Openssl test

2025-07-29 05:21:33 +03:00 · 2003-03-11 13:41:53 +04:00
parent 045ac4b84b
commit 00314bfd88
7 changed files with 99 additions and 11 deletions
--- a/BitKeeper/etc/logging_ok
+++ b/BitKeeper/etc/logging_ok
@ -15,6 +15,7 @@ bell@sanja.is.com.ua
 bk@admin.bk
 davida@isil.mysql.com
 gluh@gluh.(none)
+gluh@gluh.mysql.r18.ru
 greg@mysql.com
 gweir@work.mysql.com
 heikki@donna.mysql.fi
--- a/client/mysqltest.c
+++ b/client/mysqltest.c
@ -91,7 +91,9 @@


 enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD,
-      OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC};
+      OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC,
+      OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH,
+      OPT_SSL_CIPHER};

 static int record = 0, opt_sleep=0;
 static char *db = 0, *pass=0;
@ -123,6 +125,8 @@ static int block_stack[BLOCK_STACK_DEPTH];
 static int block_ok_stack[BLOCK_STACK_DEPTH];
 static uint global_expected_errno[MAX_EXPECTED_ERRORS], global_expected_errors;

+#include "sslopt-vars.h"
+
 DYNAMIC_ARRAY q_lines;

 typedef struct
@ -1442,6 +1446,11 @@ int do_connect(struct st_query* q)
    mysql_options(&next_con->mysql,MYSQL_OPT_COMPRESS,NullS);
  mysql_options(&next_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);

+#ifdef HAVE_OPENSSL
+  if (opt_use_ssl)
+    mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
+		  opt_ssl_capath, opt_ssl_cipher);
+#endif
  if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR)
    con_sock=fn_format(buff, con_sock, TMPDIR, "",0);
  if (!con_db[0])
@ -1840,6 +1849,7 @@ static struct my_option my_long_options[] =
  {"socket", 'S', "Socket file to use for connection.",
   (gptr*) &unix_sock, (gptr*) &unix_sock, 0, GET_STR, REQUIRED_ARG, 0, 0, 0,
   0, 0, 0},
+#include "sslopt-longopts.h"
  {"test-file", 'x', "Read test from/in this file (default stdin).",
   0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
  {"tmpdir", 't', "Temporary directory where sockets are put",
@ -1914,6 +1924,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
    else
      tty_password= 1;
    break;
+#include <sslopt-case.h>
  case 't':
    strnmov(TMPDIR, argument, sizeof(TMPDIR));
    break;
@ -2361,6 +2372,11 @@ int main(int argc, char** argv)
  if (opt_compress)
    mysql_options(&cur_con->mysql,MYSQL_OPT_COMPRESS,NullS);
  mysql_options(&cur_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);
+#ifdef HAVE_OPENSSL
+  if (opt_use_ssl)
+    mysql_ssl_set(&cur_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
+		  opt_ssl_capath, opt_ssl_cipher);
+#endif

  cur_con->name = my_strdup("default", MYF(MY_WME));
  if (!cur_con->name)
--- a/mysql-test/include/have_openssl_1.inc
+++ b/mysql-test/include/have_openssl_1.inc
@ -1,4 +1,4 @@
 -- require r/have_openssl_1.require
 disable_query_log;
-show variables like "have_openssl";
+SHOW STATUS LIKE 'Ssl_cipher';
 enable_query_log;
--- a/mysql-test/mysql-test-run.sh
+++ b/mysql-test/mysql-test-run.sh
@ -207,6 +207,7 @@ CHARACTER_SET=latin1
 DBUSER=""
 START_WAIT_TIMEOUT=10
 STOP_WAIT_TIMEOUT=10
+MYSQL_TEST_SSL_OPTS=""

