database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

Fix for CONC-95: SSL connection with require X509 privilege doesn't work.

Browse Source 
- all pems and ciphers are now stored in global context
- create new ssl instance after loading pems into global context
This commit is contained in:
holzboote@googlemail.com
2014-06-23 09:23:14 +02:00
parent 684287aff0
commit b9676202a9
9 changed files with 72 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
libmariadb/ma_secure.c
View File

@@ -72,7 +72,7 @@ static void my_SSL_error(MYSQL *mysql)
*/ */
static unsigned long my_cb_threadid(void) static unsigned long my_cb_threadid(void)
{ {
/* chast pthread_t to unsigned long */ /* cast pthread_t to unsigned long */
return (unsigned long) pthread_self(); return (unsigned long) pthread_self();
} }
@@ -180,7 +180,7 @@ void my_ssl_end()
EVP_cleanup(); EVP_cleanup();
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
ERR_free_strings(); ERR_free_strings();
ENGINE_cleanup(); //ENGINE_cleanup();
CONF_modules_free(); CONF_modules_free();
CONF_modules_unload(1); CONF_modules_unload(1);
sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
@@ -194,45 +194,21 @@ void my_ssl_end()
/* /*
Set certification stuff. Set certification stuff.
*/ */
static int my_ssl_set_certs(SSL *ssl) static int my_ssl_set_certs(MYSQL *mysql)
{ {
int have_cert= 0; char *key_file= mysql->options.ssl_key ? mysql->options.ssl_key : mysql->options.ssl_cert;
MYSQL *mysql;
DBUG_ENTER("my_ssl_set_certs"); DBUG_ENTER("my_ssl_set_certs");
/* Make sure that ssl was allocated and /* Make sure that ssl was allocated and
ssl_system was initialized */ ssl_system was initialized */
DBUG_ASSERT(ssl != NULL);
DBUG_ASSERT(my_ssl_initialized == TRUE); DBUG_ASSERT(my_ssl_initialized == TRUE);
/* get connection for current ssl */
mysql= (MYSQL *)SSL_get_app_data(ssl);
/* add cipher */ /* add cipher */
if ((mysql->options.ssl_cipher && if ((mysql->options.ssl_cipher &&
mysql->options.ssl_cipher[0] != 0) && mysql->options.ssl_cipher[0] != 0) &&
SSL_set_cipher_list(ssl, mysql->options.ssl_cipher) == 0) SSL_CTX_set_cipher_list(SSL_context, mysql->options.ssl_cipher) == 0)
goto error; goto error;
/* set cert */
if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0)
{
if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) <= 0)
goto error;
have_cert= 1;
}
/* set key */
if (mysql->options.ssl_key && mysql->options.ssl_key[0])
{
if (SSL_CTX_use_PrivateKey_file(SSL_context, mysql->options.ssl_key, SSL_FILETYPE_PEM) <= 0)
goto error;
/* verify key */
if (have_cert && SSL_CTX_check_private_key(SSL_context) != 1)
goto error;
}
/* ca_file and ca_path */ /* ca_file and ca_path */
if (SSL_CTX_load_verify_locations(SSL_context, if (SSL_CTX_load_verify_locations(SSL_context,
mysql->options.ssl_ca, mysql->options.ssl_ca,
@@ -243,6 +219,22 @@ static int my_ssl_set_certs(SSL *ssl)
if (SSL_CTX_set_default_verify_paths(SSL_context) == 0) if (SSL_CTX_set_default_verify_paths(SSL_context) == 0)
goto error; goto error;
} }
/* set cert */
if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0)
if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) <= 0)
goto error;
/* set key */
if (key_file)
{
if (SSL_CTX_use_PrivateKey_file(SSL_context, key_file, SSL_FILETYPE_PEM) <= 0)
goto error;
/* verify key */
if (!SSL_CTX_check_private_key(SSL_context))
goto error;
}
if (mysql->options.extension && if (mysql->options.extension &&
(mysql->options.extension->ssl_crl || mysql->options.extension->ssl_crlpath)) (mysql->options.extension->ssl_crl || mysql->options.extension->ssl_crlpath))
{ {
@@ -291,20 +283,18 @@ static int my_verify_callback(int ok, X509_STORE_CTX *ctx)
DBUG_RETURN(0); DBUG_RETURN(0);
depth= X509_STORE_CTX_get_error_depth(ctx); depth= X509_STORE_CTX_get_error_depth(ctx);
if (depth == 0) if (depth == 0)
{
ok= 1; ok= 1;
DBUG_RETURN(1);
}
} }
else
DBUG_RETURN(1);
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, /*
ER(CR_SSL_CONNECTION_ERROR), my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
X509_verify_cert_error_string(ctx->error)); ER(CR_SSL_CONNECTION_ERROR),
DBUG_RETURN(0); X509_verify_cert_error_string(ctx->error));
*/
DBUG_RETURN(ok);
} }
/* /*
allocates a new ssl object allocates a new ssl object
@@ -328,18 +318,20 @@ SSL *my_ssl_init(MYSQL *mysql)
if (!my_ssl_initialized) if (!my_ssl_initialized)
my_ssl_start(mysql); my_ssl_start(mysql);
if (my_ssl_set_certs(mysql))
goto error;
if (!(ssl= SSL_new(SSL_context))) if (!(ssl= SSL_new(SSL_context)))
goto error; goto error;
if (!SSL_set_app_data(ssl, mysql)) if (!SSL_set_app_data(ssl, mysql))
goto error; goto error;
if (my_ssl_set_certs(ssl))
goto error;
verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ? verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ?
SSL_VERIFY_NONE : SSL_VERIFY_PEER; SSL_VERIFY_NONE : SSL_VERIFY_PEER;
SSL_set_verify(ssl, verify, my_verify_callback);
SSL_set_verify_depth(ssl, 1); SSL_CTX_set_verify(SSL_context, verify, my_verify_callback);
SSL_CTX_set_verify_depth(SSL_context, 1);
DBUG_RETURN(ssl); DBUG_RETURN(ssl);
error: error:

30
unittest/libmariadb/certs/ca.pem
View File

@@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICTDCCAbWgAwIBAgIJAOzGST1sgGjAMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZzZXJ2ZXIwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtK0qYQIWmTU5
poKhvoSuMi26oPNpu+zYQ3NTKueY3xs03zRIhuJ5khI6t5/oRNRExDL/CU4609IT
to7YnDByUlBftTPHujsEuW6GDAzVlmpGNuBYO5oLNBGL3f5BF0eDh37vQEYyr67M
TR0mqPkd8IeztK0iCaJNXB7lTyyRcwIDAQABo1AwTjAdBgNVHQ4EFgQUlPvBMFAZ
XqTPqYsVautG+QomU74wHwYDVR0jBBgwFoAUlPvBMFAZXqTPqYsVautG+QomU74w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7Tu43BPt82IYShXH9FoYR
WWqG2PI5BrN32VcTKEP/cZf7QNrPuungjnHne1VMVIN4dfB8QWB4Uvjq5f5kWunI
BY1YpPFNy+5p+sUAHX9H4rJloVwNLYSKWPhEpe/zSKSTuPGqbAhYv8M/lMQlp58w
oICORfoW3HruDjRnJxTAPw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICTDCCAbWgAwIBAgIJAKPJnSVjrc7LMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZjbGllbnQwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW1pzU0Rgd631H
L4C2wB2hoIzwFxKcqHJk6MxZMcCFjH3EFyo7+hn42Hpz2bkibgsn9/Kcg2Y32cgK
B1rWmerD8cU0dMcqxImZwyg5//s0tX2UjleZRnVTs5JEqFjSZSool0MHGKXnp8Bc
t4F4d5hduT2WxXcRG+ltzATEV2A79QIDAQABo1AwTjAdBgNVHQ4EFgQUVcbFkeIN
mXA+BmOy8AFkgDSFTUswHwYDVR0jBBgwFoAUVcbFkeINmXA+BmOy8AFkgDSFTUsw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQANxUnH8UXd2vo83DQPh6+I
E4J7DYn1D4pC3WXWQXIPXHvkmuuJnZcmapS4mgK932SyteALM4u5D01rvtpV76we
sgPZHXDPXDimT62AScYgO8LpvEcmaYtw1zgxXRnC+o6DHNOvoG5iaV7kVo3wzr3B
qtgFiFBvZYHTZ+hVAkk19Q==
-----END CERTIFICATE-----

