1 /************************************************************************************ 2 Copyright (C) 2012 Monty Program AB 3 4 This library is free software; you can redistribute it and/or 5 modify it under the terms of the GNU Library General Public 6 License as published by the Free Software Foundation; either 7 version 2 of the License, or (at your option) any later version. 8 9 This library is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 Library General Public License for more details. 13 14 You should have received a copy of the GNU Library General Public 15 License along with this library; if not see <http://www.gnu.org/licenses> 16 or write to the Free Software Foundation, Inc., 17 51 Franklin St., Fifth Floor, Boston, MA 02110, USA 18 *************************************************************************************/ 19 #if defined(WIN32) && defined(HEAP_CHECK) 20 #define _CRTDBG_MAP_ALLOC 21 #include <stdlib.h> 22 #include <crtdbg.h> 23 #endif 24 25 #include "my_test.h" 26 #include <ma_pthread.h> 27 #ifdef HAVE_OPENSSL 28 #include <openssl/opensslv.h> 29 #include <openssl/ssl.h> 30 #endif 31 32 #define FNLEN 4096 33 34 static int skip_ssl= 1; 35 static uchar have_openssl= 1; 36 static unsigned char have_tls13= 0; 37 38 const char *ssluser= "ssluser"; 39 const char *sslpw= "sslpw"; 40 char sslhost[128]; 41 char sslcert[FNLEN]; 42 char sslcombined[FNLEN]; 43 char sslkey[FNLEN]; 44 char sslkey_enc[FNLEN]; 45 char sslca[FNLEN]; 46 char sslcrl[FNLEN]; 47 char ssl_cert_finger_print[129]= {0}; 48 char bad_cert_finger_print[]= "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:01:23:45:67"; 49 50 pthread_mutex_t LOCK_test; 51 52 void read_fingerprint() 53 { 54 FILE *f= fopen(CERT_PATH "/server-cert.sha1", "r"); 55 if (f) 56 { 57 if (!fscanf(f, "%128s", ssl_cert_finger_print)) 58 ssl_cert_finger_print[0]= 0; 59 fclose(f); 60 } 61 } 62 63 int check_skip_ssl() 64 { 65 const char *ssldir= NULL; 66 #ifndef HAVE_TLS 67 diag("client library built without OpenSSL support -> skip"); 68 return 1; 69 #endif 70 if (skip_ssl) 71 { 72 diag("server doesn't support SSL -> skip"); 73 return 1; 74 } 75 if (!(ssldir= getenv("SECURE_LOAD_PATH"))) 76 { 77 ssldir= CERT_PATH; 78 if (!strlen(ssldir)) 79 { 80 diag("certificate directory not found"); 81 return 1; 82 } 83 } 84 snprintf(sslcert, FNLEN - 1, "%s/%s", ssldir, "client-cert.pem"); 85 snprintf(sslcombined, FNLEN - 1, "%s/%s", ssldir, "client-certkey.pem"); 86 snprintf(sslkey, FNLEN - 1, "%s/%s", ssldir, "client-key.pem"); 87 snprintf(sslkey_enc, FNLEN - 1, "%s/%s", ssldir, "client-key-enc.pem"); 88 snprintf(sslca, FNLEN - 1, "%s/%s", ssldir, "cacert.pem"); 89 return 0; 90 } 91 92 static int check_cipher(MYSQL *mysql) 93 { 94 char *cipher= (char *)mysql_get_ssl_cipher(mysql); 95 if (!cipher) 96 return 1; 97 diag("cipher: %s", cipher); 98 99 return 0; 100 } 101 102 static int create_ssl_user(const char *ssluser, my_bool is_X509) 103 { 104 int rc; 105 char query[1024]; 106 MYSQL *mysql= mysql_init(NULL); 107 108 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 109 port, socketname, 0), mysql_error(mysql)); 110 111 sprintf(query, "DROP USER '%s'@'%s'", ssluser, this_host); 112 rc= mysql_query(mysql, query); 113 114 sprintf(query, "CREATE USER '%s'@'%s' IDENTIFIED BY '%s'", ssluser, this_host, sslpw); 115 rc= mysql_query(mysql, query); 116 check_mysql_rc(rc,mysql); 117 118 sprintf(query, "GRANT ALL ON %s.* TO '%s'@'%s' REQUIRE %s", schema, ssluser, this_host, is_X509 ? "X509" : "SSL"); 119 rc= mysql_query(mysql, query); 120 check_mysql_rc(rc,mysql); 121 rc= mysql_query(mysql, "FLUSH PRIVILEGES"); 122 check_mysql_rc(rc,mysql); 123 124 mysql_close(mysql); 125 126 return rc; 127 } 128 129 static int test_ssl(MYSQL *mysql) 130 { 131 int rc; 132 unsigned int iversion; 133 MYSQL_RES *res; 134 MYSQL_ROW row; 135 char *tls_library; 136 MYSQL *my= mysql_init(NULL); 137 138 mysql_ssl_set(my,0, 0, 0, 0, 0); 139 140 create_ssl_user("ssluser", 0); 141 142 FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema, 143 ssl_port, socketname, 0), mysql_error(my)); 144 145 mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION_ID, &iversion); 146 diag("iversion: %d", iversion); 147 if (iversion == 4) 148 have_tls13= 1; 149 150 mysql_close(my); 151 152 rc= mysql_query(mysql, "SELECT @@have_ssl, @@have_openssl"); 153 check_mysql_rc(rc, mysql); 154 155 res= mysql_store_result(mysql); 156 FAIL_IF(!res, mysql_error(mysql)); 157 158 while ((row= mysql_fetch_row(res))) 159 { 160 if (!strcmp(row[0], "YES")) 161 skip_ssl= 0; 162 if (strcmp(row[1], "YES")) 163 have_openssl= 0; 164 diag("SSL: %s", row[0]); 165 } 166 mysql_free_result(res); 167 168 /* In MySQL we need to check tls_version */ 169 if (!mariadb_connection(mysql)) 170 { 171 rc= mysql_query(mysql, "select locate('v1.2', @@tls_version) > 0"); 172 check_mysql_rc(rc, mysql); 173 174 res= mysql_store_result(mysql); 175 FAIL_IF(!res, mysql_error(mysql)); 176 177 if ((row= mysql_fetch_row(res))) 178 { 179 if (row[0] && row[0][0] == '0') 180 have_openssl= 0; 181 } 182 mysql_free_result(res); 183 } 184 