-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmysql-cipherspec.patch
154 lines (140 loc) · 6.69 KB
/
mysql-cipherspec.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
Some test items assume the default SSL cipher is DHE-RSA-AES256-SHA,
which is no longer the case as of openssl 1.0.1.
This patch enhances connect command by an option to specify a cipher
and tests are adjusted to specify the expected cipher explicitly.
Upstream bug report: http://bugs.mysql.com/bug.php?id=64461
diff --git a/client/mysqltest.cc b/client/mysqltest.cc
index 2def9bd..128dc00 100644
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@@ -5503,6 +5503,7 @@ void do_connect(struct st_command *command)
my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0;
my_bool con_secure_auth= 1;
struct st_connection* con_slot;
+ char *con_cipher=NULL;
static DYNAMIC_STRING ds_connection_name;
static DYNAMIC_STRING ds_host;
@@ -5595,6 +5596,8 @@ void do_connect(struct st_command *command)
con_cleartext_enable= 1;
else if (!strncmp(con_options, "SKIPSECUREAUTH",14))
con_secure_auth= 0;
+ else if (!strncmp(con_options, "CIPHER:", 7))
+ con_cipher = con_options + 7;
else
die("Illegal option to connect: %.*s",
(int) (end - con_options), con_options);
@@ -5642,8 +5645,11 @@ void do_connect(struct st_command *command)
if (con_ssl)
{
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
+ /* default cipher */
+ if (con_cipher == NULL && opt_ssl_cipher != NULL)
+ con_cipher = opt_ssl_cipher;
mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
- opt_ssl_capath, opt_ssl_cipher);
+ opt_ssl_capath, con_cipher);
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
#if MYSQL_VERSION_ID >= 50000
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result
index a767a71..3c1ee27 100644
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -197,8 +197,6 @@ Variable_name Value
Ssl_cipher EDH-RSA-DES-CBC3-SHA
Variable_name Value
Ssl_cipher AES256-SHA
-Variable_name Value
-Ssl_cipher RC4-SHA
select 'is still running; no cipher request crashed the server' as result from dual;
result
is still running; no cipher request crashed the server
diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test
index 426de1e..f8c6203 100644
--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
-connect (con1,localhost,ssl_user1,,,,,SSL);
-connect (con2,localhost,ssl_user2,,,,,SSL);
-connect (con3,localhost,ssl_user3,,,,,SSL);
-connect (con4,localhost,ssl_user4,,,,,SSL);
+connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
+connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
-connect (con5,localhost,ssl_user5,,,,,SSL);
+connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
connection con1;
# Check ssl turned on
@@ -125,7 +125,7 @@ drop table t1;
# verification of servers certificate by setting both ca certificate
# and ca path to NULL
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
--echo End of 5.0 tests
#
@@ -215,7 +215,6 @@ DROP TABLE t1;
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=DHE-RSA-AES256-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC3-SHA
--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA
---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=RC4-SHA
--disable_query_log
--disable_result_log
@@ -250,7 +249,7 @@ select 'is still running; no cipher request crashed the server' as result from d
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
FLUSH PRIVILEGES;
-connect(con1,localhost,bug42158,,,,,SSL);
+connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
SHOW STATUS LIKE 'Ssl_cipher';
disconnect con1;
connection default;
diff --git a/mysql-test/t/plugin_auth_sha256_tls.test b/mysql-test/t/plugin_auth_sha256_tls.test
index f99df8a..1b38fda 100644
--- a/mysql-test/t/plugin_auth_sha256_tls.test
+++ b/mysql-test/t/plugin_auth_sha256_tls.test
@@ -1,7 +1,7 @@
--source include/not_embedded.inc
--source include/have_ssl.inc
-connect (ssl_con,localhost,root,,,,,SSL);
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
SHOW STATUS LIKE 'Ssl_cipher';
CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password';
diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test
index ea8be39..c61ca8b 100644
--- a/mysql-test/t/ssl.test
+++ b/mysql-test/t/ssl.test
@@ -8,7 +8,7 @@
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
-connect (ssl_con,localhost,root,,,,,SSL);
+connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';
diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test
index d94c2fc..c27ca58 100644
--- a/mysql-test/t/ssl_8k_key.test
+++ b/mysql-test/t/ssl_8k_key.test
@@ -4,7 +4,7 @@
#
# Bug#29784 YaSSL assertion failure when reading 8k key.
#
---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
## This test file is for testing encrypted communication only, not other
## encryption routines that the SSL library happens to provide!
diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test
index 2cb4c0d..feaa0e7 100644
--- a/mysql-test/t/ssl_compress.test
+++ b/mysql-test/t/ssl_compress.test
@@ -9,7 +9,7 @@
# Save the initial number of concurrent sessions
--source include/count_sessions.inc
-connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
+connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA);
# Check ssl turned on
SHOW STATUS LIKE 'Ssl_cipher';