database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Merge branch '10.2' into 10.3

Browse Source
This commit is contained in:
Sergei Golubchik
2019-01-25 20:33:47 +01:00
parent a4ab66c8f8 3fb6d2587d
commit 3b1b665fcb
13 changed files with 411 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
debian/autobake-deb.sh vendored
View File

@ -124,6 +124,12 @@ EOF
sed -i -e "/-DPLUGIN_AWS_KEY_MANAGEMENT=NO/d" debian/rules
fi
# Don't build cassandra package if thrift is not installed
if [[ ! -f /usr/local/include/thrift/Thrift.h && ! -f /usr/include/thrift/Thrift.h ]]
then
sed '/Package: mariadb-plugin-cassandra/,/^$/d' -i debian/control
fi
# Mroonga, TokuDB never built on Travis CI anyway, see build flags above
if [[ $TRAVIS ]]
then

5
debian/rules vendored
View File

@ -114,11 +114,6 @@ override_dh_auto_install:
dh_testdir
dh_testroot
# If libthrift-dev was available (manually installed, as it is
# not in Debian) and ha_cassandra.so was thus built, create package,
# otherwise skip it.
[ -f $(BUILDDIR)/storage/cassandra/ha_cassandra.so ] || sed -i -e "/Package: mariadb-plugin-cassandra/,+20d" debian/control
ifneq (,$(filter linux,$(DEB_HOST_ARCH_OS)))
# Copy systemd files to a location available for dh_installinit
cp $(BUILDDIR)/support-files/mariadb.service debian/mariadb-server-10.3.mariadb.service

72
mysql-test/main/openssl_1.result
View File

@ -4,52 +4,38 @@ drop table if exists t1;
create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx";
grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
grant select on test.* to ssl_user5@localhost require SUBJECT "xxx";
flush privileges;
connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA;
connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET);
connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA;
ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO)
connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA;
connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA;
connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA;
connect con1,localhost,ssl_user1,,,,,SSL;
connect con3,localhost,ssl_user3,,,,,SSL;
connect con4,localhost,ssl_user4,,,,,SSL;
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA;
connect con5,localhost,ssl_user5,,,,,SSL;
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
connection con1;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
have_ssl
1
select * from t1;
f1
5
delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1'
connection con2;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
select * from t1;
f1
5
delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1'
connection con3;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
have_ssl
1
select * from t1;
f1
5
delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1'
connection con4;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
have_ssl
1
select * from t1;
f1
5
@ -57,20 +43,15 @@ delete from t1;
ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1'
connection default;
disconnect con1;
disconnect con2;
disconnect con3;
disconnect con4;
drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1;
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
have_ssl
1
End of 5.0 tests
@ -94,13 +75,7 @@ SSL_ACCEPTS #
SSL_CALLBACK_CACHE_HITS #
DROP TABLE thread_status;
SET GLOBAL event_scheduler=0;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxxCREATE TABLE t1(a int);
CREATE TABLE t1(a int);
INSERT INTO t1 VALUES (1), (2);
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
@ -204,19 +179,12 @@ UNLOCK TABLES;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
mysqldump: Got error: 2026: SSL connection error: xxxx
mysqldump: Got error: 2026: "SSL connection error: xxxx
DROP TABLE t1;
Variable_name Value
Ssl_cipher AES256-SHA
Variable_name Value
Ssl_cipher AES128-SHA
select 'is still running; no cipher request crashed the server' as result from dual;
result
is still running; no cipher request crashed the server
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
connect con1,localhost,bug42158,,,,,SSL;
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
have_ssl
1
disconnect con1;

