1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
source include/not_embedded.inc;
create function have_ssl() returns char(3)
return (select if(variable_value > '','yes','no') as 'have_ssl'
from information_schema.session_status
where variable_name='ssl_cipher');
let $is_win = `select convert(@@version_compile_os using latin1) IN ("Win32","Win64","Windows")`;
let $host=;
if($is_win)
{
let $host=--host=127.0.0.2;
}
#
# passwordless root cannot connect w/o fingerprint:
#
--echo # mysql --protocol tcp -uroot --ssl-verify-server-cert -e "select test.have_ssl()"
--replace_regex /TLS\/SSL error.*certificate[^\n]*/TLS\/SSL error: Failed to verify the server certificate/
--error 1
--exec $MYSQL --protocol tcp $host -uroot --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
#
# fingerprint based cert verification:
#
--echo # mysql --protocol tcp -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()"
--exec $MYSQL --protocol tcp $host -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
#
# --disable-ssl-verify-server-cert does not disable fingerprint checks
#
--echo # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
--error 1
--exec $MYSQL --protocol tcp $host -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
drop function have_ssl;
|
