/server-key.pem
View File

@@ -1,28 +1,15 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJF13NPPgprDQC
4BSo+f4cSzS4j46n+TEAaCu0m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dP
T0p3Hc8qcvsMtcujKyGIsOYcbUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbc
olq9cjQnQtlXGSPkDzVJCJngh4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2Lgq
MG4pewJuXqtu98ue1Je28MnVS/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6x
VrHmKJSyGURUwORSlKvX/lIn58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuz
biKErGa5AgMBAAECggEBAIHC1ELGHxU1C/L3Ch3oA7PaS9D0wgdeY+JxVhKbq37g
5PCskbCABoG+rPNhfuBhZCbldnTpUKSRc7GX5uNqlu47eAjBnwBRqrf7/uFFHa5Q
dQCBH136OBuAgcEo+PXCJGVSugS8wxih8aUaFxe8hC75kioEDQbzUV0pcbJTg1xn
sLIEfIeNwHMemLtpN4n+GpJ8j19GLqaUDcjPM5ZRUs4yDvv1FZeGXjHijyZLP11h
rJLVrvmhqUoEG/ZdkqYKPrOG5qpOnkn/i9WPoUrahtWb6kKsZUjPoBCKqCqq/0kT
0WRI7Qgz13wPpbsVL8gQU9PgUM9MyNKH7yqGZnTmHiECgYEA61CvZD26tciutQfq
s0N8k20vQpX0uelDxsYBI9Acxt7LNWEIeiZLhrGKMSWsg0v541RKjiewzDcVOfQb
qA7wPC/IWfc1F/1gK3yg025IRgXhcuoWVd9jm7ob/czzxQIA8ew2fsDgqlYwkqPb
661TdEnctjYt29nqAQkayDdW8DUCgYEA2sSJzhAsscIE94TMw4O0C4PaOiYMfVb0
oi7S4E7OLZ3bXm8OSlYRPxL66VxyNW+2g4BwXqMrsxd5x7QHGXEaqDPP8YEEOxrK
pkMiCfDvGpN0dlIobpPNVVGTfDcY/go3y30ZsdcX4G6S9lqsGEDo/hdVPrpeOULp
rG1Yimgu9PUCgYEAwUXwCOE6rXw7Iq1x8/MGKwCOxJ3t95TD+ks/PG7+c8kiFqGw
GMPDXMoNuvg6jUyl3jWpVsD60YCcipEY9hvu7UBBysLkdOPDTXR7k60M55aE6aGi
3r0wTwO5YegogDN5GzrsN4er/7vzAT5cr2IZHXZdNbuiRuTg8iDMQo5RddECgYEA
n+hJUnZANS68srA/fCoo0MHwIdDuEDAfYO0Y9xyjWHSqhLxola2TracSAMGyOZ0O
q9CWUpayupXOTkspZU9nTMuSk9TaYtmShzVLDDkwjRx7ZIFpTGp9DIA0bfdYLVkK
r5Mh1PyEV2h7w9dDM/c+V3x2swNHHFPsujyzG3hL2oECgYBgi1w63a/cfkQACVRt
tjy1ZtP50sRaSlXXC5Txh9u6AoO0k13V1+POo3LikYHfZRRrLTtMUrPVPAdD5H3v
rQ11p7gVgzw7ikMEi4hNw2ueX6UXzVSxAyeLGdG71QToqXPwK1tH/AOnD5g6hYAS
kXsNUaCkLeNkkbcWxXPY2HE6MA==
-----END PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDSnS+kxI2wBY1MeINRxfpyx5BQ8x4hX8o79PT+1PpEYEt/aNL1
D2LronG4tbpB6pFTJ+mxnbPAOhnsnGEpYYh5Tz1VOcB1+IMko/Eqa4jComxb1Yxv
3c1xbtFNyGaylOCQ1KHs60UNDL8KeZs827ys293jPjR7Kz3fzTfPRCgc3wIDAQAB
AoGBAIODSYvOfFcMsHWuzvlR8ZiYisIxfYADi4my5QT3QqtNofcWIpyJlhBjaDWZ
rIuaiFJvmtqhCewfm66G25j2YTuT0N4rZkcEzPm9y6NGgEgBWgMM01Jm2scg7WEN
IS/KYWptqGxeMLSPWAaVUT6LU4wfbueXBBfV9Mp0jBXW/vKhAkEA+9GhXU65/eQO
HnZRfPspuWeHAFRYGmPWnClDdOjFlmL0PpC5f6kENtX41PZEDUj1damJIJ/A/zRB
heKn9UV6kQJBANYcaYxuhCpjvlSm8wRc80AY8Ncn8hDQBCHhjHWSOdDyv/rvKeht
lOSeu8UJieJJwccJGa002Ql/ByvZIgJUeG8CQDqBF5ZQBhIge89D+eapi6YRkWHY
Nqfa7i9VvuBYfB9WWhx3D0HDiMEcsTT5ChJ0EuMFQmCb/QDNqTNr1026mKECQBRP
o6+fuEfxKFgNclZCnwzAkPBIKM1xfkLci5+HnJZ2wMGEOJyE8K/zYuqhKgRebNR9
x4LH1aLx+vMs6O4Bp18CQGUQe24ONr9t+hSJ9FNdNfww/lIzJWvCt7xpqdccbd9O
3mrka7/Kfl8LFEpkk7XuAXuNB0wgd0aowD7NnZgaJcs=
-----END RSA PRIVATE KEY-----

