--source include/not_group_replication_plugin.inc
source include/have_ssl_communication.inc;
source include/master-slave.inc;

# We don't test all types of ssl auth params here since it's a bit hard 
# until problems with OpenSSL 0.9.7 are unresolved

# creating replication user for whom ssl auth is required
# preparing playground
connection master;
SET SQL_LOG_BIN= 0;
set @orig_sql_mode= @@sql_mode;
set sql_mode= (select replace(@@sql_mode,'NO_AUTO_CREATE_USER',''));
grant replication slave on *.* to replssl@localhost require ssl;
set sql_mode= @orig_sql_mode;
SET SQL_LOG_BIN= 1;
create table t1 (t int);

--source include/sync_slave_sql_with_master.inc

#trying to use this user without ssl
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_column 2 ####
change master to master_user='replssl',master_password='';
start slave;

#showing that replication don't work
--let $slave_io_errno= convert_error(ER_ACCESS_DENIED_ERROR)
--source include/wait_for_slave_io_error.inc
--source include/stop_slave_sql.inc

#showing that replication could work with ssl params
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--replace_column 2 ####
eval change master to master_ssl=1 , master_ssl_ca ='$MYSQL_TEST_DIR/std_data/cacert.pem', master_ssl_cert='$MYSQL_TEST_DIR/std_data/client-cert.pem', master_ssl_key='$MYSQL_TEST_DIR/std_data/client-key.pem', master_tls_version='TLSv1.1';
start slave;
--source include/wait_for_slave_to_start.inc

#avoiding unneeded sleeps
connection master;
insert into t1 values (1);
--source include/sync_slave_sql_with_master.inc

#checking that replication is ok
select * from t1;

#checking show slave status
let $status_items= Master_SSL_Allowed, Master_SSL_CA_Path, Master_SSL_CA_File, Master_SSL_Cert, Master_SSL_Key, Master_TLS_Version;
source include/show_slave_status.inc;
source include/check_slave_is_running.inc;

#checking if replication works without ssl also performing clean up
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_column 2 ####
change master to master_user='root',master_password='', master_ssl=0;
start slave;
--source include/wait_for_slave_to_start.inc
connection master;
SET SQL_LOG_BIN= 0;
drop user replssl@localhost;
SET SQL_LOG_BIN= 1;
drop table t1;

--source include/sync_slave_sql_with_master.inc
source include/show_slave_status.inc;
source include/check_slave_is_running.inc;
# End of 4.1 tests

# Start replication with ssl_verify_server_cert turned on
connection slave;
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--replace_column 2 ####
eval change master to
 master_host="localhost",
 master_ssl=1 ,
 master_ssl_ca ='$MYSQL_TEST_DIR/std_data/cacert.pem',
 master_ssl_cert='$MYSQL_TEST_DIR/std_data/client-cert.pem',
 master_ssl_key='$MYSQL_TEST_DIR/std_data/client-key.pem',
 master_ssl_verify_server_cert=1;
start slave;
--source include/wait_for_slave_to_start.inc

connection master;
create table t1 (t int);
insert into t1 values (1);

--source include/sync_slave_sql_with_master.inc

echo on slave;
#checking that replication is ok
select * from t1;

#checking show slave status
source include/show_slave_status.inc;
--source include/check_slave_is_running.inc

# ==== Clean up ====

connection master;
drop table t1;
--source include/sync_slave_sql_with_master.inc

###############################################################################
# BUG#18778485 SSL_VERIFY_SERVER_CERT AUTOMATICALLY SETS TO NO POST RESET SLAVE
#              COMMAND
#
# Due to the buggy behaviour, a RESET SLAVE command on the slave server
# reset ssl_verify_server_cert= 0. RESET SLAVE is generally expected to
# delete slave logs and forget the replicaiton positions. This erroneous
# behavior was therefore counterintuitive.
#
# We test the following:
# - The behaviour of ssl_verify_server_cert with RESET SLAVE.
# - Test that neither of STOP SLAVE or START SLAVE affects the value of
#   ssl_verify_server_cert.
# - Test that CHANGE MASTER with no ssl_verify_server_cert option doesnt
#   affect ssl_verify_server_cert value.
##############################################################################

--source include/stop_slave.inc

--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on STOP SLAVE.
--source include/assert.inc

--let $log_file= query_get_value(SHOW SLAVE STATUS, Master_Log_File, 1)
--let $log_pos= query_get_value(SHOW SLAVE STATUS, Read_Master_Log_Pos, 1)

RESET SLAVE;

--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on RESET SLAVE.
--source include/assert.inc

--replace_result $MASTER_MYPORT MASTER_MYPORT
--eval CHANGE MASTER TO MASTER_PORT= $MASTER_MYPORT

--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on CHANGE MASTER.
--source include/assert.inc

--source include/start_slave.inc
--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on START SLAVE.
--source include/assert.inc

--connection master
--disable_warnings
DROP TABLE IF EXISTS t1;
--source include/sync_slave_sql_with_master.inc
--enable_warnings

--source include/stop_slave.inc
# Clean change master options.
--replace_column 2 ####
CHANGE MASTER TO
 master_host="127.0.0.1",
 master_ssl_ca ='',
 master_ssl_cert='',
 master_ssl_key='',
 master_ssl_verify_server_cert=0,
 master_ssl=0,
 master_tls_version='';

--let $rpl_only_running_threads= 1
--source include/rpl_end.inc