File: openssl_cert_generation.result

package info (click to toggle)
mysql-8.0 8.0.43-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,273,924 kB
  • sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (185 lines) | stat: -rw-r--r-- 8,376 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
# Setup
call mtr.add_suppression("Failed to setup SSL");
call mtr.add_suppression("SSL error: SSL_CTX_set_default_verify_paths failed");
# Restart completed.
# Test 1 : System variable tests
# auto_generate_certs should be OFF.
select @@global.auto_generate_certs;
@@global.auto_generate_certs
0
# sha256_password_auto_generate_rsa_keys should be OFF.
select @@global.sha256_password_auto_generate_rsa_keys;
@@global.sha256_password_auto_generate_rsa_keys
0
set @@global.auto_generate_certs='OFF';
ERROR HY000: Variable 'auto_generate_certs' is a read only variable
set @@global.sha256_password_auto_generate_rsa_keys='OFF';
ERROR HY000: Variable 'sha256_password_auto_generate_rsa_keys' is a read only variable
# Test 2 : Restarting mysqld with :
#          --auto_generate_certs=0
#          --sha256_password_auto_generate_rsa_keys=0
# Restart completed.
# Search for : Skipping generation of SSL certificates as --auto_generate_certs is set to OFF.
Pattern "Skipping generation of SSL certificates as --auto_generate_certs is set to OFF" found
# Search completed.
# Search for : Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF.
Pattern "Skipping generation of RSA key pair as --sha256_password_auto_generate_rsa_keys is set to OFF" found
# Search completed.
# Ensure that certificate files are not there after server is started
# Ensure that server is not ssl enabled
# Ensure that sha connection is not possible in absence of certificates and keys
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
drop user wl7699_sha256;
# Test 3 : SSL certificates
# 3.1 : Restarting mysqld with : --auto-generate-certs=1
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
Pattern "Auto generated SSL certificates are placed in data directory." found
# Search completed.
# Search for SSL certificate and key files in Data directory.
# Search completed.
# Ensure that RSA files are not there in data directory
# Ensure that server is ssl enabled
Variable_name	Value
Ssl_cipher	SSL_CIPHER
# Test 4 : RSA key pair
# 4.1 : Restarting mysqld with :
#       --sha256_password_auto_generate_rsa_keys=1
# Restart completed.
# Search for : Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory.
Pattern "Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory." found
# Search completed.
# Search for RSA key files in Data directory.
# Search completed.
# Ensure that server is not ssl enabled
# Test 5 : Skipping SSL Certificates/Key File Generation
# 5.1 : Restarting mysqld with :
#       --auto_generate_certs=ON
#       --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Generation of SSL ceritificates/key files and
# RSA key pair files is skipped.
# Search for : Messages related to skipped generation of SSL certificates and RSA key pair files.
Pattern "Skipping generation of SSL certificates as certificate files are present in data directory" found
Pattern "Skipping generation of RSA key pair" found
# Search completed.
# 5.2 : System variables
# auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
SELECT VARIABLE_NAME,VARIABLE_VALUE FROM performance_schema.global_variables
WHERE VARIABLE_NAME IN ('auto_generate_certs', 'ssl_ca', 'ssl_cert', 'ssl_key') ORDER BY 1;
VARIABLE_NAME	VARIABLE_VALUE
auto_generate_certs	ON
ssl_ca	ca.pem
ssl_cert	server-cert.pem
ssl_key	server-key.pem
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
SELECT VARIABLE_NAME,VARIABLE_VALUE FROM performance_schema.global_variables
WHERE VARIABLE_NAME LIKE 'sha256%' ORDER BY 1;