15
unittest/libmariadb/certs/client-cert.pem
View File

@@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICTDCCAbWgAwIBAgIJAKPJnSVjrc7LMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZjbGllbnQwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW1pzU0Rgd631H
L4C2wB2hoIzwFxKcqHJk6MxZMcCFjH3EFyo7+hn42Hpz2bkibgsn9/Kcg2Y32cgK
B1rWmerD8cU0dMcqxImZwyg5//s0tX2UjleZRnVTs5JEqFjSZSool0MHGKXnp8Bc
t4F4d5hduT2WxXcRG+ltzATEV2A79QIDAQABo1AwTjAdBgNVHQ4EFgQUVcbFkeIN
mXA+BmOy8AFkgDSFTUswHwYDVR0jBBgwFoAUVcbFkeINmXA+BmOy8AFkgDSFTUsw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQANxUnH8UXd2vo83DQPh6+I
E4J7DYn1D4pC3WXWQXIPXHvkmuuJnZcmapS4mgK932SyteALM4u5D01rvtpV76we
sgPZHXDPXDimT62AScYgO8LpvEcmaYtw1zgxXRnC+o6DHNOvoG5iaV7kVo3wzr3B
qtgFiFBvZYHTZ+hVAkk19Q==
-----END CERTIFICATE-----

17
unittest/libmariadb/certs/client-key-enc.pem
View File

@@ -1,17 +0,0 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIdzt3UBGdGKwCAggA
MBQGCCqGSIb3DQMHBAi3EQ5NVU79qASCAoAxZFIJr9LVbcP+g/E7xCKmaaNgMfWw
eLiIuJwZTgtFsb4CWG5pSGc1P+WP/4Blm2g9awnSOeIh9h4Rz1ZCeB4ztqZvTmqh
MRsZc6Bp+CTslQdkPT07pATzesF46Cp4kB2prC5/lYBxydtafvMeDQOHxGqAjYwW
6iqHrq2OGrJZkVYp5Jmg9Taj5uOXoUTLWvYtUVB/pHfe9TUFPYuhzNWv+8daG36Q
gxUNMP049TNgQmYSX3R2XSizwVwLiq51KQ8awhOjRAzvZg8Bj6stTgDge+JspajR
YZItn7+I/x4kv2M6/S2NnaXFjOnFB4ivr7BFGQhEM3drvE1hZw8LhYq1lFBFZeO/
HXMeRIv95touqEvukoUT2E1lgsBiQ9EkpmH+mFQmqd8RHwxA2xVfx+WQo7wtPJ2e
oezWOybQRK1tMxnF+np70VyyfBo4Y0JZ4ac19lm0wsfLdIJ9+H91WfNTAdGwaqLf
yUEGRPpzIoCg2fw71mchZ8y3aknEWVMTcQsXlE8z5ZQv/m+x/2mK1Lw5Zg7MpOVi
742XN7cFmH/uBfE2CndODqOOt7Sn9zw/S7auDOrE0qjrxAaW0p0Xby38lvL3e7fj
/7qDf7dj/0vuOPxdEGWuhmUgM2ZXInxg6yGmmLDM15rbX613lWo1qmPKjl5MROSJ
aKvXf7bG5cGbZ/sdkoISykWb7W/lH2NyMWKv5tGsKCtkC/0I5aUFMk1p4FE4uky4
cZauUBJ1itNcXR80u3B76siRFgGKLFFgfTioblGSxIQ2cFqq3lY8f4ZcW+JjWZug
g5p83DmIf7GCfjeuI4MYWYVcVu4kGCGtFmbZc54DalFEWZ3valr8C9l1
-----END ENCRYPTED PRIVATE KEY-----

