1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
source include/have_ssl_communication.inc;
source include/master-slave.inc;
# We don't test all types of ssl auth params here since it's a bit hard
# until problems with OpenSSL 0.9.7 are unresolved
# creating replication user for whom ssl auth is required
# preparing playground
connection master;
create user replssl@localhost;
grant replication slave on *.* to replssl@localhost require ssl;
create table t1 (t int);
sync_slave_with_master;
#trying to use this user without ssl
stop slave;
--source include/wait_for_slave_to_stop.inc
change master to master_user='replssl',master_password='',master_ssl=0;
start slave;
#showing that replication don't work
connection master;
insert into t1 values (1);
#reasonable timeout for changes to propagate to slave
let $wait_condition= SELECT COUNT(*) = 1 FROM t1;
source include/wait_condition.inc;
connection slave;
select * from t1;
#showing that replication could work with ssl params
--let $slave_io_errno=1045
--source include/wait_for_slave_io_error.inc
--source include/stop_slave_sql.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
eval change master to
master_ssl=1,
master_ssl_ca ='$MYSQL_TEST_DIR/std_data/cacert.pem',
master_ssl_cert='$MYSQL_TEST_DIR/std_data/client-cert.pem',
master_ssl_key='$MYSQL_TEST_DIR/std_data/client-key.pem';
start slave;
--source include/wait_for_slave_to_start.inc
#avoiding unneeded sleeps
connection master;
sync_slave_with_master;
#checking that replication is ok
select * from t1;
#checking show slave status
let $status_items= Master_SSL_Allowed, Master_SSL_CA_Path, Master_SSL_CA_File, Master_SSL_Cert, Master_SSL_Key;
source include/show_slave_status.inc;
source include/check_slave_is_running.inc;
#checking if replication works without ssl also performing clean up
stop slave;
--source include/wait_for_slave_to_stop.inc
change master to master_user='root',master_password='', master_ssl=0;
start slave;
--source include/wait_for_slave_to_start.inc
connection master;
drop user replssl@localhost;
drop table t1;
sync_slave_with_master;
source include/show_slave_status.inc;
source include/check_slave_is_running.inc;
# End of 4.1 tests
# Start replication with ssl_verify_server_cert turned on
connection slave;
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
eval change master to
master_host="localhost",
master_ssl=1 ,
master_ssl_ca ='$MYSQL_TEST_DIR/std_data/cacert.pem',
master_ssl_cert='$MYSQL_TEST_DIR/std_data/client-cert.pem',
master_ssl_key='$MYSQL_TEST_DIR/std_data/client-key.pem',
master_ssl_verify_server_cert=1;
start slave;
--source include/wait_for_slave_to_start.inc
connection master;
create table t1 (t int);
insert into t1 values (1);
sync_slave_with_master;
select * from t1;
#checking show slave status
source include/show_slave_status.inc;
--source include/check_slave_is_running.inc
# MDEV-31855 validate with master_password
connection master;
create user replssl@127.0.0.1 identified by "sslrepl";
grant replication slave on *.* to replssl@127.0.0.1 require ssl;
connection slave;
stop slave;
--source include/wait_for_slave_to_stop.inc
eval change master to
master_host="127.0.0.1",
master_user='replssl',
master_password="sslrepl",
master_ssl=1,
master_ssl_verify_server_cert=1,
master_ssl_ca ='',
master_ssl_cert='',
master_ssl_key='';
start slave;
--source include/wait_for_slave_to_start.inc
show tables;
connection master;
drop table t1;
sync_slave_with_master;
show tables;
# ==== Clean up ====
--source include/stop_slave.inc
CHANGE MASTER TO
master_host="127.0.0.1",
master_user='root',
master_password='',
master_ssl_ca ='',
master_ssl_cert='',
master_ssl_key='',
master_ssl_verify_server_cert=0,
master_ssl=1;
connection master;
drop user replssl@127.0.0.1;
connection slave;
drop user replssl@127.0.0.1;
--let $rpl_only_running_threads= 1
--source include/rpl_end.inc
|