93
mysql-test/main/openssl_1.test
View File

@ -19,58 +19,45 @@ create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx";
grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
grant select on test.* to ssl_user5@localhost require SUBJECT "xxx";
flush privileges;
connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA);
connect (con1,localhost,ssl_user1,,,,,SSL);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
connect (con3,localhost,ssl_user3,,,,,SSL);
connect (con4,localhost,ssl_user4,,,,,SSL);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA);
connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA);
connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA);
connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA);
connect (con5,localhost,ssl_user5,,,,,SSL);
connection con1;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection con2;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection con3;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection con4;
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
select * from t1;
--error ER_TABLEACCESS_DENIED_ERROR
delete from t1;
connection default;
disconnect con1;
disconnect con2;
disconnect con3;
disconnect con4;
drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1;
@ -123,14 +110,6 @@ drop table t1;
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--echo
#
# Bug#21611 Slave can't connect when master-ssl-cipher specified
# - Apparently selecting a cipher doesn't work at all
# - Use a cipher that both yaSSL and OpenSSL supports
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
#
@ -138,7 +117,7 @@ drop table t1;
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1
--echo End of 5.0 tests
#
@ -179,25 +158,6 @@ SELECT variable_name, variable_value FROM thread_status;
DROP TABLE thread_status;
SET GLOBAL event_scheduler=0;
#
# Test to connect using a list of ciphers
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using a specifi cipher
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using an unknown cipher
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit" > $MYSQLTEST_VARDIR/tmp/test.sql
--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Bug#27669 mysqldump: SSL connection error when trying to connect
#
@ -214,36 +174,13 @@ INSERT INTO t1 VALUES (1), (2);
# With wrong parameters
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR mysqldump.exe mysqldump
--replace_regex /\"SSL connection error.*/SSL connection error: xxxx/
--replace_regex /SSL connection error.*/SSL connection error: xxxx/
--error 2
--exec $MYSQL_DUMP --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1
--echo
DROP TABLE t1;
--remove_file $MYSQLTEST_VARDIR/tmp/test.sql
#
# Bug#39172 Asking for DH+non-RSA key with server set to use other key caused
# YaSSL to crash the server.
#
# Common ciphers to openssl and yassl
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES128-SHA
--disable_query_log
--disable_result_log
# Below here caused crashes. ################
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST
# These probably exist but the server's keys can't be used to accept these kinds of connections.
--error 1,0
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD
# If this gives a result, then the bug is fixed.
--enable_result_log
--enable_query_log
select 'is still running; no cipher request crashed the server' as result from dual;
#
# Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free()
#
@ -251,7 +188,7 @@ select 'is still running; no cipher request crashed the server' as result from d
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
connect(con1,localhost,bug42158,,,,,SSL);
SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
disconnect con1;
connection default;
DROP USER bug42158@localhost;

5
mysql-test/main/ssl.result
View File

@ -2175,8 +2175,3 @@ still connected?
still connected?
connection default;
disconnect ssl_con;
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
Variable_name Value
Ssl_cipher AES256-SHA
drop user mysqltest_1@localhost;

5
mysql-test/main/ssl.test
View File

@ -32,10 +32,5 @@ select 'still connected?';
connection default;
disconnect ssl_con;
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
--exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1
drop user mysqltest_1@localhost;
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc

2
mysql-test/main/ssl_cert_verify.test
View File

@ -30,7 +30,7 @@ let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-veri
--enable_reconnect
--source include/wait_until_connected_again.inc
--replace_result TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
--exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'"
--echo # restart server using restart

1
mysql-test/main/ssl_cipher-master.opt
View File

@ -1 +0,0 @@
--loose-ssl-cipher=AES128-SHA

63
mysql-test/main/ssl_cipher.result
View File

@ -1,6 +1,61 @@
#
# BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'"
#
create user ssl_user1@localhost require SSL;
create user ssl_user2@localhost require cipher 'AES256-SHA';
create user ssl_user3@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client';
create user ssl_user4@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client' ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB';
create user ssl_user5@localhost require cipher 'AES256-SHA' AND SUBJECT 'xxx';
connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA;
connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET);
connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA;
ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO)
connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA;
connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA;
connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA;
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA;
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
connection con1;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
disconnect con1;
connection con2;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
disconnect con2;
connection con3;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
disconnect con3;
connection con4;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
disconnect con4;
connection default;
drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES256-SHA
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxxVariable_name Value
Ssl_cipher AES256-SHA
Variable_name Value
Ssl_cipher AES128-SHA
select 'is still running; no cipher request crashed the server' as result from dual;
result
is still running; no cipher request crashed the server
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
Variable_name Value
Ssl_cipher AES256-SHA
drop user mysqltest_1@localhost;
connect ssl_con,localhost,root,,,,,SSL;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
@ -8,5 +63,5 @@ Ssl_cipher AES128-SHA
SHOW STATUS LIKE 'Ssl_cipher_list';
Variable_name Value
Ssl_cipher_list AES128-SHA
connection default;
disconnect ssl_con;
connection default;

110
mysql-test/main/ssl_cipher.test
View File

@ -1,23 +1,103 @@
# Turn on ssl between the client and server
# and run a number of tests
#
# Various tests that require setting of a specific ssl_cipher
# which currently doesn't work in OpenSSL 1.1.1
#
--source include/have_ssl_communication.inc
--echo #
--echo # BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'"
--echo #
if (`select @@version_ssl_library like 'OpenSSL 1.1.1%'`) {
skip OpenSSL 1.1.1;
}
-- source include/have_ssl_communication.inc
create user ssl_user1@localhost require SSL;
create user ssl_user2@localhost require cipher 'AES256-SHA';
create user ssl_user3@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client';
create user ssl_user4@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client' ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB';
create user ssl_user5@localhost require cipher 'AES256-SHA' AND SUBJECT 'xxx';
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA);
connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA);
connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA);
connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA);
connection con1;
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con1;
connection con2;
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con2;
connection con3;
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con3;
connection con4;
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con4;
connection default;
drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
#
# Bug#21611 Slave can't connect when master-ssl-cipher specified
# - Apparently selecting a cipher doesn't work at all
# - Use a cipher that both yaSSL and OpenSSL supports
#
--write_file $MYSQLTEST_VARDIR/tmp/test.sql
SHOW STATUS LIKE 'Ssl_cipher';
EOF
--exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using a list of ciphers
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using a specifi cipher
--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using an unknown cipher
--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/
--error 1
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
--remove_file $MYSQLTEST_VARDIR/tmp/test.sql
#
# Bug#39172 Asking for DH+non-RSA key with server set to use other key caused
# YaSSL to crash the server.
#
# Common ciphers to openssl and yassl
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES128-SHA
--disable_query_log
--disable_result_log
# Below here caused crashes. ################
--error 0,1
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST
# These probably exist but the server's keys can't be used to accept these kinds of connections.
--error 0,1
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD
# If this gives a result, then the bug is fixed.
--enable_result_log
--enable_query_log
select 'is still running; no cipher request crashed the server' as result from dual;
#
# MDEV-10054 Secure login fails when CIPHER is required
#
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
--exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1
drop user mysqltest_1@localhost;
#
# BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'"
# it was a bug in yaSSL, fixed in d2e36e4258bb
#
let $restart_parameters=--ssl-cipher=AES128-SHA;
source include/restart_mysqld.inc;
connect (ssl_con,localhost,root,,,,,SSL);
# Check Cipher Name and Cipher List
SHOW STATUS LIKE 'Ssl_cipher';
SHOW STATUS LIKE 'Ssl_cipher_list';
connection default;
disconnect ssl_con;
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc
connection default;

5
mysql-test/suite.pm
View File

@ -62,9 +62,9 @@ sub skip_combinations {
}
$skip{'include/check_ipv6.inc'} = 'No IPv6' unless ipv6_ok();
$skip{'main/openssl_6975.test'} = 'no or too old openssl'
$skip{'main/openssl_6975.test'} = 'no or wrong openssl version'
unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/
and $1 ge "1.0.1d";
and $1 ge "1.0.1d" and $1 lt "1.1.1";
$skip{'main/ssl_7937.combinations'} = [ 'x509v3' ]
unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/
@ -74,4 +74,3 @@ sub skip_combinations {
}
bless { };

121
mysql-test/suite/funcs_1/r/is_check_constraint.result Normal file
View File

@ -0,0 +1,121 @@
#
# MDEV-17323: Backport INFORMATION_SCHEMA.CHECK_CONSTRAINTS to 10.2
#
CREATE user boo1;
GRANT select,create,alter,drop on foo.* to boo1;
SHOW GRANTS for boo1;
Grants for boo1@%
GRANT USAGE ON *.* TO 'boo1'@'%'
GRANT SELECT, CREATE, DROP, ALTER ON `foo`.* TO 'boo1'@'%'
CREATE user boo2;
create database foo;
CONNECT con1,localhost, boo1,, foo;
SET check_constraint_checks=1;
CREATE TABLE t0
(
t int, check (t>32) # table constraint
) ENGINE=myisam;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CONSTRAINT_1 t0 `t` > 32
ALTER TABLE t0
ADD CONSTRAINT CHK_t0_t CHECK(t<100);
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CHK_t0_t t0 `t` < 100
def foo CONSTRAINT_1 t0 `t` > 32
ALTER TABLE t0
DROP CONSTRAINT CHK_t0_t;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CONSTRAINT_1 t0 `t` > 32
ALTER TABLE t0
ADD CONSTRAINT CHECK(t<50);
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CONSTRAINT_1 t0 `t` > 32
def foo CONSTRAINT_2 t0 `t` < 50
CREATE TABLE t1
( t int CHECK(t>2), # field constraint
tt int,
CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints
CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint
) ENGINE=InnoDB;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CHK_tt t1 `tt` < 100
def foo CONSTRAINT_1 t0 `t` > 32
def foo CONSTRAINT_1 t1 `tt` > 32
def foo CONSTRAINT_2 t0 `t` < 50
def foo CONSTRAINT_2 t1 `tt` < 50
def foo t t1 `t` > 2
ALTER TABLE t1
DROP CONSTRAINT CHK_tt;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CONSTRAINT_1 t0 `t` > 32
def foo CONSTRAINT_1 t1 `tt` > 32
def foo CONSTRAINT_2 t0 `t` < 50
def foo CONSTRAINT_2 t1 `tt` < 50
def foo t t1 `t` > 2
CREATE TABLE t2
(
name VARCHAR(30) CHECK(CHAR_LENGTH(name)>2), #field constraint
start_date DATE,
end_date DATE,
CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint
)ENGINE=Innodb;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CHK_dates t2 `start_date` is null
def foo CONSTRAINT_1 t0 `t` > 32
def foo CONSTRAINT_1 t1 `tt` > 32
def foo CONSTRAINT_2 t0 `t` < 50
def foo CONSTRAINT_2 t1 `tt` < 50
def foo name t2 char_length(`name`) > 2
def foo t t1 `t` > 2
ALTER TABLE t1
ADD CONSTRAINT CHK_new_ CHECK(t>tt);
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CHK_dates t2 `start_date` is null
def foo CHK_new_ t1 `t` > `tt`
def foo CONSTRAINT_1 t0 `t` > 32
def foo CONSTRAINT_1 t1 `tt` > 32
def foo CONSTRAINT_2 t0 `t` < 50
def foo CONSTRAINT_2 t1 `tt` < 50
def foo name t2 char_length(`name`) > 2
def foo t t1 `t` > 2
CREATE TABLE t3
(
a int,
b int check (b>0), # field constraint named 'b'
CONSTRAINT b check (b>10) # table constraint
) ENGINE=InnoDB;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
def foo CHK_dates t2 `start_date` is null
def foo CHK_new_ t1 `t` > `tt`
def foo CONSTRAINT_1 t0 `t` > 32
def foo CONSTRAINT_1 t1 `tt` > 32
def foo CONSTRAINT_2 t0 `t` < 50
def foo CONSTRAINT_2 t1 `tt` < 50
def foo b t3 `b` > 0
def foo b t3 `b` > 10
def foo name t2 char_length(`name`) > 2
def foo t t1 `t` > 2
disconnect con1;
CONNECT con2, localhost, boo2,, test;
SELECT * from information_schema.check_constraints;
CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE
disconnect con2;
CONNECT con1, localhost, boo1,,foo;
DROP TABLE t0;
DROP TABLE t1;
DROP TABLE t2;
DROP TABLE t3;
DROP DATABASE foo;
disconnect con1;
connection default;
DROP USER boo1;
DROP USER boo2;

