praiskup / rpms / mariadb

Forked from rpms/mariadb 5 years ago
Clone
Source Code
GIT

Blame mariadb-cipherspec.patch

10.4 el5 el6 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 master private-10.1-COPR private-10.1.10-master private-10.2-COPR private-10.3-COPR private-f26-modules-mariadb-notests private-openssl11 private-scl-master selinux-policy-again
  1.   5eaeb51ae724ec750876f90bbf992e81c0f9141a
  2.   mariadb-cipherspec.patch
Blob History Raw
9c7c797 
Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA,
9c7c797 
which is no longer the case as of openssl 1.0.1.
9c7c797 
This patch enhances connect command by an option to specify a cipher
9c7c797 
and tests are adjusted to specify the expected cipher explicitly.
9c7c797 
Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
9c7c797
Jakub Dorňák 3a5d7cd 
diff -up --recursive mariadb-10.0.12.orig/client/mysqltest.cc mariadb-10.0.12/client/mysqltest.cc
Jakub Dorňák 3a5d7cd 
--- mariadb-10.0.12.orig/client/mysqltest.cc	2014-06-12 11:26:05.000000000 +0200
Jakub Dorňák 3a5d7cd 
+++ mariadb-10.0.12/client/mysqltest.cc	2014-06-18 11:24:49.623171255 +0200
Jakub Dorňák 3a5d7cd 
@@ -5912,6 +5912,7 @@ void do_connect(struct st_command *comma
9c7c797 
   my_bool con_pipe= 0;
9c7c797 
   my_bool con_shm __attribute__ ((unused))= 0;
9c7c797 
   struct st_connection* con_slot;
9c7c797 
+  char *con_cipher=NULL;
9c7c797
9c7c797 
   static DYNAMIC_STRING ds_connection_name;
9c7c797 
   static DYNAMIC_STRING ds_host;
Jakub Dorňák 3a5d7cd 
@@ -6002,6 +6003,8 @@ void do_connect(struct st_command *comma
9c7c797 
       con_pipe= 1;
9c7c797 
     else if (length == 3 && !strncmp(con_options, "SHM", 3))
9c7c797 
       con_shm= 1;
9c7c797 
+    else if (!strncmp(con_options, "CIPHER:", 7))
9c7c797 
+      con_cipher = con_options + 7;
9c7c797 
     else
9c7c797 
       die("Illegal option to connect: %.*s",
9c7c797 
           (int) (end - con_options), con_options);
Jakub Dorňák 3a5d7cd 
@@ -6051,8 +6054,11 @@ void do_connect(struct st_command *comma
9c7c797 
   if (con_ssl)
9c7c797 
   {
9c7c797 
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
Jakub Dorňák 6aba9be 
+    /* default cipher */
9c7c797 
+    if (con_cipher == NULL && opt_ssl_cipher != NULL)
9c7c797 
+      con_cipher = opt_ssl_cipher;
9c7c797 
     mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
9c7c797 
-		  opt_ssl_capath, opt_ssl_cipher);
9c7c797 
+		  opt_ssl_capath, con_cipher);
Jakub Dorňák 6aba9be 
     mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
Jakub Dorňák 6aba9be 
     mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
9c7c797 
 #if MYSQL_VERSION_ID >= 50000
Jakub Dorňák 3a5d7cd 
diff -up --recursive mariadb-10.0.12.orig/mysql-test/t/openssl_1.test mariadb-10.0.12/mysql-test/t/openssl_1.test
Jakub Dorňák 3a5d7cd 
--- mariadb-10.0.12.orig/mysql-test/t/openssl_1.test	2014-06-12 11:26:05.000000000 +0200
Jakub Dorňák 3a5d7cd 
+++ mariadb-10.0.12/mysql-test/t/openssl_1.test	2014-06-18 11:24:49.624171253 +0200
9c7c797 
@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@loca
9c7c797 
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
9c7c797 
 flush privileges;
9c7c797
9c7c797 
-connect (con1,localhost,ssl_user1,,,,,SSL);
9c7c797 
-connect (con2,localhost,ssl_user2,,,,,SSL);
9c7c797 
-connect (con3,localhost,ssl_user3,,,,,SSL);
9c7c797 
-connect (con4,localhost,ssl_user4,,,,,SSL);
9c7c797 
+connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797 
+connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797 
+connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797 
+connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797 
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
9c7c797 
 --error ER_ACCESS_DENIED_ERROR
9c7c797 
-connect (con5,localhost,ssl_user5,,,,,SSL);
9c7c797 
+connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797
9c7c797 
 connection con1;
9c7c797 
 # Check ssl turned on
9c7c797 
@@ -129,7 +129,7 @@ drop table t1;
9c7c797 
 # verification of servers certificate by setting both ca certificate
9c7c797 
 # and ca path to NULL
9c7c797 
 #
9c7c797 
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
9c7c797 
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
9c7c797 
 --echo End of 5.0 tests
9c7c797
9c7c797 
 #
9c7c797 
@@ -254,7 +254,7 @@ select 'is still running; no cipher requ
9c7c797
9c7c797 
 GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
9c7c797 
 FLUSH PRIVILEGES;
9c7c797 
-connect(con1,localhost,bug42158,,,,,SSL);
9c7c797 
+connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797 
 SHOW STATUS LIKE 'Ssl_cipher';
9c7c797 
 disconnect con1;
9c7c797 
 connection default;
Jakub Dorňák 3a5d7cd 
diff -up --recursive mariadb-10.0.12.orig/mysql-test/t/ssl_compress.test mariadb-10.0.12/mysql-test/t/ssl_compress.test
Jakub Dorňák 3a5d7cd 
--- mariadb-10.0.12.orig/mysql-test/t/ssl_compress.test	2014-06-12 11:26:07.000000000 +0200
Jakub Dorňák 3a5d7cd 
+++ mariadb-10.0.12/mysql-test/t/ssl_compress.test	2014-06-18 11:24:49.624171253 +0200
9c7c797 
@@ -8,7 +8,7 @@
9c7c797 
 # Save the initial number of concurrent sessions
9c7c797 
 --source include/count_sessions.inc
9c7c797
9c7c797 
-connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
9c7c797 
+connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA);
9c7c797
9c7c797 
 # Check ssl turned on
9c7c797 
 SHOW STATUS LIKE 'Ssl_cipher';
Jakub Dorňák 3a5d7cd 
diff -up --recursive mariadb-10.0.12.orig/mysql-test/t/ssl.test mariadb-10.0.12/mysql-test/t/ssl.test
Jakub Dorňák 3a5d7cd 
--- mariadb-10.0.12.orig/mysql-test/t/ssl.test	2014-06-12 11:26:05.000000000 +0200
Jakub Dorňák 3a5d7cd 
+++ mariadb-10.0.12/mysql-test/t/ssl.test	2014-06-18 11:24:49.624171253 +0200
9c7c797 
@@ -8,7 +8,7 @@
9c7c797 
 # Save the initial number of concurrent sessions
9c7c797 
 --source include/count_sessions.inc
9c7c797
9c7c797 
-connect (ssl_con,localhost,root,,,,,SSL);
9c7c797 
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
9c7c797
9c7c797 
 # Check ssl turned on
9c7c797 
 SHOW STATUS LIKE 'Ssl_cipher';
Jakub Dorňák 3a5d7cd 
diff -up --recursive mariadb-10.0.12.orig/mysql-test/t/ssl_8k_key.test mariadb-10.0.12/mysql-test/t/ssl_8k_key.test
Jakub Dorňák 3a5d7cd 
--- mariadb-10.0.12.orig/mysql-test/t/ssl_8k_key.test	2014-06-12 11:26:05.000000000 +0200
Jakub Dorňák 3a5d7cd 
+++ mariadb-10.0.12/mysql-test/t/ssl_8k_key.test	2014-06-18 11:24:49.624171253 +0200
Jakub Dorňák 6aba9be 
@@ -5,7 +5,7 @@
Jakub Dorňák 6aba9be 
 #
Jakub Dorňák 6aba9be 
 # Bug#29784 YaSSL assertion failure when reading 8k key.
Jakub Dorňák 6aba9be 
 #
Jakub Dorňák 6aba9be 
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
Jakub Dorňák 6aba9be 
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
Jakub Dorňák 6aba9be
Jakub Dorňák 6aba9be 
 ##  This test file is for testing encrypted communication only, not other
Jakub Dorňák 6aba9be 
 ##  encryption routines that the SSL library happens to provide!
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.