diag("OpenSSL: %d", have_openssl); 185 186 mariadb_get_infov(NULL, MARIADB_TLS_LIBRARY, &tls_library); 187 diag("SSL library: %s", tls_library); 188 189 sslhost[0]= 0; 190 191 if (!skip_ssl) 192 { 193 char *p; 194 195 rc= mysql_query(mysql, "SELECT CURRENT_USER()"); 196 check_mysql_rc(rc, mysql); 197 res= mysql_store_result(mysql); 198 row= mysql_fetch_row(res); 199 diag("user: %s", row[0]); 200 if ((p= strchr(row[0], '@'))) 201 strcpy(sslhost, p+1); 202 mysql_free_result(res); 203 } 204 205 return OK; 206 } 207 208 static int test_ssl_cipher(MYSQL *unused __attribute__((unused))) 209 { 210 MYSQL *my; 211 MYSQL_RES *res; 212 MYSQL_ROW row; 213 int rc; 214 215 if (check_skip_ssl()) 216 return SKIP; 217 218 my= mysql_init(NULL); 219 FAIL_IF(!my, "mysql_init() failed"); 220 221 mysql_ssl_set(my,0, 0, sslca, 0, 0); 222 223 FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema, 224 ssl_port, socketname, 0), mysql_error(my)); 225 226 rc= mysql_query(my, "SHOW session status like 'Ssl_version'"); 227 check_mysql_rc(rc, my); 228 res= mysql_store_result(my); 229 row= mysql_fetch_row(res); 230 diag("%s: %s", row[0], row[1]); 231 diag("cipher: %s", mysql_get_ssl_cipher(my)); 232 mysql_free_result(res); 233 234 FAIL_IF(check_cipher(my) != 0, "Invalid cipher"); 235 mysql_close(my); 236 return OK; 237 } 238 239 static int test_conc95(MYSQL *unused __attribute__((unused))) 240 { 241 MYSQL *mysql; 242 243 if (check_skip_ssl()) 244 return SKIP; 245 246 create_ssl_user("ssluser1", 1); 247 248 mysql= mysql_init(NULL); 249 mysql_ssl_set(mysql, 250 sslkey, 251 sslcert, 252 NULL, 253 NULL, 254 NULL); 255 256 if (!mysql_real_connect(mysql, hostname, "ssluser1", sslpw, schema, 257 ssl_port, socketname, 0)) 258 { 259 diag("could not establish x509 connection. Error: %s", mysql_error(mysql)); 260 mysql_close(mysql); 261 return FAIL; 262 } 263 mysql_close(mysql); 264 return OK; 265 } 266 267 static int test_multi_ssl_connections(MYSQL *unused __attribute__((unused))) 268 { 269 MYSQL *mysql[50], *my; 270 int i, rc; 271 int old_connections= 0, new_connections= 0; 272 MYSQL_RES *res; 273 MYSQL_ROW row; 274 275 if (check_skip_ssl()) 276 return SKIP; 277 278 diag("Test doesn't work with yassl"); 279 return SKIP; 280 281 create_ssl_user(ssluser, 0); 282 283 my= mysql_init(NULL); 284 FAIL_IF(!my,"mysql_init() failed"); 285 FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema, 286 ssl_port, socketname, 0), mysql_error(my)); 287 288 rc= mysql_query(my, "SHOW STATUS LIKE 'Ssl_accepts'"); 289 check_mysql_rc(rc, my); 290 291 res= mysql_store_result(my); 292 if ((row= mysql_fetch_row(res))) 293 old_connections= atoi(row[1]); 294 mysql_free_result(res); 295 296 for (i=0; i < 50; i++) 297 { 298 mysql[i]= mysql_init(NULL); 299 FAIL_IF(!mysql[i],"mysql_init() failed"); 300 301 mysql_ssl_set(mysql[i], 0, 0, sslca, 0, 0); 302 303 mysql_real_connect(mysql[i], hostname, ssluser, sslpw, schema, 304 ssl_port, socketname, 0); 305 if (mysql_errno(mysql[i])) 306 { 307 diag("loop: %d error: %d %s", i, mysql_errno(mysql[i]), mysql_error(mysql[i])); 308 return FAIL; 309 } 310 311 FAIL_IF(check_cipher(mysql[i]) != 0, "Invalid cipher"); 312 } 313 for (i=0; i < 50; i++) 314 mysql_close(mysql[i]); 315 316 rc= mysql_query(my, "SHOW STATUS LIKE 'Ssl_accepts'"); 317 check_mysql_rc(rc, my); 318 319 res= mysql_store_result(my); 320 if ((row= mysql_fetch_row(res))) 321 new_connections= atoi(row[1]); 322 mysql_free_result(res); 323 324 mysql_close(my); 325 326 diag("%d SSL connections processed", new_connections - old_connections); 327 FAIL_IF(new_connections - old_connections < 50, "new_connections should be at least old_connections + 50"); 328 return OK; 329 } 330 331 #ifndef WIN32 332 static void ssl_thread(void *unused __attribute__((unused))) 333 #else 334 DWORD WINAPI ssl_thread(void *dummy) 335 #endif 336 { 337 MYSQL *mysql= NULL; 338 339 mysql_thread_init(); 340 341 if (!(mysql= mysql_init(NULL))) 342 { 343 goto end; 344 } 345 mysql_ssl_set(mysql, 0, 0, sslca, 0, 0); 346 347 if(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 348 ssl_port, socketname, 0)) 349 { 350 diag(">Error: %s", mysql_error(mysql)); 351 goto end; 352 } 353 354 pthread_mutex_lock(&LOCK_test); 355 mysql_query(mysql, "UPDATE ssltest SET a=a+1"); 356 pthread_mutex_unlock(&LOCK_test); 357 358 end: 359 if(mysql) 360 mysql_close(mysql); 361 mysql_thread_end(); 362 #ifdef _WIN32 363 return 0; 364 #endif 365 } 366 367 static int test_ssl_threads(MYSQL *mysql) 368 { 369 int i, rc; 370 #ifndef WIN32 371 pthread_t threads[50]; 372 #else 373 HANDLE hthreads[50]; 374 DWORD dthreads[50]; 375 #endif 376 MYSQL_RES *res; 377 MYSQL_ROW row; 378 379 if (check_skip_ssl()) 380 return SKIP; 381 382 rc= mysql_query(mysql, "DROP TABLE IF exists ssltest"); 383 check_mysql_rc(rc, mysql); 384 rc= mysql_query(mysql, "CREATE TABLE ssltest (a int)"); 385 check_mysql_rc(rc, mysql); 386 rc= mysql_query(mysql, "INSERT into ssltest VALUES (0)"); 387 check_mysql_rc(rc, mysql); 388 pthread_mutex_init(&LOCK_test, NULL); 389 390 pthread_mutex_init(&LOCK_test, NULL); 391 392 for (i=0; i < 50; i++) 393 { 394 #ifndef WIN32 395 pthread_create(&threads[i], NULL, (void *)ssl_thread, NULL); 396 #else 397 hthreads[i]= CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ssl_thread, NULL, 0, &dthreads[i]); 398 if (hthreads[i]==NULL) 399 diag("error while starting thread"); 400 #endif 401 } 402 for (i=0; i < 50; i++) 403 #ifndef WIN32 404 pthread_join(threads[i], NULL); 405 #else 406 WaitForSingleObject(hthreads[i], INFINITE); 407 #endif 408 409 pthread_mutex_destroy(&LOCK_test); 410 411 rc= mysql_query(mysql, "SELECT a FROM ssltest"); 412 check_mysql_rc(rc, mysql); 413 res= mysql_store_result(mysql); 414 row= mysql_fetch_row(res); 415 diag("Found: %s", row[0]); 416 FAIL_IF(strcmp(row[0], "50") != 0, "Expected 50"); 417 mysql_free_result(res); 418 rc= mysql_query(mysql, "DROP TABLE IF exists ssltest"); 419 check_mysql_rc(rc, mysql); 420 return OK; 421 } 422 423 static int test_phpbug51647(MYSQL *unused __attribute__((unused))) 424 { 425 MYSQL* mysql; 426 427 if (check_skip_ssl()) 428 return SKIP; 429 430 mysql= mysql_init(NULL); 431 FAIL_IF(!mysql, "Can't allocate memory"); 432 433 mysql_ssl_set(mysql, sslkey, 434 sslcert, 435 sslca, 0, 0); 436 437 FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 438 ssl_port, socketname, 0), mysql_error(mysql)); 439 diag("%s", mysql_get_ssl_cipher(mysql)); 440 mysql_close(mysql); 441 442 return OK; 443 } 444 445 static int test_password_protected(MYSQL *unused __attribute__((unused))) 446 { 447 MYSQL* mysql; 448 449 if (check_skip_ssl()) 450 return SKIP; 451 452 mysql= mysql_init(NULL); 453 FAIL_IF(!mysql, "Can't allocate memory"); 454 455 mysql_ssl_set(mysql, sslkey_enc, 456 sslcert, 457 sslca, 0, 0); 458 459 mysql_options(mysql, MARIADB_OPT_TLS_PASSPHRASE, "qwerty"); 460 461 FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 462 ssl_port, socketname, 0), mysql_error(mysql)); 463 diag("%s", mysql_get_ssl_cipher(mysql)); 464 mysql_close(mysql); 465 466 return OK; 467 } 468 469 470 static int test_conc50(MYSQL *unused __attribute__((unused))) 471 { 472 MYSQL *mysql; 473 474 if (check_skip_ssl()) 475 return SKIP; 476 477 mysql= mysql_init(NULL); 478 FAIL_IF(!mysql, "Can't allocate memory"); 479 480 mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting_cert.pem", NULL, NULL); 481 482 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 483 ssl_port, socketname, 0); 484 diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql)); 485 FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); 486 mysql_close(mysql); 487 488 return OK; 489 } 490 491 static int test_conc50_1(MYSQL *unused __attribute__((unused))) 492 { 493 MYSQL *mysql; 494 495 if (check_skip_ssl()) 496 return SKIP; 497 498 if (!have_openssl) 499 { 500 diag("Server with OpenSSL required"); 501 return SKIP; 502 } 503 504 create_ssl_user(ssluser, 0); 505 506 mysql= mysql_init(NULL); 507 FAIL_IF(!mysql, "Can't allocate memory"); 508 509 mysql_ssl_set(mysql, NULL, NULL, sslca, NULL, NULL); 510 511 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 512 ssl_port, socketname, 0); 513 if (mysql_errno(mysql)) 514 diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql)); 515 FAIL_IF(mysql_errno(mysql), "No error expected"); 516 517 mysql_close(mysql); 518 519 return OK; 520 } 521 522 static int test_conc50_2(MYSQL *unused __attribute__((unused))) 523 { 524 MYSQL *mysql; 525 526 if (check_skip_ssl()) 527 return SKIP; 528 529 mysql= mysql_init(NULL); 530 FAIL_IF(!mysql, "Can't allocate memory"); 531 532 mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting_cert.pem", NULL, NULL); 533 534 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 535 ssl_port, socketname, 0); 536 FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); 537 mysql_close(mysql); 538 539 return OK; 540 } 541 542 static int test_conc127(MYSQL *unused __attribute__((unused))) 543 { 544 MYSQL *mysql; 545 546 diag("test disabled - for testing disable other tests or run this test as first test"); 547 return SKIP; 548 549 if (check_skip_ssl()) 550 return SKIP; 551 552 mysql= mysql_init(NULL); 553 FAIL_IF(!mysql, "Can't allocate memory"); 554 555 mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting.pem", NULL, NULL); 556 557 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 558 ssl_port, socketname, 0); 559 diag("Error: %s", mysql_error(mysql)); 560 FAIL_IF(mysql_errno(mysql) == 0, "Error expected (invalid certificate)"); 561 mysql_close(mysql); 562 563 return OK; 564 } 565 566 static int test_conc50_3(MYSQL *unused __attribute__((unused))) 567 { 568 MYSQL *mysql; 569 570 if (check_skip_ssl()) 571 return SKIP; 572 573 create_ssl_user(ssluser, 0); 574 575 mysql= mysql_init(NULL); 576 FAIL_IF(!mysql, "Can't allocate memory"); 577 578 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 579 ssl_port, socketname, 0); 580 FAIL_IF(!mysql_errno(mysql), "Error expected, SSL connection required!"); 581 mysql_close(mysql); 582 583 mysql= mysql_init(NULL); 584 FAIL_IF(!mysql, "Can't allocate memory"); 585 586 mysql_ssl_set(mysql, NULL, NULL, sslca, NULL, NULL); 587 588 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 