92
mysql-test/suite/funcs_1/t/is_check_constraint.test Normal file
View File

@ -0,0 +1,92 @@
--source include/have_innodb.inc
--source include/not_embedded.inc
--echo #
--echo # MDEV-17323: Backport INFORMATION_SCHEMA.CHECK_CONSTRAINTS to 10.2
--echo #
CREATE user boo1;
GRANT select,create,alter,drop on foo.* to boo1;
SHOW GRANTS for boo1;
CREATE user boo2;
create database foo;
# Connect with user boo1
CONNECT(con1,localhost, boo1,, foo);
SET check_constraint_checks=1;
CREATE TABLE t0
(
t int, check (t>32) # table constraint
) ENGINE=myisam;
--sorted_result
SELECT * from information_schema.check_constraints;
ALTER TABLE t0
ADD CONSTRAINT CHK_t0_t CHECK(t<100);
--sorted_result
SELECT * from information_schema.check_constraints;
ALTER TABLE t0
DROP CONSTRAINT CHK_t0_t;
--sorted_result
SELECT * from information_schema.check_constraints;
ALTER TABLE t0
ADD CONSTRAINT CHECK(t<50);
--sorted_result
SELECT * from information_schema.check_constraints;
CREATE TABLE t1
( t int CHECK(t>2), # field constraint
tt int,
CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints
CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint
) ENGINE=InnoDB;
--sorted_result
SELECT * from information_schema.check_constraints;
ALTER TABLE t1
DROP CONSTRAINT CHK_tt;
--sorted_result
SELECT * from information_schema.check_constraints;
CREATE TABLE t2
(
name VARCHAR(30) CHECK(CHAR_LENGTH(name)>2), #field constraint
start_date DATE,
end_date DATE,
CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint
)ENGINE=Innodb;
--sorted_result
SELECT * from information_schema.check_constraints;
ALTER TABLE t1
ADD CONSTRAINT CHK_new_ CHECK(t>tt);
--sorted_result
SELECT * from information_schema.check_constraints;
# Create table with same field and table check constraint name
CREATE TABLE t3
(
a int,
b int check (b>0), # field constraint named 'b'
CONSTRAINT b check (b>10) # table constraint
) ENGINE=InnoDB;
--sorted_result
SELECT * from information_schema.check_constraints;
DISCONNECT con1;
CONNECT(con2, localhost, boo2,, test);
--sorted_result
SELECT * from information_schema.check_constraints;
DISCONNECT con2;
CONNECT(con1, localhost, boo1,,foo);
DROP TABLE t0;
DROP TABLE t1;
DROP TABLE t2;
DROP TABLE t3;
DROP DATABASE foo;
DISCONNECT con1;
--CONNECTION default
DROP USER boo1;
DROP USER boo2;