15
unittest/libmariadb/certs/client-key.pem
View File

@@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCW1pzU0Rgd631HL4C2wB2hoIzwFxKcqHJk6MxZMcCFjH3EFyo7
+hn42Hpz2bkibgsn9/Kcg2Y32cgKB1rWmerD8cU0dMcqxImZwyg5//s0tX2UjleZ
RnVTs5JEqFjSZSool0MHGKXnp8Bct4F4d5hduT2WxXcRG+ltzATEV2A79QIDAQAB
AoGAYsK2AOm+3qg3aIqDviRfwlm6reCNgSERdVyvn57hrQ9lsSRxtL92jeY/lubx
PsfKaisAINYv8VWYkmhqY6R3fz7T2xmu0raSLS953dcs03oknnTJX6cOxkms9wtw
AHVyAF5Lti0uEWS9LxxcJR7TAGI5UkJSQ88uWZeawH4XYgECQQDE+w49yaaEDcFN
wLOWJIKTkBhvLkc76mI56kBgJS3rdG6/2EVJjwCQmPFUFaZpgqcsWZTZ2AlfhUAq
bVl2Fg41AkEAxAhQrvFR3eupSy7RCqQ+X/kmlco1UYLtzCiFAGOV7wWlstVLbT76
i/DClvvLZzQuGed6ELn4xsuHN3Fan6ouwQJBALH53F47anZ6LyPfbuPDzS8izND3
0WjzVxjY7J1yOlE5fC9eawwRZwM/DR1aCmfeoslRj0pdBesGbHlpH6GwP9kCQAxc
Cdo91M+NICthVES7fkNGziv7h8kP3DZXB6uym61qSbwwvoSwx9My5tHmJjjnjVCM
y6FqWEkQZAIW34PZkwECQDd6osrGUSGcGbo324mwLTz4Qa1G96nX5U20vOXyJ0hb
JJBl9rnl/dDN7MA6PWWArJqJY9AERQ8NUgMTloQlwi0=
-----END RSA PRIVATE KEY-----

15
unittest/libmariadb/certs/server-cert.pem
View File

@@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICTDCCAbWgAwIBAgIJAOzGST1sgGjAMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
DAZzZXJ2ZXIwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtK0qYQIWmTU5
poKhvoSuMi26oPNpu+zYQ3NTKueY3xs03zRIhuJ5khI6t5/oRNRExDL/CU4609IT
to7YnDByUlBftTPHujsEuW6GDAzVlmpGNuBYO5oLNBGL3f5BF0eDh37vQEYyr67M
TR0mqPkd8IeztK0iCaJNXB7lTyyRcwIDAQABo1AwTjAdBgNVHQ4EFgQUlPvBMFAZ
XqTPqYsVautG+QomU74wHwYDVR0jBBgwFoAUlPvBMFAZXqTPqYsVautG+QomU74w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7Tu43BPt82IYShXH9FoYR
WWqG2PI5BrN32VcTKEP/cZf7QNrPuungjnHne1VMVIN4dfB8QWB4Uvjq5f5kWunI
BY1YpPFNy+5p+sUAHX9H4rJloVwNLYSKWPhEpe/zSKSTuPGqbAhYv8M/lMQlp58w
oICORfoW3HruDjRnJxTAPw==
-----END CERTIFICATE-----

