database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity
Files
main
mariadb/plugin/auth_mysql_sha2/mysql-test/mysql_sha2/tcp_nossl.test
Vladislav Vaintroub 6dd3decd28 MDEV-37339 errors about caching_sha2_password on server startup (WolfSSL) 
With WolfSSL, the plugins is statically compiled, and enabled,
and defaults to autogenerating ssl keys, which was left unimplemented.
Thus, it spits out some [ERROR] on every startup.

Fixed by removing a couple some ifdefs. Allowed tcp_nossl to run on
Windows.

As WolfSSL is missing some APIs with FILE*, use related API that
accept BIO
, i.e
- BIO_new_file() instead of fopen()
- BIO_free instead of fclose()
- PEM_write_bio_PrivateKey() instead of PEM_write_PrivateKey()
- etc

A note about BIO and error reporting:
BIO_new_file sets the errno, therefore FILE_ERROR macro
produces good expected error messages, while SSL_ERROR unfortunately
creates something incomprehensible. Thus, FILE_ERROR is left in place
where it was used previously (fopen errors)

Curiously, removing APIs with FILE*, solves another bug MDEV-37343,
where server on Windows dies with obscure message as plugins tries to use
this function. OpenSSL_Applink supposed to be official solution against
such problems, but I could not get it to work properly, no matter how
much I tried. Avoiding APIs with FILE* in first place works best
2025-07-30 12:24:19 +02:00

97 lines
3.5 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

call mtr.add_suppression('failed to read private_key.pem: 2 "No such file or directory"');
call mtr.add_suppression('Authentication requires either RSA keys or secure transport');
if ($CLIENT_TLS_LIBRARY == "GnuTLS") {
skip Test requires client library, which is not built with GnuTLS;
}
source init.inc;
query_vertical select * from information_schema.system_variables where variable_name like 'caching_sha2_password%' order by 1;
--error ER_PASSWD_LENGTH
create user test3@'%' identified via caching_sha2_password using 'pwd';
--error ER_PASSWD_LENGTH
create user test3@'%' identified via caching_sha2_password using '0000000000000000000000000000000000000000000000000000000000000000000000';
replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
error 2061;
connect con1, localhost,test1,pwd,,,,TCP NOSSL;
replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
error 2061;
connect con3, localhost,test1,wrong_pwd,,,,TCP NOSSL;
connect con4, localhost,test2,,,,,TCP NOSSL;
call checkme();
disconnect con4;
replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
error ER_ACCESS_DENIED_ERROR;
connect con5, localhost,test2 pwd,,,,,TCP NOSSL;
connection default;
let $restart_parameters= --caching_sha2_password-auto_generate_rsa_keys;
source include/restart_mysqld.inc;
select length(variable_value) from information_schema.global_status
where variable_name like 'caching_sha2_password%';
let pubkey=`select variable_value from information_schema.global_status
where variable_name like 'caching_sha2_password%'`;
let $restart_parameters= --caching_sha2_password-auto_generate_rsa_keys;
source include/restart_mysqld.inc;
evalp select variable_value="$pubkey" as 'key did not change'
from information_schema.global_status
where variable_name like 'caching_sha2_password%';
# again, this time with keys
connect con1, localhost,test1,pwd,,,,TCP NOSSL;
call checkme();
disconnect con1;
connect con2, localhost,test1,pwd,,,,TCP NOSSL;
call checkme();
disconnect con2;
replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
error ER_ACCESS_DENIED_ERROR;
connect con3, localhost,test1,wrong_pwd,,,,TCP NOSSL;
connect con4, localhost,test2,,,,,TCP NOSSL;
call checkme();
disconnect con4;
replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT;
error ER_ACCESS_DENIED_ERROR;
connect con5, localhost,test2 pwd,,,,,TCP NOSSL;
connection default;
#
# Compatibility with MySQL password hashes
#
create user u1@localhost identified via caching_sha2_password using '$A$005$5dx;X)z |kX]\ZNx7QTrl0oTy2C0/f4bggQMFIDnSDeZ7koLoO417jc9D';
create user u2@localhost identified via caching_sha2_password using '$A$005$dL\Zq]<7d[YAbk }x!;^.qMuuUUBmB5aF7x7GsAKZzpb24p94NCCs8qPgwAvwc1';
create user u3@localhost identified via caching_sha2_password using '$A$005$ L9\ZKiwT''=%dMoqrPGFbywI9G8NecJqiy9D04S2abTLRvD32powG8nIxI9';
grant execute on test.* to u1@localhost, u2@localhost, u3@localhost;
connect u1,localhost,u1,abcd,,,,TCP NOSSL;
call checkme();
disconnect u1;
connect u2,localhost,u2,efghi,,,,TCP NOSSL;
call checkme();
disconnect u2;
connect u3,localhost,u3,xyz,,,,TCP NOSSL;
call checkme();
disconnect u3;
# cleanup
connection default;
drop user u1@localhost;
drop user u2@localhost;
drop user u3@localhost;
let datadir=`select @@datadir`;
remove_file $datadir/private_key.pem;
remove_file $datadir/public_key.pem;
let $restart_parameters=;
source include/restart_mysqld.inc;
show status like 'caching_sha2_password%';
source fini.inc;
View Git Blame Copy Permalink