 while test $# -gt 0; do
  case "$1" in
@ -237,7 +238,10 @@ while test $# -gt 0; do
     EXTRA_SLAVE_MYSQLD_OPT="$EXTRA_SLAVE_MYSQLD_OPT \
     --ssl-ca=$BASEDIR/SSL/cacert.pem \
     --ssl-cert=$BASEDIR/SSL/server-cert.pem \
-     --ssl-key=$BASEDIR/SSL/server-key.pem" ;;
+     --ssl-key=$BASEDIR/SSL/server-key.pem"
+     MYSQL_TEST_SSL_OPTS="--ssl-ca=$BASEDIR/SSL/cacert.pem \
+     --ssl-cert=$BASEDIR/SSL/client-cert.pem \
+     --ssl-key=$BASEDIR/SSL/client-key.pem" ;;
    --no-manager | --skip-manager) USE_MANAGER=0 ;;
    --manager)
     USE_MANAGER=1
@ -489,7 +493,7 @@ fi

 MYSQL_TEST_ARGS="--no-defaults --socket=$MASTER_MYSOCK --database=$DB \
 --user=$DBUSER --password=$DBPASSWD --silent -v --skip-safemalloc \
- --tmpdir=$MYSQL_TMP_DIR --port=$MASTER_MYPORT"
+ --tmpdir=$MYSQL_TMP_DIR --port=$MASTER_MYPORT $MYSQL_TEST_SSL_OPTS"
 MYSQL_TEST_BIN=$MYSQL_TEST
 MYSQL_TEST="$MYSQL_TEST $MYSQL_TEST_ARGS"
 GDB_CLIENT_INIT=$MYSQL_TMP_DIR/gdbinit.client
--- a/mysql-test/r/have_openssl_1.require
+++ b/mysql-test/r/have_openssl_1.require
@ -1,2 +1,2 @@
 Variable_name	Value
-have_openssl	YES
+Ssl_cipher	EDH-RSA-DES-CBC3-SHA
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@ -1,2 +1,32 @@
-SHOW STATUS LIKE 'SSL%';
-Variable_name	Value
+drop table if exists t1;
+create table t1(f1 int);
+insert into t1 values (5);
+grant select on test.* to ssl_user1@localhost require SSL;
+grant select on test.* to ssl_user2@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
+grant select on test.* to ssl_user3@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com" ISSUER "/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com";
+flush privileges;
+select * from t1;
+f1
+5
+delete from t1;
+Access denied for user: 'ssl_user1@localhost' to database 'test'
+select * from t1;
+f1
+5
+delete from t1;
+Access denied for user: 'ssl_user2@localhost' to database 'test'
+select * from t1;
+f1
+5
+delete from t1;
+Access denied for user: 'ssl_user3@localhost' to database 'test'
+select * from t1;
+f1
+5
+delete from t1;
+Access denied for user: 'ssl_user4@localhost' to database 'test'
+delete from mysql.user where user='ssl_user%';
+delete from mysql.db where user='ssl_user%';
+flush privileges;
+drop table t1;
--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@ -1,6 +1,43 @@
-# We test openssl. Result set is optimized to be compiled with --with-openssl but 
-# SSL is swithced off in some reason
-- source include/have_openssl_2.inc
+# We test openssl. Result set is optimized to be compiled with --with-openssl.
+# Use mysql-test-run with --with-openssl option.
+-- source include/have_openssl_1.inc

-SHOW STATUS LIKE 'SSL%';
+drop table if exists t1;
+create table t1(f1 int);
+insert into t1 values (5);

+grant select on test.* to ssl_user1@localhost require SSL;
+grant select on test.* to ssl_user2@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
+grant select on test.* to ssl_user3@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com" ISSUER "/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com";
+flush privileges;
+connect (con1,localhost,ssl_user1,,);
+connect (con2,localhost,ssl_user2,,);
+connect (con3,localhost,ssl_user3,,);
+connect (con4,localhost,ssl_user4,,);
+
+connection con1;
+select * from t1;
+--error 1044;
+delete from t1;
+
+connection con2;
+select * from t1;
+--error 1044;
+delete from t1;
+
+connection con3;
+select * from t1;
+--error 1044;
+delete from t1;
+
+connection con4;
+select * from t1;
+--error 1044;
+delete from t1;
+
+connection default;
+delete from mysql.user where user='ssl_user%';
+delete from mysql.db where user='ssl_user%';
+flush privileges;
+drop table t1;