Server IP : 172.67.216.182 / Your IP : 162.158.107.65 Web Server : Apache System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64 User : www ( 1000) PHP Version : 7.4.33 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /www/server/mysql/src/mysql-test/suite/auth_sec/t/ |
Upload File : |
--source include/no_valgrind_without_big.inc --source include/not_embedded.inc --source include/have_sha256_rsa_auth.inc --source include/allowed_ciphers.inc #----------------------------------------------------------------------------- --echo # Setup call mtr.add_suppression("Failed to setup SSL"); call mtr.add_suppression("SSL error: SSL_CTX_set_default_verify_paths failed"); # We let our server restart attempts write to the file $server_log. let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err; # $server_log has to be processed by include/search_pattern_in_file.inc which # contains Perl code requiring that the environment variable SEARCH_FILE points # to this file. let SEARCH_FILE= $server_log; # Stop the server and cleanup all .pem files. let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect; --exec echo "wait" > $restart_file --shutdown_server --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --error 0, 1 --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --exec echo "restart:--auto_generate_certs=0 --sha256_password_auto_generate_rsa_keys=0" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. #----------------------------------------------------------------------------- --echo # Test 1 : System variable tests --echo # auto_generate_certs should be OFF. select @@global.auto_generate_certs; --echo # sha256_password_auto_generate_rsa_keys should be OFF. select @@global.sha256_password_auto_generate_rsa_keys; --error ER_INCORRECT_GLOBAL_LOCAL_VAR set @@global.auto_generate_certs='OFF'; --error ER_INCORRECT_GLOBAL_LOCAL_VAR set @@global.sha256_password_auto_generate_rsa_keys='OFF'; #----------------------------------------------------------------------------- --echo # Test 2 : Restarting mysqld with : --echo # --auto_generate_certs=0 --echo # --sha256_password_auto_generate_rsa_keys=0 let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect; --exec echo "wait" > $restart_file --shutdown_server --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --exec echo "restart: --auto_generate_certs=0 --sha256_password_auto_generate_rsa_keys=0" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Search for : Skipping generation of SSL certificates as --auto_generate_certs is set to OFF. let SEARCH_PATTERN= Skipping generation of SSL certificates as --auto_generate_certs is set to OFF; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # Search for : Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF. let SEARCH_PATTERN= Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # Ensure that certificate files are not there after server is started --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --echo # Ensure that server is not ssl enabled --error 1 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show variables like '%ssl%'" --echo # Ensure that sha connection is not possible in absence of certificates and keys connect (test_root_2,localhost,root,,,,,); create user wl7699_sha256 identified with 'sha256_password'; grant usage on *.* to wl7699_sha256 identified by 'abcd'; --error 1 --exec $MYSQL -uwl7699_sha256 -pabcd -e "show status like 'Ssl_cipher'" drop user wl7699_sha256; connection default; disconnect test_root_2; #----------------------------------------------------------------------------- --echo # Test 3 : SSL certificates --echo # 3.1 : Restarting mysqld with : --auto-generate-certs=1 --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --shutdown_server --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --exec echo "restart:--auto_generate_certs --skip-sha256_password_auto_generate_rsa_keys" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Search for : Auto generated SSL certificates are placed in data directory. let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory.; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # Search for SSL certificate and key files in Data directory. --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --echo # Search completed. --echo # Ensure that RSA files are not there in data directory --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --echo # Ensure that server is ssl enabled --replace_regex $ALLOWED_CIPHERS_REGEX --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" #----------------------------------------------------------------------------- --echo # Test 4 : RSA key pair --echo # 4.1 : Restarting mysqld with : --echo # --sha256_password_auto_generate_rsa_keys=1 --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --shutdown_server --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --exec echo "restart: --skip-ssl --skip-auto_generate_certs --sha256_password_auto_generate_rsa_keys" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Search for : Auto generated RSA key files are placed in data directory. let SEARCH_PATTERN= Auto generated RSA key files are placed in data directory.; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # Search for RSA key files in Data directory. --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --echo # Search completed. --echo # Ensure that server is not ssl enabled --error 1 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" #----------------------------------------------------------------------------- --echo # Test 5 : Skipping SSL Certificates/Key File Generation --echo # 5.1 : Restarting mysqld with : --echo # --auto_generate_certs=ON --echo # --sha256_password_auto_generate_rsa_keys=ON --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --send_shutdown --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --exec echo "restart:--auto_generate_certs=1 --sha256_password_auto_generate_rsa_keys=1" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Generation of SSL ceritificates/key files and --echo # RSA key pair files is skipped. --echo # Search for : Messages related to skipped generation of SSL certificates and RSA key pair files. let SEARCH_PATTERN= Skipping generation of SSL certificates as certificate files are present in data directory; --source include/search_pattern_in_file.inc let SEARCH_PATTERN= Skipping generation of RSA key pair as key files are present in data directory; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # 5.2 : System variables connect (test_root_4,localhost,root,,,,,); --echo # auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set. show variables like 'ssl%'; --echo # sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path --echo # and sha256_password_public_key_path should be set. show variables like 'sha256%'; --echo # 5.3 : SHA256_password user connection test_root_4; create user wl7699_sha256 identified with 'sha256_password'; grant usage on *.* to wl7699_sha256 identified by 'abcd'; # Using SSL certificates --echo # Should be able to connect to server using generated SSL certificates. --replace_regex $ALLOWED_CIPHERS_REGEX --exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" # Using RSA key pair --echo # Should be able to connect to server using RSA key pair. --exec $MYSQL -uwl7699_sha256 -pabcd -e "select current_user()" drop user wl7699_sha256; connection default; disconnect test_root_4; #----------------------------------------------------------------------------- --echo # Test 6 : SSL Certificates/Key File Generation and tests --echo # 6.1 : Restarting mysqld with : --echo # --auto_generate_certs=ON --echo # --sha256_password_auto_generate_rsa_keys=ON --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --send_shutdown --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --exec echo "restart:--auto_generate_certs=ON --sha256_password_auto_generate_rsa_keys=ON" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Search for : Auto generated SSL certificates are placed in data directory. let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory.; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # Search for : Auto generated RSA key files are placed in data directory. let SEARCH_PATTERN= Auto generated RSA key files are placed in data directory.; --source include/search_pattern_in_file.inc --echo # Search completed. --echo # 6.2 : System variables connect (test_root_6,localhost,root,,,,,); --echo # auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set. show variables like 'ssl%'; --echo # sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path --echo # and sha256_password_public_key_path should be set. show variables like 'sha256%'; --echo # 6.3 : SSL connection --echo # Should be able to connect to server using generated SSL certificates. --replace_regex $ALLOWED_CIPHERS_REGEX --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" --echo # 6.4 : SHA256_password user connection test_root_6; create user wl7699_sha256 identified with 'sha256_password'; grant usage on *.* to wl7699_sha256 identified by 'abcd'; # Using SSL certificates --echo # Should be able to connect to server using generated SSL certificates. --replace_regex $ALLOWED_CIPHERS_REGEX --exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" # Using RSA key pair --echo # Should be able to connect to server using RSA key pair. --exec $MYSQL -uwl7699_sha256 -pabcd -e "select current_user()" drop user wl7699_sha256; connection default; disconnect test_root_6; #----------------------------------------------------------------------------- --echo # Test 7 : SSL Certificates/Key File Generation and tests --echo # 7.1 : Restarting mysqld with : --echo # --skip-ssl --echo # --auto_generate_certs=ON --echo # --sha256_password_auto_generate_rsa_keys=ON --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --send_shutdown --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --exec echo "restart: --skip-ssl --auto_generate_certs=ON --sha256_password_auto_generate_rsa_keys=ON" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Search for : Auto generated RSA key files are placed in data directory. let SEARCH_PATTERN= Auto generated RSA key files are placed in data directory.; --source include/search_pattern_in_file.inc --echo # Search completed. --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --error 1 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --echo # 7.2 : System variables connect (test_root_7,localhost,root,,,,,); --echo # No ssl variables should be set show variables like 'ssl%'; --echo # sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path --echo # and sha256_password_public_key_path should be set. show variables like 'sha256%'; --echo # 7.3 : SSL connection --echo # Should not be able to connect to server using generated SSL certificates. --error 1 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" --echo # 7.4 : SHA256_password user connection test_root_7; create user wl7699_sha256 identified with 'sha256_password'; grant usage on *.* to wl7699_sha256 identified by 'abcd'; # Using SSL certificates --echo # Should not be able to connect to server using generated SSL certificates. --error 1 --exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'" # Using RSA key pair --echo # Should be able to connect to server using RSA key pair. --exec $MYSQL -uwl7699_sha256 -pabcd -e "select current_user()" drop user wl7699_sha256; connection default; disconnect test_root_7; #----------------------------------------------------------------------------- --echo # --echo # Bug#21108296 : --SSL-CIPHER OPTION CAUSES SSL INITIALIZATION FAILURE --echo # --echo # Restarting mysqld with : --echo # --auto_generate_certs=ON --echo # --ssl-cipher=DHE-RSA-AES256-SHA --echo # --skip-sha256_password_auto_generate_rsa_keys --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --send_shutdown --source include/wait_until_disconnected.inc perl; my $filetodelete = "$ENV{'MYSQLTEST_VARDIR'}/log/mysqld.1.err"; while (-e $filetodelete) { unlink $filetodelete; sleep 1; } EOF --exec echo "restart:--auto_generate_certs=ON --skip-sha256_password_auto_generate_rsa_keys --ssl-cipher=DHE-RSA-AES256-SHA" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect --enable_reconnect --source include/wait_until_connected_again.inc --disable_reconnect --echo # Restart completed. --echo # Search for : Auto generated SSL certificates are placed in data directory. let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory.; --source include/search_pattern_in_file.inc --echo # Search completed. # Using SSL Certificates --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "SHOW STATUS LIKE 'Ssl_cipher'" #----------------------------------------------------------------------------- --echo # Clean-up connection default; --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/ca-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/server-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/client-key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/private_key.pem --remove_file $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem --disable_warnings --source include/force_restart.inc --enable_warnings #-----------------------------------------------------------------------------