From efbc562477ff98f2d85f6aeccb4746a4bb86dbc1 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Wed, 17 Jul 2024 11:56:44 +0200
Subject: [PATCH] tls test fix:

- Don't skip ca test when running with schannel.
- Load new self signed cert after expiration test
---
 unittest/libmariadb/tls.c.in | 36 +++++++++---------------------------
 1 file changed, 9 insertions(+), 27 deletions(-)

diff --git a/unittest/libmariadb/tls.c.in b/unittest/libmariadb/tls.c.in
index 38574f6a..c34d4411 100644
--- a/unittest/libmariadb/tls.c.in
+++ b/unittest/libmariadb/tls.c.in
@@ -265,40 +265,23 @@ static int test_ca_cert_check(MYSQL *my __attribute__((unused)))
   MYSQL *mysql= mysql_init(NULL);
   int rc= FAIL;
 
-#ifdef HAVE_SCHANNEL
-  diag("Not supported by schannel");
-  return SKIP;
-#endif
-
-  if (ignore_self_signed)
+  if (set_tls_dummy_options("CMD:create_new=True"))
   {
-    diag("Test doesn't work on trusted connection");
-    return SKIP;
+    diag("Error when setting TLS options");
+    return FAIL;
   }
-
   /* Force use of TLS with faked ca, which contains the server
      certificate */
-  mysql_ssl_set(mysql, NULL, NULL, "./ca_cert.pem", NULL, NULL);
+  mysql_ssl_set(mysql, NULL, NULL, "./selfsigned.pem", NULL, NULL);
 
-  if (my_test_connect(mysql, hostname, username, password, schema,
-                      port, socketname, 0, 0))
+  if (my_test_connect(mysql, tls_dummy_host, username, password, schema,
+                      tls_dummy_port, socketname, 0, 0))
   {
-    if (auto_generated_cert)
-    {
-      diag("expected hostname mismatch for autogenerated certificate");
-      goto end; 
-    }
-  } else {
-    if (auto_generated_cert)
-    {
-      rc= OK;
-      goto end;
-    }
     diag("Error: %s", mysql_error(mysql));
     goto end;
   }
-
-  FAIL_IF(!mysql_get_ssl_cipher(mysql), "No TLS connection");
+  diag("flags: %d\n", mysql->net.tls_verify_status);
+  CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_HOST, "Host verification flag not set");
   rc= OK;
 end:
   mysql_close(mysql);
@@ -475,7 +458,7 @@ static int test_pw_check(MYSQL *my)
     diag("Error (password + self signed)");
     goto end;
   }
-  diag("ok");
+  CHECK_TLS_FLAGS(mysql, MARIADB_TLS_VERIFY_TRUST, "Trust verification flag not set");
 
   mysql_close(mysql);
   mysql= mysql_init(NULL);
@@ -642,7 +625,6 @@ static int test_wrong_hostname(MYSQL *my __attribute__((unused)))
 {
   MYSQL *mysql;
 
-  /* Set validity in future */
   if (set_tls_dummy_options("CMD:create_new=True"))
   {
     diag("Error when setting TLS options");