17
unittest/libmariadb/certs/server-key-enc.pem
View File

@@ -1,17 +0,0 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIPpJdGdXjQRACAggA
MBQGCCqGSIb3DQMHBAiUKNGTStSZLQSCAoC98JfG2THDxTwONDo/2cEwC2nmPiOt
zptOrZBGEss9O+yt85JUge47Hidvf/O98/4zOAaOOwvt7Sq4Sosr+xovHYpvyYl1
O4K5YMeS/Nx+lS5qcX6nKTuz/Nh69PTzn+cOT61ZYHTjXrcAMDKRbmcZTuN07ZXY
toZOdQomJ5ivvh4zQqufk0VbtQ53Cy2OYvY+Zm42lmowWwSfJZbIWEfBxp/PUrap
LyG9lDvcUJopcMcQ7cDg65M6fZoE1RjF1ACsPnmMzJJrlVgkYyDwKl0cXEaBIja+
zA0iWbyHqre8sOD7Fv1PCTPhqOQ0eLU9RttPaw0YuPU4wx7Czlqkumzf4wZnYVe+
rerh1/KjV/KyekcfrxNWaiLgiLVTDxGAFTU7wj7jKneMG2qTD/bvLRfcoiWH+1vK
agyzL4wu2X0RyZQqPm3YbGl/ye/gusJmCpxR2vDD3dNw/pNi7jl/oZZnrUuV4VJQ
xnaKQMcGm97UciGXg0S5rNPdZcSvbbU02pbj8B4Eg2QQXfFXI7UUxEWAcyP22YXj
kAy1y7rI+9MDUX+pss7oncWD/meE+3X5qRorhvH3hN6UvDHCSL8g4iOlwjFA7IV+
IPQw+QKJkBxNkj2/esV1GcDgeTKF+ybCnGZK5TANg68eArawWOmv/pYSsubsGfTn
l5hcQF8zmm/p12KXxhJp21jyCHYiVXB8oAJXbAKssvnGZfkEo4vOmZiMsLCVsZI6
1Pyo9G/c8W9DjaXZmgiN2APQciiRXkv87nru0d9zeiEiZRaTIC2xQuAojQZ4wLGl
8eu7oqo/ebyi174UEAeNW8l/QUeMJVCyBKdbKKeRmZUzzJx0BJLMJskK
-----END ENCRYPTED PRIVATE KEY-----

15
unittest/libmariadb/certs/server-key.pem
View File

@@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDJtK0qYQIWmTU5poKhvoSuMi26oPNpu+zYQ3NTKueY3xs03zRI
huJ5khI6t5/oRNRExDL/CU4609ITto7YnDByUlBftTPHujsEuW6GDAzVlmpGNuBY
O5oLNBGL3f5BF0eDh37vQEYyr67MTR0mqPkd8IeztK0iCaJNXB7lTyyRcwIDAQAB
AoGBAJk+Yp2i7BI9PhnZrr+x3l32E5YJ+ETpmMzJmhGitCgJwULPHYrIp8HTP3RK
0/uEZ30DTvdCm6PIEIAXn7lkGM04YcnaerXIHBSwNQKIhyniNDfBfqox6azQaCDy
wTFSgghU1SNOn6+ZOCXeGtp4Y7cXEWzPWfI0UJ9HopY0k+HZAkEA8UuJ87/JwMjk
t4lB6ml+YgQw9MGrxAsdJrLzqvWo68Jd1g2Le6ghcRRTsx9KJo6b1P+63jxk6jnj
ZMywLJL2nwJBANX/gIYXeDgsNkoFn3T6YPteatMPup5bT4t1sYRDZbKQj+rDVDYL
PuwK6kIO4xQ6UId9UclfOVb7rwpsJa8jGK0CQQCj6SN6EBNWQWGVB8leGnF+1cgH
y7QJxV71FeUOgjhQhsVFjgftZUXqUduVtzCgxok3BM0FAFOxBMfihmU6sk6TAkEA
ixQ4Em30awWI7wjCfoMvPo85fByv27VaeDewfFZVJP1BG4GBHHKonT3my7HjMUVJ
CxWObwKdQIPoWiy5PR7hLQJBAJxTKKgO5EVXUAv+gEmt+zTIKbTRyAWUcx/Ee4or
ZHMwsQMtW95EKiakNYZ9lCZwLeyRF3I9iNn7RirresRan+I=
-----END RSA PRIVATE KEY-----