VARIABLE_NAME	VARIABLE_VALUE
sha256_password_auto_generate_rsa_keys	ON
sha256_password_private_key_path	private_key.pem
sha256_password_proxy_users	OFF
sha256_password_public_key_path	public_key.pem
# 5.3 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
# Should be able to connect to server using generated SSL certificates.
Variable_name	Value
Ssl_cipher	SSL_CIPHER
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
# Test 6 : SSL Certificates/Key File Generation and tests
# 6.1 : Restarting mysqld with :
#       --auto_generate_certs=ON
#       --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
Pattern "Auto generated SSL certificates are placed in data directory." found
# Search completed.
# Search for : Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory.
Pattern "Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory." found
# Search completed.
# 6.2 : System variables
# auto_generate_certs, ssl_ca, ssl_cert and ssl_key should be set.
SELECT VARIABLE_NAME,VARIABLE_VALUE FROM performance_schema.global_variables
WHERE VARIABLE_NAME IN ('auto_generate_certs', 'ssl_ca', 'ssl_cert', 'ssl_key') ORDER BY 1;
VARIABLE_NAME	VARIABLE_VALUE
auto_generate_certs	ON
ssl_ca	ca.pem
ssl_cert	server-cert.pem
ssl_key	server-key.pem
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
SELECT VARIABLE_NAME,VARIABLE_VALUE FROM performance_schema.global_variables
WHERE VARIABLE_NAME LIKE 'sha256%' ORDER BY 1;
VARIABLE_NAME	VARIABLE_VALUE
sha256_password_auto_generate_rsa_keys	ON
sha256_password_private_key_path	private_key.pem
sha256_password_proxy_users	OFF
sha256_password_public_key_path	public_key.pem
# 6.3 : SSL connection
# Should be able to connect to server using generated SSL certificates.
Variable_name	Value
Ssl_cipher	SSL_CIPHER
# 6.4 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
# Should be able to connect to server using generated SSL certificates.
Variable_name	Value
Ssl_cipher	SSL_CIPHER
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
# Test 7 : SSL Certificates/Key File Generation and tests
# 7.1 : Restarting mysqld with :
#       --skip-ssl
#       --auto_generate_certs=ON
#       --sha256_password_auto_generate_rsa_keys=ON
# Restart completed.
# Search for : Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory.
Pattern "Auto generated RSA key files through --sha256_password_auto_generate_rsa_keys are placed in data directory." found
# Search completed.
# 7.2 : System variables
# No ssl variables should be set
SELECT VARIABLE_NAME,VARIABLE_VALUE FROM performance_schema.global_variables
WHERE VARIABLE_NAME IN ('auto_generate_certs', 'ssl_ca', 'ssl_cert', 'ssl_key') ORDER BY 1;
VARIABLE_NAME	VARIABLE_VALUE
auto_generate_certs	ON
ssl_ca	
ssl_cert	
ssl_key	
# sha256_password_auto_generate_rsa_keys, sha256_password_private_key_path
# and sha256_password_public_key_path should be set.
SELECT VARIABLE_NAME,VARIABLE_VALUE FROM performance_schema.global_variables
WHERE VARIABLE_NAME LIKE 'sha256%' ORDER BY 1;
VARIABLE_NAME	VARIABLE_VALUE
sha256_password_auto_generate_rsa_keys	ON
sha256_password_private_key_path	private_key.pem
sha256_password_proxy_users	OFF
sha256_password_public_key_path	public_key.pem
# 7.3 : SSL connection
# Should not be able to connect to server using generated SSL certificates.
# 7.4 : SHA256_password user
create user wl7699_sha256 identified with 'sha256_password' by 'abcd';
# Should not be able to connect to server using generated SSL certificates.
# Should be able to connect to server using RSA key pair.
current_user()
wl7699_sha256@%
drop user wl7699_sha256;
#
# Bug#21108296 : --SSL-CIPHER OPTION CAUSES SSL INITIALIZATION FAILURE
#
# Restarting mysqld with :
#       --auto_generate_certs=ON
#       --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256
#       --skip-sha256_password_auto_generate_rsa_keys
# Restart completed.
# Search for : Auto generated SSL certificates are placed in data directory.
Pattern "Auto generated SSL certificates are placed in data directory." found
# Search completed.
Variable_name	Value
Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
# Clean-up
# restart: