[mysql] Fix ssl-related tests to specify expected cipher explicitly Related: #789600

Jan Horak hhorak at fedoraproject.org
Tue Mar 13 17:15:18 UTC 2012 

commit 72c72f78d6afcb3e665c160049731e9ef42e00f7
Author: Honza HorĂ¡k <hhorak at redhat.com>
Date:   Tue Mar 13 18:03:48 2012 +0100

    Fix ssl-related tests to specify expected cipher explicitly
    Related: #789600

 mysql-cipherspec.patch     |  115 +++++++++++++++++++++
 mysql-default-cipher.patch |  246 --------------------------------------------
 mysql.spec                 |    8 +-
 3 files changed, 121 insertions(+), 248 deletions(-)
---
diff --git a/mysql-cipherspec.patch b/mysql-cipherspec.patch
new file mode 100644
index 0000000..b9180f2
--- /dev/null
+++ b/mysql-cipherspec.patch
@@ -0,0 +1,115 @@
+Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA, 
+which is no longer the case as of openssl 1.0.1.
+This patch enhances connect command by an option to specify a cipher 
+and tests are adjusted to specify the expected cipher explicitly.
+Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
+
+diff -up mysql-5.5.21/client/mysqltest.cc.cipherspec mysql-5.5.21/client/mysqltest.cc
+--- mysql-5.5.21/client/mysqltest.cc.cipherspec	2012-01-31 12:28:16.000000000 +0100
++++ mysql-5.5.21/client/mysqltest.cc	2012-03-09 14:38:37.083890817 +0100
+@@ -5458,6 +5458,7 @@ void do_connect(struct st_command *comma
+   my_bool con_ssl= 0, con_compress= 0;
+   my_bool con_pipe= 0, con_shm= 0;
+   struct st_connection* con_slot;
++  char *con_cipher=NULL;
+ 
+   static DYNAMIC_STRING ds_connection_name;
+   static DYNAMIC_STRING ds_host;
+@@ -5546,6 +5547,8 @@ void do_connect(struct st_command *comma
+       con_pipe= 1;
+     else if (!strncmp(con_options, "SHM", 3))
+       con_shm= 1;
++    else if (!strncmp(con_options, "CIPHER:", 7))
++      con_cipher = con_options + 7;
+     else
+       die("Illegal option to connect: %.*s", 
+           (int) (end - con_options), con_options);
+@@ -5593,8 +5596,11 @@ void do_connect(struct st_command *comma
+   if (con_ssl)
+   {
+ #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
++  /* default cipher */
++    if (con_cipher == NULL && opt_ssl_cipher != NULL)
++      con_cipher = opt_ssl_cipher;
+     mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
+-		  opt_ssl_capath, opt_ssl_cipher);
++		  opt_ssl_capath, con_cipher);
+ #if MYSQL_VERSION_ID >= 50000
+     /* Turn on ssl_verify_server_cert only if host is "localhost" */
+     opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");
+diff -up mysql-5.5.21/mysql-test/t/openssl_1.test.cipherspec mysql-5.5.21/mysql-test/t/openssl_1.test
+--- mysql-5.5.21/mysql-test/t/openssl_1.test.cipherspec	2012-01-31 12:28:15.000000000 +0100
++++ mysql-5.5.21/mysql-test/t/openssl_1.test	2012-03-09 14:59:52.305752562 +0100
+@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4 at loca
+ grant select on test.* to ssl_user5 at localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
+ flush privileges;
+ 
+-connect (con1,localhost,ssl_user1,,,,,SSL);
+-connect (con2,localhost,ssl_user2,,,,,SSL);
+-connect (con3,localhost,ssl_user3,,,,,SSL);
+-connect (con4,localhost,ssl_user4,,,,,SSL);
++connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
++connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
++connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
++connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+ --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+ --error ER_ACCESS_DENIED_ERROR
+-connect (con5,localhost,ssl_user5,,,,,SSL);
++connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+ 
+ connection con1;
+ # Check ssl turned on
+@@ -119,7 +119,7 @@ drop table t1;
+ # verification of servers certificate by setting both ca certificate
+ # and ca path to NULL
+ #
+---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
++--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+ --echo End of 5.0 tests
+ 
+ #
+@@ -244,7 +244,7 @@ select 'is still running; no cipher requ
+ 
+ GRANT SELECT ON test.* TO bug42158 at localhost REQUIRE X509;
+ FLUSH PRIVILEGES;
+-connect(con1,localhost,bug42158,,,,,SSL);
++connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+ SHOW STATUS LIKE 'Ssl_cipher';
+ disconnect con1;
+ connection default;
+diff -up mysql-5.5.21/mysql-test/t/ssl_8k_key.test.cipherspec mysql-5.5.21/mysql-test/t/ssl_8k_key.test
+--- mysql-5.5.21/mysql-test/t/ssl_8k_key.test.cipherspec	2012-01-31 12:28:15.000000000 +0100
++++ mysql-5.5.21/mysql-test/t/ssl_8k_key.test	2012-03-09 14:38:37.084890702 +0100
+@@ -2,7 +2,7 @@
+ #
+ # Bug#29784 YaSSL assertion failure when reading 8k key.
+ #
+---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
++--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+ 
+ ##  This test file is for testing encrypted communication only, not other
+ ##  encryption routines that the SSL library happens to provide!
+diff -up mysql-5.5.21/mysql-test/t/ssl_compress.test.cipherspec mysql-5.5.21/mysql-test/t/ssl_compress.test
+--- mysql-5.5.21/mysql-test/t/ssl_compress.test.cipherspec	2012-01-31 12:28:15.000000000 +0100
++++ mysql-5.5.21/mysql-test/t/ssl_compress.test	2012-03-09 14:38:37.085890587 +0100
+@@ -7,7 +7,7 @@
+ # Save the initial number of concurrent sessions
+ --source include/count_sessions.inc
+ 
+-connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
++connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA);
+ 
+ # Check ssl turned on
+ SHOW STATUS LIKE 'Ssl_cipher';
+diff -up mysql-5.5.21/mysql-test/t/ssl.test.cipherspec mysql-5.5.21/mysql-test/t/ssl.test
+--- mysql-5.5.21/mysql-test/t/ssl.test.cipherspec	2012-01-31 12:28:15.000000000 +0100
++++ mysql-5.5.21/mysql-test/t/ssl.test	2012-03-09 14:38:37.086890472 +0100
+@@ -6,7 +6,7 @@
+ # Save the initial number of concurrent sessions
+ --source include/count_sessions.inc
+ 
+-connect (ssl_con,localhost,root,,,,,SSL);
++connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+ 
+ # Check ssl turned on
+ SHOW STATUS LIKE 'Ssl_cipher';
diff --git a/mysql.spec b/mysql.spec
index 9a8fe0e..c93c3ba 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -1,6 +1,6 @@
 Name: mysql
 Version: 5.5.21
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 Summary: MySQL client programs and shared libraries
 Group: Applications/Databases
@@ -54,7 +54,7 @@ Patch14: mysql-va-list.patch
 Patch15: mysql-netdevname.patch
 Patch16: mysql-logrotate.patch
 Patch17: mysql-plugin-test.patch
-Patch18: mysql-default-cipher.patch
+Patch18: mysql-cipherspec.patch
 Patch19: mysql-file-contents.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -691,6 +691,10 @@ fi
 %{_mandir}/man1/mysql_client_test.1*
 
 %changelog
+* Tue Mar 13 2012 Honza Horak <hhorak at redhat.com> 5.5.21-2
+- Fix ssl-related tests to specify expected cipher explicitly
+Related: #789600
+
 * Mon Feb 27 2012 Tom Lane <tgl at redhat.com> 5.5.21-1
 - Update to MySQL 5.5.21, for various fixes described at
   http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html

More information about the scm-commits mailing list