From 15502e5e3334077590faa1be61dd418264be8e91 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Mon, 11 May 2020 01:00:15 +0200 Subject: [PATCH] MDEV-21965 main.tls_version and main.tls_version1 fail in buildbot on Ubuntu Focal Not only Ubuntu Focal builds openssl with OPENSSL_TLS_SECURITY_LEVEL=2, but for some unfathomable reason it patches openssl sources to disable TLS < 1.2 at security level 2, even though openssl manual says it should only happen at level 4: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_security_level.html We test TLSv1.1 and TLSv1, so we have to override Focal defaults in mtr. --- mysql-test/lib/openssl.cnf | 12 ++++++++++++ mysql-test/mysql-test-run.pl | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 mysql-test/lib/openssl.cnf diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf new file mode 100644 index 00000000000..b9ab37ac3a1 --- /dev/null +++ b/mysql-test/lib/openssl.cnf @@ -0,0 +1,12 @@ +# Toplevel section for openssl (including libssl) +openssl_conf = default_conf_section + +[default_conf_section] +# We only specify configuration for the "ssl module" +ssl_conf = ssl_section + +[ssl_section] +system_default = system_default_section + +[system_default_section] +CipherString = ALL:@SECLEVEL=1 diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index c524561edd9..6b6f0285100 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -2283,7 +2283,8 @@ sub environment_setup { $ENV{'LC_CTYPE'}= "C"; $ENV{'LC_COLLATE'}= "C"; - $ENV{'OPENSSL_CONF'}= "/dev/null"; + $ENV{'OPENSSL_CONF'}= $mysqld_variables{'version-ssl-library'} gt 'OpenSSL 1.1.1' + ? "$glob_mysql_test_dir/lib/openssl.cnf" : '/dev/null'; $ENV{'USE_RUNNING_SERVER'}= using_extern(); $ENV{'MYSQL_TEST_DIR'}= $glob_mysql_test_dir;