File: flush_ssl.test

package info (click to toggle)
mariadb 1%3A11.8.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 772,520 kB
  • sloc: ansic: 2,414,714; cpp: 1,791,394; asm: 381,336; perl: 62,905; sh: 49,647; pascal: 40,897; java: 39,363; python: 20,791; yacc: 20,432; sql: 17,907; xml: 12,344; ruby: 8,544; cs: 6,542; makefile: 6,145; ada: 1,879; lex: 1,193; javascript: 996; objc: 80; tcl: 73; awk: 46; php: 22
file content (63 lines) | stat: -rw-r--r-- 2,579 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# MDEV-16266 Reload SSL certificate
# This test reloads server SSL certs FLUSH SSL, and checks that 
# 1. old SSL connections (that existed before FLUSH) still work and use old certificate
# 2. new SSL connection use new certificate
# 3. if FLUSH SSL runs into error, SSL is still functioning
# SWtatus variable Ssl_server_not_after is used to tell the old certificate from new.


source include/have_ssl_communication.inc;

# Restart server with cert. files located in temp directory
# We are going to remove / replace them within the test, 
# so we can't use the ones in std_data directly.

let $ssl_cert=$MYSQLTEST_VARDIR/tmp/ssl_cert.pem;
let $ssl_key=$MYSQLTEST_VARDIR/tmp/ssl_key.pem;

copy_file $MYSQL_TEST_DIR/std_data/server-key.pem $ssl_key;
copy_file $MYSQL_TEST_DIR/std_data/server-cert.pem $ssl_cert;

let $restart_parameters=--ssl-key=$ssl_key --ssl-cert=$ssl_cert;
--source include/kill_mysqld.inc
--source include/start_mysqld.inc

connect  ssl_con,localhost,root,,,,,SSL;
--disable_cursor_protocol
SELECT VARIABLE_VALUE INTO @ssl_not_after FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';
--enable_cursor_protocol
let $ssl_not_after=`SELECT @ssl_not_after`;

remove_file $ssl_cert;
remove_file $ssl_key;

--echo # Use a different certificate ("Not after" certificate field changed)
copy_file $MYSQL_TEST_DIR/std_data/server-new-key.pem $ssl_key;
copy_file $MYSQL_TEST_DIR/std_data/server-new-cert.pem $ssl_cert;

FLUSH SSL;

--echo # Check new certificate used by new connection
exec $MYSQL --ssl  -e  "SELECT IF(VARIABLE_VALUE <> '$ssl_not_after', 'OK', 'FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after'";

--echo # Check that existing SSL connection still works, and uses old certificate, even if new one is loaded in FLUSH SSL
connection ssl_con;
SELECT IF(VARIABLE_VALUE=@ssl_not_after,'OK','FAIL') as Result FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_server_not_after';

disconnect ssl_con;
connection default;

SELECT VARIABLE_NAME NAME, VARIABLE_VALUE VALUE FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME in ('Ssl_accepts', 'Ssl_finished_accepts');
FLUSH SSL;
#Check that accepts are zeroed by FLUSH SSL.
SELECT VARIABLE_NAME NAME, VARIABLE_VALUE VALUE FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME in ('Ssl_accepts', 'Ssl_finished_accepts');

--echo # Cleanup
remove_file $ssl_cert;
remove_file $ssl_key;
# restart with usuall SSL
let $restart_parameters=;
--source include/kill_mysqld.inc
--source include/start_mysqld.inc