17
unittest/libmariadb/certs/server-req.pem
View File

@@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQc2Vy
dmVyLmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkX
Xc08+CmsNALgFKj5/hxLNLiPjqf5MQBoK7Sb4HDQdIavowBcifsRSvdVjHzMojvj
8cbUdgFLx09PSncdzypy+wy1y6MrIYiw5hxtS2kKRkxiEKEgwwD8AA77CXKidpJR
hhSZOUMKxtyiWr1yNCdC2VcZI+QPNUkImeCHiN4pln0uJW9YRuUS7hisASeq4St1
qU+Y14nYuCowbil7Am5eq273y57Ul7bwydVL82tE8+16axlwVwmVAugbD+C1lFZD
SAz6EdqpzrFWseYolLIZRFTA5FKUq9f+Uifnxm0PJLtsjVbUO0xnb9QXE1N2YKgL
pIX9+P8Ma7NuIoSsZrkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB+Ctji5m7b
v/IYBSvvMIhWRDcQIQ/+3pzwtPRH8wb2iB6kYLFirC8vPYn320Dvva4MRp1DPzvP
egQduKFO0ic36DvDvKooSKVvCSoS/LGhH/jFFTbFmp7aJF0raqBU8HIg38eJ0KPv
smVND9uQ+Cibdzn6f3EX/a0c3FRtEtu5cYkJ1B7dksKr1guaobUOxQ4ti4mm4vkG
ll6VHdSMlHTsFLE3cqL7C+0g8f1cJYKyyXtx/43mzdYyOzHptndjmXfitATxw9Zy
hCXJtvgwbQdGA8ZiCeB6BxNfbD4Bhm2G0k59Vv942IunQUShWwDXTlSXz7DFRs/h
lDL64qSmNvdm
-----END CERTIFICATE REQUEST-----

