1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# ==== Requirements ====
# #
# # R1. When @@global.ssl_fips=1, and replication does not use ssl, replication shall work
# # R2. When @@global.ssl_fips=1, and replication uses ssl with a weak cipher, replication shall fail to connect
# # R3. When @@global.ssl_fips=1, and replication uses ssl with a strong cipher, replication shall work
# #
# # ==== References ====
# #
# # WL#8102: Make sure MySQL compiles and runs with the OpenSSL FIPS Object Module
# Disabled on 32-bit platforms until Bug#28556707 is fixed
--source include/have_64bit.inc
--source include/not_windows.inc
--source include/have_fips.inc
--source include/not_group_replication_plugin.inc
--source include/master-slave.inc
CALL mtr.add_suppression("Failed to set up SSL because of the following *");
CALL mtr.add_suppression("Replica SQL for channel '': Request to stop replica SQL Thread received while *");
--echo [on master]
connection master;
SET PERSIST_ONLY ssl_fips_mode=ON;
--echo [on slave]
connection slave;
SET PERSIST_ONLY ssl_fips_mode=ON;
# Restart master
--source include/stop_slave.inc
--let $rpl_server_number=1
--source include/rpl_restart_server.inc
--source include/start_slave.inc
--source include/rpl_connection_master.inc
--source include/save_binlog_position.inc
--echo [on master]
connection master;
--echo [on slave]
connection slave;
source include/stop_slave.inc;
--let $rpl_server_number=2
--source include/rpl_restart_server.inc
--echo # R1: Set the ssl connection OFF
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--eval CHANGE REPLICATION SOURCE TO SOURCE_USER = 'root', SOURCE_PASSWORD = '', SOURCE_SSL = 0;
source include/start_slave.inc;
--source include/check_slave_no_error.inc
--echo [on slave]
connection slave;
source include/stop_slave.inc;
--echo # R2: Set the ssl connection ON and weak cipher CAMELLIA256-SHA
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--eval CHANGE REPLICATION SOURCE TO SOURCE_USER = 'root', SOURCE_PASSWORD = '', SOURCE_SSL = 1, SOURCE_TLS_VERSION = 'TLSv1.2', SOURCE_SSL_CIPHER = 'CAMELLIA256-SHA', SOURCE_RETRY_COUNT = 1
START SLAVE;
--let $slave_io_errno= 2026
--source include/wait_for_slave_io_error.inc
connection slave;
select SERVICE_STATE, LAST_ERROR_NUMBER from performance_schema.replication_connection_status;
--echo # R3: Set the ssl connection ON and strong cipher
connection slave;
--source include/stop_slave.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--eval CHANGE REPLICATION SOURCE TO SOURCE_USER = 'root', SOURCE_PASSWORD = '', SOURCE_SSL = 1, SOURCE_TLS_VERSION = 'TLSv1.2', SOURCE_SSL_CIPHER = 'ECDHE-RSA-AES128-GCM-SHA256'
source include/start_slave.inc;
--source include/check_slave_no_error.inc
--source include/stop_slave.inc
--echo ==== Cleanup (Note that slave IO thread is not running) ====
# cleanup: slave io thread has stopped so we reset replication
--replace_column 2 ####
CHANGE REPLICATION SOURCE TO SOURCE_USER = 'root', SOURCE_PASSWORD = '', SOURCE_SSL=0;
# clear Slave_IO_Errno
--let $rpl_only_running_threads= 1
--source include/rpl_reset.inc
--echo [on master]
connection master;
RESET PERSIST ssl_fips_mode;
let $MYSQLD_DATADIR= `select @@datadir`;
--remove_file $MYSQLD_DATADIR/mysqld-auto.cnf
--echo [on slave]
connection slave;
RESET PERSIST ssl_fips_mode;
let $MYSQLD_DATADIR= `select @@datadir`;
--remove_file $MYSQLD_DATADIR/mysqld-auto.cnf
--echo [on master]
connection master;
--source include/rpl_end.inc
--source include/force_restart.inc
|