44
unittest/libmariadb/ssl.c.in
View File

@@ -65,8 +65,7 @@ static int test_ssl(MYSQL *mysql)
if (!skip_ssl) if (!skip_ssl)
{ {
rc= mysql_query(mysql, "DROP USER 'ssltest'@'localhost'"); rc= mysql_query(mysql, "DROP USER 'ssluser'@'localhost'");
rc= mysql_query(mysql, "GRANT ALL ON test.* TO 'ssluser'@'localhost' IDENTIFIED BY 'sslpw' REQUIRE SSL"); rc= mysql_query(mysql, "GRANT ALL ON test.* TO 'ssluser'@'localhost' IDENTIFIED BY 'sslpw' REQUIRE SSL");
rc= mysql_query(mysql, "FLUSH PRVILEGES"); rc= mysql_query(mysql, "FLUSH PRVILEGES");
} }
@@ -96,6 +95,40 @@ static int test_ssl_cipher(MYSQL *unused)
return OK; return OK;
} }
static int test_conc95(MYSQL *my)
{
MYSQL *mysql;
int rc;
if (check_skip_ssl())
return SKIP;
rc= mysql_query(my, "DROP USER 'ssluser1'@'localhost'");
check_mysql_rc(rc, my);
rc= mysql_query(my, "GRANT ALL ON test.* TO 'ssluser1'@'localhost' IDENTIFIED BY 'sslpw' REQUIRE X509");
check_mysql_rc(rc, my);
rc= mysql_query(my, "FLUSH PRIVILEGES");
check_mysql_rc(rc, my);
mysql= mysql_init(mysql);
mysql_ssl_set(mysql,
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/server-key.pem",
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/server-cert.pem",
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca.pem",
NULL,
NULL);
if (!mysql_real_connect(mysql, hostname, "ssluser1", sslpw, schema,
port, socketname, 0))
{
mysql_close(mysql);
diag("could not establish x509 connection");
return FAIL;
}
mysql_close(mysql);
return OK;
}
static int test_multi_ssl_connections(MYSQL *unused) static int test_multi_ssl_connections(MYSQL *unused)
{ {
MYSQL *mysql[50], *my; MYSQL *mysql[50], *my;
@@ -347,6 +380,7 @@ static int test_conc50_3(MYSQL *my)
mysql_real_connect(mysql, hostname, "ssltest", NULL, schema, mysql_real_connect(mysql, hostname, "ssltest", NULL, schema,
port, socketname, 0); port, socketname, 0);
diag("Error: %s<", mysql_error(mysql));
FAIL_IF(mysql_errno(mysql), "No error expected"); FAIL_IF(mysql_errno(mysql), "No error expected");
mysql_close(mysql); mysql_close(mysql);
@@ -367,7 +401,7 @@ static int test_conc50_4(MYSQL *my)
mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
port, socketname, 0); port, socketname, 0);
FAIL_IF(mysql_errno(mysql) , "Expected no error"); FAIL_IF(!mysql_errno(mysql) , "Error expected");
mysql_close(mysql); mysql_close(mysql);
return OK; return OK;
@@ -381,9 +415,6 @@ static int verify_ssl_server_cert(MYSQL *my)
if (check_skip_ssl()) if (check_skip_ssl())
return SKIP; return SKIP;
diag("certs needs to be fixed.");
return SKIP;
mysql= mysql_init(NULL); mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory"); FAIL_IF(!mysql, "Can't allocate memory");
@@ -460,6 +491,7 @@ struct my_tests_st my_tests[] = {
{"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_conc95", test_conc95, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL},