ganapathi / rpms / mariadb

Forked from rpms/mariadb 4 years ago
Clone

Blame SOURCES/mariadb-cipherspec.patch

031387
Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA, 
031387
which is no longer the case as of openssl 1.0.1.
031387
This patch enhances connect command by an option to specify a cipher 
031387
and tests are adjusted to specify the expected cipher explicitly.
031387
Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
031387
031387
diff -up mariadb-5.5.28a/client/mysqltest.cc.p18 mariadb-5.5.28a/client/mysqltest.cc
031387
--- mariadb-5.5.28a/client/mysqltest.cc.p18	2012-11-28 16:49:36.000000000 +0100
031387
+++ mariadb-5.5.28a/client/mysqltest.cc	2012-12-17 17:40:01.685079912 +0100
031387
@@ -5808,6 +5808,7 @@ void do_connect(struct st_command *comma
031387
   my_bool con_pipe= 0;
031387
   my_bool con_shm __attribute__ ((unused))= 0;
031387
   struct st_connection* con_slot;
031387
+  char *con_cipher=NULL;
031387
 
031387
   static DYNAMIC_STRING ds_connection_name;
031387
   static DYNAMIC_STRING ds_host;
031387
@@ -5898,6 +5899,8 @@ void do_connect(struct st_command *comma
031387
       con_pipe= 1;
031387
     else if (length == 3 && !strncmp(con_options, "SHM", 3))
031387
       con_shm= 1;
031387
+    else if (!strncmp(con_options, "CIPHER:", 7))
031387
+      con_cipher = con_options + 7;
031387
     else
031387
       die("Illegal option to connect: %.*s", 
031387
           (int) (end - con_options), con_options);
031387
@@ -5945,8 +5948,11 @@ void do_connect(struct st_command *comma
031387
   if (con_ssl)
031387
   {
031387
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
031387
+  /* default cipher */
031387
+    if (con_cipher == NULL && opt_ssl_cipher != NULL)
031387
+      con_cipher = opt_ssl_cipher;
031387
     mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
031387
-		  opt_ssl_capath, opt_ssl_cipher);
031387
+		  opt_ssl_capath, con_cipher);
031387
 #if MYSQL_VERSION_ID >= 50000
031387
     /* Turn on ssl_verify_server_cert only if host is "localhost" */
031387
     opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");
031387
diff -up mariadb-5.5.28a/mysql-test/t/openssl_1.test.p18 mariadb-5.5.28a/mysql-test/t/openssl_1.test
031387
--- mariadb-5.5.28a/mysql-test/t/openssl_1.test.p18	2012-11-28 16:49:36.000000000 +0100
031387
+++ mariadb-5.5.28a/mysql-test/t/openssl_1.test	2012-12-17 17:27:31.884891180 +0100
031387
@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@loca
031387
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
031387
 flush privileges;
031387
 
031387
-connect (con1,localhost,ssl_user1,,,,,SSL);
031387
-connect (con2,localhost,ssl_user2,,,,,SSL);
031387
-connect (con3,localhost,ssl_user3,,,,,SSL);
031387
-connect (con4,localhost,ssl_user4,,,,,SSL);
031387
+connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
+connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
+connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
+connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
031387
 --error ER_ACCESS_DENIED_ERROR
031387
-connect (con5,localhost,ssl_user5,,,,,SSL);
031387
+connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
 
031387
 connection con1;
031387
 # Check ssl turned on
031387
@@ -129,7 +129,7 @@ drop table t1;
031387
 # verification of servers certificate by setting both ca certificate
031387
 # and ca path to NULL
031387
 #
031387
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
031387
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
031387
 --echo End of 5.0 tests
031387
 
031387
 #
031387
@@ -254,7 +254,7 @@ select 'is still running; no cipher requ
031387
 
031387
 GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
031387
 FLUSH PRIVILEGES;
031387
-connect(con1,localhost,bug42158,,,,,SSL);
031387
+connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
 SHOW STATUS LIKE 'Ssl_cipher';
031387
 disconnect con1;
031387
 connection default;
031387
diff -up mariadb-5.5.28a/mysql-test/t/ssl_8k_key.test.p18 mariadb-5.5.28a/mysql-test/t/ssl_8k_key.test
031387
--- mariadb-5.5.28a/mysql-test/t/ssl_8k_key.test.p18	2012-11-28 16:49:46.000000000 +0100
031387
+++ mariadb-5.5.28a/mysql-test/t/ssl_8k_key.test	2012-12-17 17:27:31.885891180 +0100
031387
@@ -2,7 +2,7 @@
031387
 #
031387
 # Bug#29784 YaSSL assertion failure when reading 8k key.
031387
 #
031387
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
031387
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
031387
 
031387
 ##  This test file is for testing encrypted communication only, not other
031387
 ##  encryption routines that the SSL library happens to provide!
031387
diff -up mariadb-5.5.28a/mysql-test/t/ssl_compress.test.p18 mariadb-5.5.28a/mysql-test/t/ssl_compress.test
031387
--- mariadb-5.5.28a/mysql-test/t/ssl_compress.test.p18	2012-11-28 16:49:46.000000000 +0100
031387
+++ mariadb-5.5.28a/mysql-test/t/ssl_compress.test	2012-12-17 17:27:31.885891180 +0100
031387
@@ -8,7 +8,7 @@
031387
 # Save the initial number of concurrent sessions
031387
 --source include/count_sessions.inc
031387
 
031387
-connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
031387
+connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA);
031387
 
031387
 # Check ssl turned on
031387
 SHOW STATUS LIKE 'Ssl_cipher';
031387
diff -up mariadb-5.5.28a/mysql-test/t/ssl.test.p18 mariadb-5.5.28a/mysql-test/t/ssl.test
031387
--- mariadb-5.5.28a/mysql-test/t/ssl.test.p18	2012-11-28 16:49:46.000000000 +0100
031387
+++ mariadb-5.5.28a/mysql-test/t/ssl.test	2012-12-17 17:27:31.885891180 +0100
031387
@@ -8,7 +8,7 @@
031387
 # Save the initial number of concurrent sessions
031387
 --source include/count_sessions.inc
031387
 
031387
-connect (ssl_con,localhost,root,,,,,SSL);
031387
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
031387
 
031387
 # Check ssl turned on
031387
 SHOW STATUS LIKE 'Ssl_cipher';