589 ssl_port, socketname, 0); 590 diag("Error: %s<", mysql_error(mysql)); 591 FAIL_IF(mysql_errno(mysql), "No error expected"); 592 mysql_close(mysql); 593 594 return OK; 595 } 596 597 static int test_conc50_4(MYSQL *unused __attribute__((unused))) 598 { 599 MYSQL *mysql; 600 601 if (check_skip_ssl()) 602 return SKIP; 603 604 mysql= mysql_init(NULL); 605 FAIL_IF(!mysql, "Can't allocate memory"); 606 607 mysql_ssl_set(mysql, NULL, sslca, NULL, NULL, NULL); 608 609 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 610 ssl_port, socketname, 0); 611 FAIL_IF(!mysql_errno(mysql) , "Error expected"); 612 mysql_close(mysql); 613 614 return OK; 615 } 616 617 static int verify_ssl_server_cert(MYSQL *unused __attribute__((unused))) 618 { 619 MYSQL *mysql; 620 uint verify= 1; 621 622 if (check_skip_ssl()) 623 return SKIP; 624 625 if (!hostname || !strcmp(hostname, "localhost")) 626 return SKIP; 627 628 SKIP_TRAVIS(); 629 630 mysql= mysql_init(NULL); 631 FAIL_IF(!mysql, "Can't allocate memory"); 632 633 mysql_ssl_set(mysql, NULL, NULL, sslca, NULL, NULL); 634 mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); 635 636 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 637 ssl_port, socketname, 0); 638 639 FAIL_IF(!mysql_errno(mysql), "Expected error"); 640 diag("Error (expected): %s", mysql_error(mysql)); 641 mysql_close(mysql); 642 643 return OK; 644 } 645 646 static int test_bug62743(MYSQL *unused __attribute__((unused))) 647 { 648 MYSQL *mysql; 649 650 if (check_skip_ssl()) 651 return SKIP; 652 653 mysql= mysql_init(NULL); 654 FAIL_IF(!mysql, "Can't allocate memory"); 655 656 mysql_ssl_set(mysql, "dummykey", NULL, NULL, NULL, NULL); 657 658 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 659 ssl_port, socketname, 0); 660 diag("Error: %s", mysql_error(mysql)); 661 FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); 662 mysql_close(mysql); 663 664 mysql= mysql_init(NULL); 665 FAIL_IF(!mysql, "Can't allocate memory"); 666 667 mysql_ssl_set(mysql, sslkey, NULL, NULL, NULL, NULL); 668 669 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 670 ssl_port, socketname, 0); 671 diag("Error with key: %s", mysql_error(mysql)); 672 FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); 673 mysql_close(mysql); 674 675 mysql= mysql_init(NULL); 676 FAIL_IF(!mysql, "Can't allocate memory"); 677 678 mysql_ssl_set(mysql, sslkey, 679 sslcert, NULL, NULL, NULL); 680 681 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 682 ssl_port, socketname, 0); 683 FAIL_IF(mysql_errno(mysql) != 0, "Expected no error"); 684 mysql_close(mysql); 685 686 mysql= mysql_init(NULL); 687 FAIL_IF(!mysql, "Can't allocate memory"); 688 689 mysql_ssl_set(mysql, sslkey, "blablubb", NULL, NULL, NULL); 690 691 mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, 692 ssl_port, socketname, 0); 693 diag("Error with cert: %s", mysql_error(mysql)); 694 FAIL_IF(mysql_errno(mysql) == 0, "Expected error"); 695 mysql_close(mysql); 696 697 return OK; 698 } 699 700 #ifndef WIN32 701 int thread_conc102(void) 702 #else 703 DWORD WINAPI thread_conc102(void) 704 #endif 705 { 706 MYSQL *mysql; 707 int rc; 708 MYSQL_RES *res; 709 mysql_thread_init(); 710 mysql= mysql_init(NULL); 711 712 mysql_ssl_set(mysql, sslkey, 713 sslcert, 714 sslca, 715 NULL, NULL); 716 mysql_ssl_set(mysql,0, 0, sslca, 0, 0); 717 718 if(!mysql_real_connect(mysql, hostname, username, password, schema, 719 ssl_port, socketname, 0)) 720 { 721 diag(">Error: %s", mysql_error(mysql)); 722 goto end; 723 } 724 if (!mysql_get_ssl_cipher(mysql)) 725 { 726 diag("Error: No ssl connection"); 727 goto end; 728 } 729 pthread_mutex_lock(&LOCK_test); 730 rc= mysql_query(mysql, "UPDATE t_conc102 SET a=a+1"); 731 check_mysql_rc(rc, mysql); 732 pthread_mutex_unlock(&LOCK_test); 733 check_mysql_rc(rc, mysql); 734 if ((res= mysql_store_result(mysql))) 735 mysql_free_result(res); 736 end: 737 mysql_close(mysql); 738 mysql_thread_end(); 739 return 0; 740 } 741 742 static int test_conc_102(MYSQL *mysql) 743 { 744 745 int rc; 746 int i; 747 MYSQL_ROW row; 748 MYSQL_RES *res; 749 #ifndef WIN32 750 pthread_t threads[50]; 751 #else 752 HANDLE hthreads[50]; 753 DWORD threads[50]; 754 #endif 755 756 if (check_skip_ssl()) 757 return SKIP; 758 759 rc= mysql_query(mysql, "DROP TABLE IF EXISTS t_conc102"); 760 check_mysql_rc(rc, mysql); 761 rc= mysql_query(mysql, "CREATE TABLE t_conc102 ( a int)"); 762 check_mysql_rc(rc, mysql); 763 rc= mysql_query(mysql, "INSERT INTO t_conc102 VALUES (0)"); 764 check_mysql_rc(rc, mysql); 765 pthread_mutex_init(&LOCK_test, NULL); 766 767 for (i=0; i < 50; i++) 768 { 769 #ifndef WIN32 770 pthread_create(&threads[i], NULL, (void *)thread_conc102, NULL); 771 #else 772 hthreads[i]= CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)thread_conc102, NULL, 0, &threads[i]); 773 if (hthreads[i]==NULL) 774 diag("error while starting thread"); 775 #endif 776 } 777 for (i=0; i < 50; i++) 778 { 779 #ifndef WIN32 780 pthread_join(threads[i], NULL); 781 #else 782 WaitForSingleObject(hthreads[i], INFINITE); 783 #endif 784 } 785 pthread_mutex_destroy(&LOCK_test); 