139
unittest/libmariadb/ssl.c
View File

@@ -117,8 +117,13 @@ static int test_multi_ssl_connections(MYSQL *unused)
mysql_ssl_set(mysql[i], 0, 0, "./certs/ca.pem", 0, 0);
FAIL_IF(!mysql_real_connect(mysql[i], hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql[i]));
mysql_real_connect(mysql[i], hostname, username, password, schema,
port, socketname, 0);
if (mysql_errno(mysql[i]))
{
diag("loop: %d error: %d %s", i, mysql_errno(mysql[i]), mysql_error(mysql[i]));
return FAIL;
}
cipher= (char *)mysql_get_ssl_cipher(mysql[i]);
FAIL_IF(strcmp(cipher, "DHE-RSA-AES256-SHA") != 0, "Cipher != DHE-RSA-AES256-SHA");
@@ -158,7 +163,7 @@ static void ssl_thread(void)
if(!mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0))
{
diag("Error: %s", mysql_error(mysql));
diag(">Error: %s", mysql_error(mysql));
mysql_close(mysql);
mysql_thread_end();
pthread_exit(NULL);
@@ -179,6 +184,9 @@ static int test_ssl_threads(MYSQL *mysql)
MYSQL_RES *res;
MYSQL_ROW row;
if (check_skip_ssl())
return SKIP;
rc= mysql_query(mysql, "DROP TABLE IF exists ssltest");
check_mysql_rc(rc, mysql);
rc= mysql_query(mysql, "CREATE TABLE ssltest (a int)");
@@ -213,13 +221,10 @@ static int test_phpbug51647(MYSQL *my)
if (check_skip_ssl())
return SKIP;
diag("todo: fix ca");
return SKIP;
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, "certs/client-key.pem", "certs/client-cert.pem", "certs/ca-cert.pem", 0, 0);
mysql_ssl_set(mysql, "./certs/client-key.pem", "./certs/client-cert.pem", "./certs/ca.pem", 0, 0);
FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql));
@@ -239,10 +244,114 @@ static int test_conc50(MYSQL *my)
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "test", NULL, NULL);
mysql_ssl_set(mysql, NULL, NULL, "certs/my_cert.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql));
FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
mysql_close(mysql);
return OK;
}
static int test_conc50_1(MYSQL *my)
{
MYSQL *mysql;
if (check_skip_ssl())
return SKIP;
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "./certs/ca.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
if (mysql_errno(mysql))
diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql));
FAIL_IF(mysql_errno(mysql), "No error expected");
mysql_close(mysql);
return OK;
}
static int test_conc50_2(MYSQL *my)
{
MYSQL *mysql;
if (check_skip_ssl())
return SKIP;
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "./certs/dummy.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
mysql_close(mysql);
return OK;
}
static int test_conc50_3(MYSQL *my)
{
MYSQL *mysql;
int rc;
char query[256];
if (check_skip_ssl())
return SKIP;
mysql_query(my, "DROP USER 'ssltest'@'localhost'");
sprintf(query, "GRANT ALL ON %s.* TO 'ssltest'@'localhost' REQUIRE SSL", schema ? schema : "*");
rc= mysql_query(my, query);
check_mysql_rc(rc, mysql);
rc= mysql_query(my, "FLUSH PRIVILEGES");
check_mysql_rc(rc, mysql);
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL);
mysql_real_connect(mysql, hostname, (const char *)"ssltest", NULL, schema,
port, socketname, 0);
FAIL_IF(!mysql_errno(mysql), "Error expected, SSL connection required!");
mysql_close(mysql);
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "./certs/ca.pem", NULL, NULL);
mysql_real_connect(mysql, hostname, "ssltest", NULL, schema,
port, socketname, 0);
FAIL_IF(mysql_errno(mysql), "No error expected");
mysql_close(mysql);
return OK;
}
static int test_conc50_4(MYSQL *my)
{
MYSQL *mysql;
if (check_skip_ssl())
return SKIP;
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, "./certs/ca.pem", NULL, NULL, NULL);
mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
diag("Error: %s", mysql_error(mysql));
FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
mysql_close(mysql);
@@ -260,20 +369,13 @@ static int verify_ssl_server_cert(MYSQL *my)
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, NULL, NULL, "./certs/ca-cert.pem", NULL, NULL);
mysql_ssl_set(mysql, NULL, NULL, "./certs/ca.pem", NULL, NULL);
mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0);
if (!strcmp(mysql->host, "localhost"))
{
FAIL_IF(mysql_errno(mysql), "No error expected");
}
else
{
FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
}
mysql_close(mysql);
return OK;
@@ -302,6 +404,10 @@ static int test_bug62743(MYSQL *my)
struct my_tests_st my_tests[] = {
{"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50", test_conc50, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50_1", test_conc50_1, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL},
@@ -310,6 +416,7 @@ struct my_tests_st my_tests[] = {
#ifndef WIN32
{"test_ssl_threads", test_ssl_threads, TEST_CONNECTION_NEW, 0, NULL, NULL},
#endif
{NULL, NULL, 0, 0, NULL, NULL}
};