From 2294ecdf0eccc1dcba511f596f814e9ee6dce5ee Mon Sep 17 00:00:00 2001 From: Tony Chen Date: Fri, 20 Sep 2024 01:05:52 +0000 Subject: [PATCH] Add MTR to ensure startup fails with invalid ssl-cipher Add a simple test to verify that the server will fail to start up when no valid cipher suites are passed to `ssl-cipher`. As different TLS libraries and versions have differing cipher suite support, it would be a good idea to ensure the server behaves in a safe manner if it is configured with invalid cipher suites. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc. --- mysql-test/main/bad_startup_options.result | 1 + mysql-test/main/bad_startup_options.test | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/mysql-test/main/bad_startup_options.result b/mysql-test/main/bad_startup_options.result index b1eed54e172..7846e629ef8 100644 --- a/mysql-test/main/bad_startup_options.result +++ b/mysql-test/main/bad_startup_options.result @@ -1,2 +1,3 @@ FOUND 1 /\[ERROR\] SSL error: Unable to get certificate/ in errorlog.err +FOUND 1 /\[ERROR\] SSL error: Failed to set ciphers to use/ in errorlog.err # restart diff --git a/mysql-test/main/bad_startup_options.test b/mysql-test/main/bad_startup_options.test index e758d786049..ba88476625d 100644 --- a/mysql-test/main/bad_startup_options.test +++ b/mysql-test/main/bad_startup_options.test @@ -19,4 +19,11 @@ --source include/search_pattern_in_file.inc --remove_file $SEARCH_FILE +# No valid cipher suites +--error 1 +--exec $MYSQLD --defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf --ssl-cipher=ECDHE-ECDSA-FAKE-CIPHER:ECDHE-RSA-INVALID --log-error=$errorlog +--let SEARCH_PATTERN=\[ERROR\] SSL error: Failed to set ciphers to use +--source include/search_pattern_in_file.inc +--remove_file $SEARCH_FILE + --source include/start_mysqld.inc