786 rc= mysql_query(mysql, "SELECT a FROM t_conc102"); 787 check_mysql_rc(rc, mysql); 788 res= mysql_store_result(mysql); 789 row= mysql_fetch_row(res); 790 diag("Found: %s", row[0]); 791 FAIL_IF(strcmp(row[0], "50") != 0, "Expected 50"); 792 mysql_free_result(res); 793 rc= mysql_query(mysql, "DROP TABLE IF EXISTS t_conc102"); 794 check_mysql_rc(rc, mysql); 795 return OK; 796 } 797 798 static int test_ssl_fp(MYSQL *unused __attribute__((unused))) 799 { 800 MYSQL *my; 801 MYSQL_RES *res; 802 MYSQL_ROW row; 803 int rc; 804 805 if (check_skip_ssl()) 806 return SKIP; 807 808 my= mysql_init(NULL); 809 FAIL_IF(!my, "mysql_init() failed"); 810 811 mysql_ssl_set(my,0, 0, sslca, 0, 0); 812 813 mysql_options(my, MARIADB_OPT_SSL_FP, bad_cert_finger_print); 814 815 FAIL_IF(mysql_real_connect(my, hostname, username, password, schema, 816 ssl_port, socketname, 0), mysql_error(my)); 817 818 mysql_options(my, MARIADB_OPT_SSL_FP, ssl_cert_finger_print); 819 820 FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema, 821 ssl_port, socketname, 0), mysql_error(my)); 822 823 FAIL_IF(check_cipher(my) != 0, "Invalid cipher"); 824 825 rc= mysql_query(my, "SET @a:=1"); 826 check_mysql_rc(rc, my); 827 828 rc= mysql_query(my, "SELECT @a"); 829 check_mysql_rc(rc, my); 830 831 if ((res= mysql_store_result(my))) 832 { 833 row= mysql_fetch_row(res); 834 diag("@a:=%s", row[0]); 835 mysql_free_result(res); 836 } 837 838 mysql_close(my); 839 return OK; 840 } 841 842 static int test_ssl_fp_list(MYSQL *unused __attribute__((unused))) 843 { 844 MYSQL *my; 845 846 if (check_skip_ssl()) 847 return SKIP; 848 849 my= mysql_init(NULL); 850 FAIL_IF(!my, "mysql_init() failed"); 851 852 mysql_ssl_set(my,0, 0, sslca, 0, 0); 853 854 mysql_options(my, MARIADB_OPT_SSL_FP_LIST, CERT_PATH "/server-cert.sha1"); 855 856 if(!mysql_real_connect(my, hostname, username, password, schema, 857 ssl_port, socketname, 0)) 858 { 859 diag("Error: %s", mysql_error(my)); 860 mysql_close(my); 861 return FAIL; 862 } 863 864 FAIL_IF(check_cipher(my) != 0, "Invalid cipher"); 865 mysql_close(my); 866 return OK; 867 } 868 869 static int test_ssl_version(MYSQL *unused __attribute__((unused))) 870 { 871 unsigned int iversion; 872 char *version, *library; 873 MYSQL *my; 874 875 if (check_skip_ssl()) 876 return SKIP; 877 878 my= mysql_init(NULL); 879 FAIL_IF(!my, "mysql_init() failed"); 880 881 mysql_ssl_set(my,0, 0, sslca, 0, 0); 882 FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema, 883 ssl_port, socketname, 0), mysql_error(my)); 884 885 diag("cipher: %s", mysql_get_ssl_cipher(my)); 886 mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION_ID, &iversion); 887 diag("protocol: %d", iversion); 888 mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION, &version); 889 diag("protocol: %s", version); 890 891 mariadb_get_infov(my, MARIADB_TLS_LIBRARY, &library); 892 diag("library: %s", library); 893 894 mysql_close(my); 895 896 return OK; 897 } 898 899 #ifdef HAVE_SCHANNEL 900 static int test_schannel_cipher(MYSQL *unused __attribute__((unused))) 901 { 902 MYSQL *my; 903 unsigned int cipher_strength= 256; 904 905 if (check_skip_ssl()) 906 return SKIP; 907 908 my= mysql_init(NULL); 909 FAIL_IF(!my, "mysql_init() failed"); 910 911 mysql_ssl_set(my,0, 0, sslca, 0, 0); 912 mysql_options(my, MARIADB_OPT_TLS_CIPHER_STRENGTH, &cipher_strength); 913 FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema, 914 ssl_port, socketname, 0), mysql_error(my)); 915 916 diag("cipher: %s", mysql_get_ssl_cipher(my)); 917 918 mysql_close(my); 919 920 return OK; 921 } 922 923 #endif 924 925 #if defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) 926 927 static int test_cipher_mapping(MYSQL *unused __attribute__((unused))) 928 { 929 unsigned int i=0; 930 const char *ciphers[]= { "DHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", 931 #ifdef TEST_CAMELLIA_CIPHER 932 "DHE-RSA-CAMELLIA256-SHA", "CAMELLIA256-SHA", 933 "DHE-RSA-CAMELLIA128-SHA", "CAMELLIA128-SHA", 934 #endif 935 #ifdef TEST_DES_CIPHER 936 "EDH-RSA-DES-CBC3-SHA", 937 "DES-CBC3-SHA", 938 #endif 939 "AES256-GCM-SHA384", "AES256-SHA256", "AES256-SHA", 940 "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", 941 "AES128-GCM-SHA256", "AES128-SHA256", "AES128-SHA", 942 "DHE-RSA-AES256-SHA", "AES256-SHA", 943 NULL }; 944 945 diag("This test depends on OpenSSL version - since several ciphers might not be available"); 946 return SKIP; 947 948 if (check_skip_ssl()) 949 return SKIP; 950 951 if (!have_openssl) 952 { 953 diag("test requires Server with OpenSSL"); 954 return SKIP; 955 } 956 957 while (ciphers[i] != NULL) 958 { 959 MYSQL *mysql= mysql_init(NULL); 960 MYSQL_ROW row; 961 MYSQL_RES *res; 962 char c[100]; 963 int rc; 964 const char *cipher; 965 966 mysql_options(mysql, MYSQL_OPT_TLS_VERSION, "TLSv1.0,TLSv1.1,TLSv1.2"); 967 mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, ciphers[i]); 968 diag("%s", ciphers[i]); 969 970 mysql->options.use_ssl= 1; 971 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 972 ssl_port, socketname, 0), mysql_error(mysql)); 973 if (!(cipher= mysql_get_ssl_cipher(mysql)) || 974 strcmp(ciphers[i], cipher) != 0) 975 { 976 diag("cipher %s differs: (%s)", ciphers[i], cipher); 977 mysql_close(mysql); 978 goto cont; 979 } 980 else 981 { 982 rc= mysql_query(mysql, "SHOW STATUS LIKE 'ssl_cipher'"); 983 check_mysql_rc(rc, mysql); 984 res= mysql_store_result(mysql); 985 row= mysql_fetch_row(res); 986 strcpy(c, row[1]); 987 mysql_free_result(res); 988 mysql_close(mysql); 989 if (strcmp(ciphers[i], c) != 0) 990 { 991 diag("expected: %s instead of %s", ciphers[i], c); 992 /* depending if server supports ECC, ciphers may differ, 993 so we don't return failure here */ 994 } 995 } 996 cont: 997 i++; 998 } 999 return OK; 1000 } 1001 #endif 1002 1003 static int test_openssl_1(MYSQL *mysql) 1004 { 1005 int rc; 1006 MYSQL *my; 1007 uchar val= 1; 1008 char query[1024]; 1009 int i; 1010 1011 if (check_skip_ssl()) 1012 return SKIP; 1013 1014 if (have_tls13) 1015 return SKIP; 1016 1017 if (!mariadb_connection(mysql)) 1018 return SKIP; 1019 1020 for (i=1; i < 6; i++) 1021 { 1022 sprintf(query, "DROP USER 'ssluser%d'@'%s'", i, this_host); 1023 rc= mysql_query(mysql, query); 1024 sprintf(query, "CREATE USER 'ssluser%d'@'%s'", i, this_host); 1025 rc= mysql_query(mysql, query); 1026 check_mysql_rc(rc, mysql); 1027 } 1028 rc= mysql_query(mysql, "FLUSH PRIVILEGES"); 1029 check_mysql_rc(rc, mysql); 1030 diag("sslusers created"); 1031 1032 diag("ssluser1"); 1033 sprintf(query, "grant select on %s.* to 'ssluser1'@'%s' require ssl", schema, this_host); 1034 rc= mysql_query(mysql, query); 1035 check_mysql_rc(rc, mysql); 1036 1037 1038 my= mysql_init(NULL); 1039 mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES128-SHA"); 1040 FAIL_IF(!mysql_real_connect(my, hostname, "ssluser1", NULL, schema, 1041 ssl_port, socketname, 0), mysql_error(my)); 1042 FAIL_IF(!mysql_get_ssl_cipher(my), "No TLS connection"); 1043 mysql_close(my); 1044 1045 my= mysql_init(NULL); 1046 mysql_options(my, MYSQL_OPT_SSL_ENFORCE, &val); 1047 FAIL_IF(!mysql_real_connect(my, hostname, "ssluser1", NULL, schema, 1048 ssl_port, socketname, 0), mysql_error(my)); 1049 FAIL_IF(!mysql_get_ssl_cipher(my), "No TLS connection"); 1050 mysql_close(my); 1051 1052 diag("ssluser2"); 1053 sprintf(query, "grant select on %s.* to 'ssluser2'@'%s' require cipher 'AES256-SHA'", schema, this_host); 1054 rc= mysql_query(mysql, query); 1055 check_mysql_rc(rc, mysql); 1056 1057 #ifdef TEST_RANDOM_RESULT 1058 /* ssl_user2: connect with enforce should work */ 1059 my= mysql_init(NULL); 1060 mysql_options(my, MYSQL_OPT_SSL_ENFORCE, &val); 1061 mysql_real_connect(my, hostname, "ssluser2", NULL, schema, 1062 ssl_port, socketname, 0); 1063 if (!mysql_error(my) && 1064 strcmp(mysql_get_ssl_cipher(my), "AES256-SHA")) 1065 { 1066 diag("Expected error or correct cipher"); 1067 return FAIL; 1068 } 1069 mysql_close(my); 1070 #endif 1071 /* ssl_user2: connect with correct cipher */ 1072 diag("ssluser2"); 1073 if (mysql_get_server_version(mysql) >= 100100) 1074 { 1075 my= mysql_init(NULL); 1076 mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES256-SHA"); 1077 FAIL_IF(!mysql_real_connect(my, hostname, "ssluser2", NULL, schema, 1078 ssl_port, socketname, 0), mysql_error(my)); 1079 FAIL_IF(strcmp("AES256-SHA", mysql_get_ssl_cipher(my)) != 0, "expected cipher AES256-SHA"); 1080 mysql_close(my); 1081 } 1082 1083 /* ssl_user2: connect with wrong cipher should not work */ 1084 diag("ssluser2"); 1085 my= mysql_init(NULL); 1086 mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES128-SHA"); 1087 FAIL_IF(mysql_real_connect(my, hostname, "ssluser2", NULL, schema, 1088 ssl_port, socketname, 0), "Error expected"); 1089 mysql_close(my); 1090 1091 1092 if (!travis_test) 1093 { 1094 sprintf(query, "grant select on %s.* to 'ssluser3'@'%s' require cipher 'AES256-SHA' AND " 1095 " SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client'", schema, this_host); 1096 rc= mysql_query(mysql, query); 1097 check_mysql_rc(rc, mysql); 1098 1099 /* ssluser3: connect with cipher only */ 1100 my= mysql_init(NULL); 1101 mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES256-SHA"); 1102 FAIL_IF(mysql_real_connect(my, hostname, "ssluser3", NULL, schema, 1103 ssl_port, socketname, 0), "Error expected"); 1104 mysql_close(my); 1105 1106 /* ssluser3 connect with cipher and certs */ 1107 my= mysql_init(NULL); 1108 mysql_ssl_set(my, sslkey, 1109 sslcert, 1110 sslca, 1111 NULL, 1112 "AES256-SHA"); 1113 FAIL_IF(!mysql_real_connect(my, hostname, "ssluser3", NULL, schema, 1114 ssl_port, socketname, 0), mysql_error(my)); 1115 1116 mysql_close(my); 1117 1118 sprintf(query, "grant select on %s.