new mysqltest connect option SSL-CIPHER=xxxx

386e2e52 · Sergei Golubchik · c8fa6f78 · 386e2e52 · 386e2e52 · 386e2e52
Commit 386e2e52 authored Nov 18, 2014 by Sergei Golubchik
Showing with 17 additions and 6 deletions

client/mysqltest.cc client/mysqltest.cc +7 -1

mysql-test/r/openssl_1.result mysql-test/r/openssl_1.result +2 -0

mysql-test/t/openssl_1.test mysql-test/t/openssl_1.test +8 -5

No files found.
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@@ -5883,6 +5883,7 @@ void do_connect(struct st_command *command)
 {
  int con_port= opt_port;
  char *con_options;
+  char *ssl_cipher= 0;
  my_bool con_ssl= 0, con_compress= 0;
  my_bool con_pipe= 0;
  my_bool con_shm __attribute__ ((unused))= 0;
@@ -5971,6 +5972,11 @@ void do_connect(struct st_command *command)
    length= (size_t) (end - con_options);
    if (length == 3 && !strncmp(con_options, "SSL", 3))
      con_ssl= 1;
+    else if (!strncmp(con_options, "SSL-CIPHER=", 11))
+    {
+      con_ssl= 1;
+      ssl_cipher=con_options + 11;
+    }
    else if (length == 8 && !strncmp(con_options, "COMPRESS", 8))
      con_compress= 1;
    else if (length == 4 && !strncmp(con_options, "PIPE", 4))
@@ -6027,7 +6033,7 @@ void do_connect(struct st_command *command)
  {
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
    mysql_ssl_set(con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
-		  opt_ssl_capath, opt_ssl_cipher);
+		  opt_ssl_capath, ssl_cipher ? ssl_cipher : opt_ssl_cipher);
 #if MYSQL_VERSION_ID >= 50000
    /* Turn on ssl_verify_server_cert only if host is "localhost" */
    opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");

--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -7,6 +7,8 @@ grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA
 grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
+connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET);
+ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO)
 connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
 SHOW STATUS LIKE 'Ssl_cipher';

--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -20,13 +20,16 @@ grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;

-connect (con1,localhost,ssl_user1,,,,,SSL);
-connect (con2,localhost,ssl_user2,,,,,SSL);
-connect (con3,localhost,ssl_user3,,,,,SSL);
-connect (con4,localhost,ssl_user4,,,,,SSL);
+connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
-connect (con5,localhost,ssl_user5,,,,,SSL);
+connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=RC4-SHA);
+connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
+connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
+connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=DHE-RSA-AES256-SHA);

 connection con1;
 # Check ssl turned on