1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
--source include/not_group_replication_plugin.inc
source include/master-slave.inc;
# We don't test all types of ssl auth params here since it's a bit hard
# until problems with OpenSSL 0.9.7 are unresolved
# creating replication user for whom ssl auth is required
# preparing playground
connection master;
SET SQL_LOG_BIN= 0;
create user replssl@localhost require ssl;
grant replication slave on *.* to replssl@localhost;
SET SQL_LOG_BIN= 1;
create table t1 (t int);
--source include/sync_slave_sql_with_master.inc
#trying to use this user without ssl
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_column 2 ####
CHANGE REPLICATION SOURCE to SOURCE_USER='replssl',SOURCE_PASSWORD='';
start slave;
#showing that replication don't work
--let $slave_io_errno= convert_error(ER_ACCESS_DENIED_ERROR)
--source include/wait_for_slave_io_error.inc
--source include/stop_slave_sql.inc
#showing that replication could work with ssl params
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--replace_column 2 ####
eval CHANGE REPLICATION SOURCE to SOURCE_SSL=1 , SOURCE_SSL_CA ='$MYSQL_TEST_DIR/std_data/cacert.pem', SOURCE_SSL_CERT='$MYSQL_TEST_DIR/std_data/client-cert.pem', SOURCE_SSL_KEY='$MYSQL_TEST_DIR/std_data/client-key.pem', SOURCE_TLS_VERSION='TLSv1.2';
start slave;
--source include/wait_for_slave_to_start.inc
#avoiding unneeded sleeps
connection master;
insert into t1 values (1);
--source include/sync_slave_sql_with_master.inc
#checking that replication is ok
select * from t1;
#checking show slave status
let $status_items= Master_SSL_Allowed, Master_SSL_CA_Path, Master_SSL_CA_File, Master_SSL_Cert, Master_SSL_Key, Master_TLS_Version;
source include/show_slave_status.inc;
source include/check_slave_is_running.inc;
#checking if replication works without ssl also performing clean up
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_column 2 ####
CHANGE REPLICATION SOURCE to SOURCE_USER='root',SOURCE_PASSWORD='', SOURCE_SSL=0;
start slave;
--source include/wait_for_slave_to_start.inc
connection master;
SET SQL_LOG_BIN= 0;
drop user replssl@localhost;
SET SQL_LOG_BIN= 1;
drop table t1;
--source include/sync_slave_sql_with_master.inc
source include/show_slave_status.inc;
source include/check_slave_is_running.inc;
# End of 4.1 tests
# Start replication with ssl_verify_server_cert turned on
connection slave;
stop slave;
--source include/wait_for_slave_to_stop.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--replace_column 2 ####
eval CHANGE REPLICATION SOURCE to
SOURCE_HOST="localhost",
SOURCE_SSL=1 ,
SOURCE_SSL_CA ='$MYSQL_TEST_DIR/std_data/cacert.pem',
SOURCE_SSL_CERT='$MYSQL_TEST_DIR/std_data/client-cert.pem',
SOURCE_SSL_KEY='$MYSQL_TEST_DIR/std_data/client-key.pem',
SOURCE_SSL_VERIFY_SERVER_CERT=1;
start slave;
--source include/wait_for_slave_to_start.inc
connection master;
create table t1 (t int);
insert into t1 values (1);
--source include/sync_slave_sql_with_master.inc
echo on slave;
#checking that replication is ok
select * from t1;
#checking show slave status
source include/show_slave_status.inc;
--source include/check_slave_is_running.inc
# ==== Clean up ====
connection master;
drop table t1;
--source include/sync_slave_sql_with_master.inc
###############################################################################
# BUG#18778485 SSL_VERIFY_SERVER_CERT AUTOMATICALLY SETS TO NO POST RESET SLAVE
# COMMAND
#
# Due to the buggy behaviour, a RESET SLAVE command on the slave server
# reset ssl_verify_server_cert= 0. RESET SLAVE is generally expected to
# delete slave logs and forget the replicaiton positions. This erroneous
# behavior was therefore counterintuitive.
#
# We test the following:
# - The behaviour of ssl_verify_server_cert with RESET SLAVE.
# - Test that neither of STOP SLAVE or START SLAVE affects the value of
# ssl_verify_server_cert.
# - Test that CHANGE MASTER with no ssl_verify_server_cert option doesnt
# affect ssl_verify_server_cert value.
##############################################################################
--source include/stop_slave.inc
--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on STOP SLAVE.
--source include/assert.inc
--let $log_file= query_get_value(SHOW SLAVE STATUS, Master_Log_File, 1)
--let $log_pos= query_get_value(SHOW SLAVE STATUS, Read_Master_Log_Pos, 1)
RESET SLAVE;
--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on RESET SLAVE.
--source include/assert.inc
--replace_result $MASTER_MYPORT MASTER_MYPORT
--eval CHANGE REPLICATION SOURCE TO SOURCE_PORT= $MASTER_MYPORT
--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on CHANGE MASTER.
--source include/assert.inc
--source include/start_slave.inc
--let $assert_cond= "[SHOW SLAVE STATUS, Master_SSL_Verify_Server_Cert, 1]" = "Yes"
--let $assert_text= Master_SSL_Verify_Server_Cert should NOT change on START SLAVE.
--source include/assert.inc
--connection master
--disable_warnings
DROP TABLE IF EXISTS t1;
--source include/sync_slave_sql_with_master.inc
--enable_warnings
--source include/stop_slave.inc
# Clean change master options.
--replace_column 2 ####
CHANGE REPLICATION SOURCE TO
SOURCE_HOST="127.0.0.1",
SOURCE_SSL_CA ='',
SOURCE_SSL_CERT='',
SOURCE_SSL_KEY='',
SOURCE_SSL_VERIFY_SERVER_CERT=0,
SOURCE_SSL=0,
SOURCE_TLS_VERSION='';
--let $rpl_only_running_threads= 1
--source include/rpl_end.inc
|