* to 'ssluser4'@'%s' require cipher 'AES256-SHA' AND " 1119 " ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'", schema, this_host); 1120 rc= mysql_query(mysql, query); 1121 check_mysql_rc(rc, mysql); 1122 1123 /* ssluser4: connect with cipher only */ 1124 my= mysql_init(NULL); 1125 mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES256-SHA"); 1126 FAIL_IF(mysql_real_connect(my, hostname, "ssluser4", NULL, schema, 1127 ssl_port, socketname, 0), "Error expected"); 1128 mysql_close(my); 1129 1130 /* ssluser4 connect with cipher and certs */ 1131 my= mysql_init(NULL); 1132 mysql_ssl_set(my, sslkey, 1133 sslcert, 1134 sslca, 1135 NULL, 1136 "AES256-SHA"); 1137 FAIL_IF(!mysql_real_connect(my, hostname, "ssluser4", NULL, schema, 1138 ssl_port, socketname, 0), mysql_error(my)); 1139 mysql_close(my); 1140 } 1141 diag("drop users"); 1142 for (i=1; i < 6; i++) 1143 { 1144 sprintf(query, "DROP USER 'ssluser%d'@'%s'", i, this_host); 1145 rc= mysql_query(mysql, query); 1146 } 1147 1148 return OK; 1149 } 1150 1151 static int test_ssl_timeout(MYSQL *unused __attribute__((unused))) 1152 { 1153 MYSQL *mysql; 1154 my_bool enforce= 1; 1155 int read_timeout= 1; 1156 int rc; 1157 1158 if (check_skip_ssl()) 1159 return SKIP; 1160 1161 mysql= mysql_init(NULL); 1162 mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &enforce); 1163 mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, &read_timeout); 1164 mysql->options.use_ssl= 1; 1165 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 1166 ssl_port, socketname, 0), mysql_error(mysql)); 1167 diag("cipher: %s\n", mysql_get_ssl_cipher(mysql)); 1168 rc= mysql_query(mysql, "SELECT SLEEP(600)"); 1169 if (!rc) 1170 { 1171 diag("error expected (timeout)"); 1172 return FAIL; 1173 } 1174 1175 mysql_close(mysql); 1176 return OK; 1177 } 1178 1179 static int drop_ssl_user(MYSQL *mysql) 1180 { 1181 int rc; 1182 1183 rc= mysql_query(mysql, "DELETE FROM mysql.user where user like 'ssl%'"); 1184 check_mysql_rc(rc, mysql); 1185 rc= mysql_query(mysql, "DELETE FROM mysql.db where user like 'ssl%'"); 1186 check_mysql_rc(rc, mysql); 1187 return OK; 1188 } 1189 1190 static int test_conc286(MYSQL *unused __attribute__((unused))) 1191 { 1192 MYSQL *my; 1193 1194 if (check_skip_ssl()) 1195 return SKIP; 1196 1197 my= mysql_init(NULL); 1198 FAIL_IF(!my, "mysql_init() failed"); 1199 1200 mysql_options(my, MARIADB_OPT_SSL_FP, ssl_cert_finger_print); 1201 1202 FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema, 1203 ssl_port, socketname, 0), mysql_error(my)); 1204 1205 FAIL_IF(check_cipher(my) != 0, "Invalid cipher"); 1206 1207 mysql_close(my); 1208 return OK; 1209 } 1210 1211 static int test_mdev14027(MYSQL *mysql __attribute__((unused))) 1212 { 1213 char *tls_library; 1214 const char *check_library= 1215 #if defined(HAVE_OPENSSL) 1216 #if defined(HAVE_LIBRESSL) 1217 "LibreSSL"; 1218 #else 1219 "OpenSSL"; 1220 #endif 1221 #elif defined(HAVE_GNUTLS) 1222 "GnuTLS"; 1223 #elif defined(HAVE_SCHANNEL) 1224 "Schannel"; 1225 #else 1226 "Off"; 1227 #endif 1228 mariadb_get_infov(NULL, MARIADB_TLS_LIBRARY, &tls_library); 1229 diag("TLS/SSL library in use: %s\n", tls_library); 1230 if (!strstr(tls_library, check_library)) 1231 { 1232 diag("expected %s, got %s", check_library, tls_library); 1233 return FAIL; 1234 } 1235 return OK; 1236 } 1237 1238 static int test_mdev14101(MYSQL *my __attribute__((unused))) 1239 { 1240 struct { 1241 bool do_yassl; 1242 const char *opt_tls_version; 1243 const char *expected; 1244 } combinations[]= { 1245 {1, "TLSv1.1", "TLSv1.1"}, 1246 {1, "TLSv1,TLSv1.1", "TLSv1.1"}, 1247 {0, "TLSv1.2", "TLSv1.2"}, 1248 {0, "TLSv1.1,TLSv1.2", "TLSv1.2"}, 1249 {1, NULL, NULL} 1250 }; 1251 1252 int i; 1253 #ifdef HAVE_SCHANNEL 1254 bool skip_tlsv12= 1; 1255 #else 1256 bool skip_tlsv12= !have_openssl; 1257 #endif 1258 1259 #if defined(HAVE_OPENSSL) && defined(TLS1_3_VERSION) 1260 diag("Test fails with TLS v1.3"); 1261 return(SKIP); 1262 #endif 1263 1264 for (i=0; combinations[i].expected; i++) 1265 { 1266 MYSQL *mysql; 1267 bool val=1; 1268 char *tls_version; 1269 1270 if (!combinations[i].do_yassl && skip_tlsv12) 1271 break; 1272 1273 diag("combination %d: %s", i, combinations[i].opt_tls_version); 1274 1275 mysql= mysql_init(NULL); 1276 mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &val); 1277 mysql_options(mysql, MARIADB_OPT_TLS_VERSION, combinations[i].opt_tls_version); 1278 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 1279 ssl_port, socketname, 0), mysql_error(mysql)); 1280 mariadb_get_infov(mysql, MARIADB_CONNECTION_TLS_VERSION, &tls_version); 1281 diag("options: %s", combinations[i].opt_tls_version); 1282 diag("protocol: %s expected: %s", tls_version, combinations[i].expected); 1283 FAIL_IF(strcmp(combinations[i].expected, tls_version), "Wrong tls_version"); 1284 mysql_close(mysql); 1285 } 1286 return OK; 1287 } 1288 1289 static int test_conc386(MYSQL *mysql) 1290 { 1291 mysql= mysql_init(NULL); 1292 mysql_ssl_set(mysql, 1293 sslcombined, 1294 NULL, 1295 NULL, 1296 NULL, 1297 NULL); 1298 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 1299 ssl_port, socketname, 0), mysql_error(mysql)); 1300 FAIL_IF(check_cipher(mysql) != 0, "Invalid cipher"); 1301 mysql_close(mysql); 1302 return OK; 1303 } 1304 1305 #ifndef HAVE_SCHANNEL 1306 static int test_ssl_verify(MYSQL *my __attribute__((unused))) 1307 { 1308 MYSQL *mysql; 1309 my_bool verify= 1, enforce= 1; 1310 1311 if (check_skip_ssl()) 1312 return SKIP; 1313 1314 /* verify, using system ca should fail with self signed certificate */ 1315 mysql= mysql_init(NULL); 1316 mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &enforce); 1317 mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); 1318 FAIL_IF(mysql_real_connect(mysql, hostname, username, password, schema, 1319 ssl_port, socketname, 0), "Error expected"); 1320 diag("error expected: %s\n", mysql_error(mysql)); 1321 mysql_close(mysql); 1322 1323 /* verify, using system ca should pass */ 1324 1325 /* Disable this for now, since for some unknown reason it fails on travis 1326 setenv("SSL_CERT_DIR", CERT_PATH, 1); 1327 mysql= mysql_init(NULL); 1328 mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &enforce); 1329 mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); 1330 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 1331 port, socketname, 0), mysql_error(mysql)); 1332 mysql_close(mysql); 1333 unsetenv("SSL_CERT_DIR"); 1334 */ 1335 1336 /* verify against local ca, this should pass */ 1337 mysql= mysql_init(NULL); 1338 mysql_ssl_set(mysql,0, 0, sslca, 0, 0); 1339 mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); 1340 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 1341 ssl_port, socketname, 0), mysql_error(mysql)); 1342 mysql_close(mysql); 1343 1344 mysql= mysql_init(NULL); 1345 mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &enforce); 1346 FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, 1347 ssl_port, socketname, 0), mysql_error(mysql)); 1348 1349 diag("cipher: %s", mysql_get_ssl_cipher(mysql)); 1350 mysql_close(mysql); 1351 return OK; 1352 } 1353 #endif 1354 1355 struct my_tests_st my_tests[] = { 1356 {"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1357 #ifndef HAVE_SCHANNEL 1358 {"test_ssl_verify", test_ssl_verify, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1359 #endif 1360 {"test_mdev14101", test_mdev14101, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1361 {"test_mdev14027", test_mdev14027, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1362 {"test_conc286", test_conc286, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1363 {"test_ssl_timeout", test_ssl_timeout, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1364 {"test_openssl_1", test_openssl_1, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1365 #ifndef HAVE_SCHANNEL 1366 {"test_cipher_mapping", test_cipher_mapping, TEST_CONNECTION_NONE, 0, NULL, NULL}, 1367 #endif 1368 {"test_conc127", test_conc127, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1369 /* Both tests work with GNU tls, however we can't create fingerprints with 1370 gnutls-cli in CMakeLists.txt */ 1371 #ifndef HAVE_SCHANNEL 1372 {"test_ssl_fp", test_ssl_fp, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1373 {"test_ssl_fp_list", test_ssl_fp_list, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1374 #endif 1375 {"test_conc50", test_conc50, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1376 {"test_conc50_1", test_conc50_1, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1377 {"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1378 {"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1379 {"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1380 {"test_conc95", test_conc95, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1381 {"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1382 {"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1383 {"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL}, 1384 {"test_ssl_cipher", test_ssl_cipher, TEST_CONNECTION_NONE, 0, NULL, NULL}, 1385 {"test_multi_ssl_connections", test_multi_ssl_connections, TEST_CONNECTION_NONE, 0, NULL, NULL}, 1386 {"test_conc_102", test_conc_102, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1387 {"test_ssl_version", test_ssl_version, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1388 {"test_ssl_threads", test_ssl_threads, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1389 #ifndef HAVE_SCHANNEL 1390 {"test_password_protected", test_password_protected, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1391 #else 1392 {"test_schannel_cipher", test_schannel_cipher, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1393 #endif 1394 {"test_conc386", test_conc386, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1395 {"drop_ssl_user", drop_ssl_user, TEST_CONNECTION_NEW, 0, NULL, NULL}, 1396 {NULL, NULL, 0, 0, NULL, NULL} 1397 }; 1398 1399 1400 int main(int argc, char **argv) 1401 { 1402 #if defined(WIN32) && defined(HEAP_CHECK) 1403 _CrtSetReportMode( _CRT_WARN, _CRTDBG_MODE_FILE ); 1404 _CrtSetReportFile( _CRT_WARN, _CRTDBG_FILE_STDOUT ); 1405 _CrtSetReportMode( _CRT_ERROR, _CRTDBG_MODE_FILE ); 1406 _CrtSetReportFile( _CRT_ERROR, _CRTDBG_FILE_STDOUT ); 1407 _CrtSetReportMode( _CRT_ASSERT, _CRTDBG_MODE_FILE ); 1408 _CrtSetReportFile( _CRT_ASSERT, _CRTDBG_FILE_STDOUT ); 1409 #endif 1410 1411 get_envvars(); 1412 read_fingerprint(); 1413 1414 if (argc > 1) 1415 get_options(argc, argv); 1416 run_tests(my_tests); 1417 1418 mysql_server_end(); 1419 #if defined(WIN32) && defined(HEAP_CHECK) 1420 _CrtDumpMemoryLeaks(); 1421 #endif 1422 return(exit_status()); 1423 } 1424 1425