Improved testing of ssl and compression

 - Added show status variable "compression" for checking that compression is turned on.
 - Updated show status variable "have_openssl" to be set to DISABLED if server supports ssl but it's not turned on to accept incoming ssl connections.  
 - Setup server to accept ssl connections from clients ig that is supported by server
 - New tests 
   - ssl - Run with ssl turned on
   - ssl_compress - Run with ssl and compression turned on
   - compress - Run with compression turned in 
 - Updated test 
   - openssl_1, rpl_openssl1 - Changed to run if server supports ssl


BitKeeper/deleted/.del-have_openssl_1.inc~55590efedeec9ee0:
  Delete: mysql-test/include/have_openssl_1.inc
BitKeeper/deleted/.del-have_openssl_1.require~e8cdeb0adba99ac5:
  Delete: mysql-test/r/have_openssl_1.require
client/mysqltest.c:
  Add commands to enable/disable ssl for the follwing connect's
  Add commands to enable/disable compression for the  following connect's
mysql-test/mysql-test-run.pl:
  Test if ssl is supported by the server
  If ssl is supported by the server, start server with ability to accept ssl connections from clients
  Cleanup check of supported features check_ssl_support, check_ndbcluster_support
  Flags and helptext for mysl-test-run.pl updated 
    --ssl, turn on ssl encryption between server and client
    --skip-ssl, don'r turn on ssl or setup ssl even if it's supported
    --with-openssl, deprecated, synonym with --ssl
mysql-test/r/openssl_1.result:
  Update test results
mysql-test/t/openssl_1.test:
  Run this if server reports it has support for ssl
  Enable ssl before connecting
  Check that ssl encryption has been turned on
mysql-test/t/rpl_openssl.test:
  Run this if server reports it supports ssl
sql-common/client.c:
  Add DBUG_PRINT's
sql/mysqld.cc:
  If server can't accept ssl connection set have_openssl to SHOW_OPTION_DISABLED
  Add status variable to show if connection with server is using compressed protocol
sql/sql_show.cc:
  Add status variable to show if connection with server is using compressed protocol
sql/structs.h:
  Add status variable to show if connection with server is using compressed protocol
mysql-test/r/compress.result:
  New BitKeeper file ``mysql-test/r/compress.result''
mysql-test/r/ssl.result:
  New BitKeeper file ``mysql-test/r/ssl.result''
mysql-test/r/ssl_compress.result:
  New BitKeeper file ``mysql-test/r/ssl_compress.result''
mysql-test/t/compress.test:
  New BitKeeper file ``mysql-test/t/compress.test''
mysql-test/t/ssl.test:
  New BitKeeper file ``mysql-test/t/ssl.test''
mysql-test/t/ssl_compress.test:
  New BitKeeper file ``mysql-test/t/ssl_compress.test''

client/mysqltest.c

@@ -309,6 +309,8 @@ Q_ENABLE_INFO, Q_DISABLE_INFO,
 Q_ENABLE_METADATA, Q_DISABLE_METADATA,
 Q_EXEC, Q_DELIMITER,
 Q_DISABLE_ABORT_ON_ERROR, Q_ENABLE_ABORT_ON_ERROR,
+Q_DISABLE_SSL, Q_ENABLE_SSL,
+Q_DISABLE_COMPRESS, Q_ENABLE_COMPRESS,
 Q_DISPLAY_VERTICAL_RESULTS, Q_DISPLAY_HORIZONTAL_RESULTS,
 Q_QUERY_VERTICAL, Q_QUERY_HORIZONTAL,
 Q_START_TIMER, Q_END_TIMER,
@@ -395,6 +397,10 @@ const char *command_names[]=
   "delimiter",
   "disable_abort_on_error",
   "enable_abort_on_error",
+  "disable_ssl",
+  "enable_ssl",
+  "disable_compress",
+  "enable_compress",
   "vertical_results",
   "horizontal_results",
   "query_vertical",
@@ -4047,6 +4053,12 @@ int main(int argc, char **argv)
       case Q_DISABLE_QUERY_LOG:  disable_query_log=1; break;
       case Q_ENABLE_ABORT_ON_ERROR:  abort_on_error=1; break;
       case Q_DISABLE_ABORT_ON_ERROR: abort_on_error=0; break;
+#ifdef HAVE_OPENSSL
+      case Q_ENABLE_SSL:  opt_use_ssl=1; break;
+      case Q_DISABLE_SSL: opt_use_ssl=0; break;
+#endif
+      case Q_ENABLE_COMPRESS:  opt_compress=1; break;
+      case Q_DISABLE_COMPRESS: opt_compress=0; break;
       case Q_ENABLE_RESULT_LOG:  disable_result_log=0; break;
       case Q_DISABLE_RESULT_LOG: disable_result_log=1; break;
       case Q_ENABLE_WARNINGS:    disable_warnings=0; break;

mysql-test/include/have_openssl_1.inc

--- require r/have_openssl_1.require
-disable_query_log;
-SHOW STATUS LIKE 'Ssl_cipher';
-enable_query_log;

mysql-test/mysql-test-run.pl

@@ -188,6 +188,12 @@ our $opt_big_test= 0;            # Send --big-test to mysqltest
 our @opt_extra_mysqld_opt;
 
 our $opt_compress;
+our $opt_ssl;
+our $opt_skip_ssl;
+our $opt_ssl_supported;
+our $opt_with_openssl;           # Deprecated flag
+our $opt_ps_protocol;
+
 our $opt_current_test;
 our $opt_ddd;
 our $opt_debug;
@@ -237,7 +243,6 @@ our $opt_skip_rpl;
 our $opt_skip_test;
 
 our $opt_sleep;
-our $opt_ps_protocol;
 
 our $opt_sleep_time_after_restart=  1;
 our $opt_sleep_time_for_delete=    10;
@@ -275,7 +280,6 @@ our $opt_udiff;
 
 our $opt_skip_ndbcluster;
 our $opt_with_ndbcluster;
-our $opt_with_openssl;
 
 our $exe_ndb_mgm;
 our $path_ndb_tools_dir;
@@ -296,7 +300,8 @@ sub executable_setup ();
 sub environment_setup ();
 sub kill_running_server ();
 sub kill_and_cleanup ();
-sub ndbcluster_support ();
+sub check_ssl_support ();
+sub check_ndbcluster_support ();
 sub ndbcluster_install ();
 sub ndbcluster_start ();
 sub ndbcluster_stop ();
@@ -331,11 +336,9 @@ sub main () {
   initial_setup();
   command_line_setup();
   executable_setup();
-  
-  if (! $opt_skip_ndbcluster and ! $opt_with_ndbcluster)
-  {
-    $opt_with_ndbcluster= ndbcluster_support();
-  }
+
+  check_ndbcluster_support();
+  check_ssl_support();
 
   environment_setup();
   signal_setup();
@@ -477,6 +480,10 @@ sub command_line_setup () {
              # Control what engine/variation to run
              'embedded-server'          => \$opt_embedded_server,
              'ps-protocol'              => \$opt_ps_protocol,
+             'with-openssl'             => \$opt_with_openssl,
+             'ssl'                      => \$opt_ssl,
+             'skip-ssl'                 => \$opt_skip_ssl,
+             'compress'                 => \$opt_compress,
              'bench'                    => \$opt_bench,
              'small-bench'              => \$opt_small_bench,
              'no-manager'               => \$opt_no_manager, # Currently not used
@@ -527,7 +534,6 @@ sub command_line_setup () {
 
              # Misc
              'big-test'                 => \$opt_big_test,
-             'compress'                 => \$opt_compress,
              'debug'                    => \$opt_debug,
              'fast'                     => \$opt_fast,
              'local'                    => \$opt_local,
@@ -552,7 +558,6 @@ sub command_line_setup () {
              'testcase-timeout=i'       => \$opt_testcase_timeout,
              'suite-timeout=i'          => \$opt_suite_timeout,
              'warnings|log-warnings'    => \$opt_warnings,
-             'with-openssl'             => \$opt_with_openssl,
 
              'help|h'                   => \$opt_usage,
             ) or usage("Can't read options");
@@ -1094,13 +1099,66 @@ sub kill_and_cleanup () {
 }
 
 
+sub check_ssl_support () {
+
+
+  # Convert deprecated --with-openssl to --ssl
+  if ( $opt_with_openssl )
+  {
+    $opt_ssl= 1;
+  }
+
+  if ($opt_skip_ssl)
+  {
+    mtr_report("Skipping SSL");
+    $opt_ssl_supported= 0;
+    $opt_ssl= 0;
+    return;
+  }
+
+  # check ssl support by testing using a switch
+  # that is only available in that case
+  if ( mtr_run($exe_mysqld,
+	       ["--no-defaults",
+	        "--ssl",
+	        "--help"],
+	       "", "/dev/null", "/dev/null", "") != 0 )
+  {
+    if ( $opt_ssl)
+    {
+      mtr_error("Couldn't find support for SSL");
+      return;
+    }
+    mtr_report("Skipping SSL, mysqld does not support it");
+    $opt_ssl_supported= 0;
+    $opt_ssl= 0;
+    return;
+  }
+  mtr_report("Setting mysqld to support SSL connections");
+  $opt_ssl_supported= 1;
+}
+
+
 ##############################################################################
 #
 #  Start the ndb cluster
 #
 ##############################################################################
 
-sub ndbcluster_support () {
+sub check_ndbcluster_support () {
+
+  if ($opt_skip_ndbcluster)
+  {
+    mtr_report("Skipping ndbcluster");
+    $opt_with_ndbcluster= 0;
+    return;
+  }
+
+  if ($opt_with_ndbcluster)
+  {
+    mtr_report("Using ndbcluster");
+    return;
+  }
 
   # check ndbcluster support by testing using a switch
   # that is only available in that case
@@ -1110,11 +1168,13 @@ sub ndbcluster_support () {
 	        "--help"],
 	       "", "/dev/null", "/dev/null", "") != 0 )
   {
-    mtr_report("No ndbcluster support");
-    return 0;
+    mtr_report("Skipping ndbcluster, mysqld does not support it");
+    $opt_with_ndbcluster= 0;
+    return;
   }
-  mtr_report("Has ndbcluster support");
-  return 1;
+  mtr_report("Using ndbcluster, mysqld supports it");
+  $opt_with_ndbcluster= 1;
+  return;
 }
 
 # FIXME why is there a different start below?!
@@ -2003,7 +2063,7 @@ sub mysqld_arguments ($$$$$) {
   mtr_add_arg($args, "%s--max_heap_table_size=1M", $prefix);
   mtr_add_arg($args, "%s--log-bin-trust-routine-creators", $prefix);
 
-  if ( $opt_with_openssl )
+  if ( $opt_ssl_supported )
   {
     mtr_add_arg($args, "%s--ssl-ca=%s/std_data/cacert.pem", $prefix,
                 $glob_mysql_test_dir);
@@ -2468,14 +2528,26 @@ sub run_mysqltest ($) {
     mtr_add_arg($args, "--debug=d:t:A,%s/log/mysqltest.trace", $opt_vardir);
   }
 
-  if ( $opt_with_openssl )
+  if ( $opt_ssl_supported )
   {
     mtr_add_arg($args, "--ssl-ca=%s/std_data/cacert.pem",
-                $glob_mysql_test_dir);
+	        $glob_mysql_test_dir);
     mtr_add_arg($args, "--ssl-cert=%s/std_data/client-cert.pem",
-                $glob_mysql_test_dir);
+	        $glob_mysql_test_dir);
     mtr_add_arg($args, "--ssl-key=%s/std_data/client-key.pem",
-                $glob_mysql_test_dir);
+	        $glob_mysql_test_dir);
+  }
+
+  # Turn on SSL for all test cases
+  if ( $opt_ssl )
+  {
+    mtr_add_arg($args, "--ssl",
+		$glob_mysql_test_dir);
+  }
+  elsif ( $opt_ssl_supported )
+  {
+    mtr_add_arg($args, "--skip-ssl",
+		$glob_mysql_test_dir);
   }
 
   mtr_add_arg($args, "-R");
@@ -2515,6 +2587,9 @@ Options to control what engine/variation to run
 
   embedded-server       Use the embedded server, i.e. no mysqld daemons
   ps-protocol           Use the binary protocol between client and server
+  compress              Use the compressed protocol between client and server
+  ssl                   Use ssl protocol between client and server
+  skip-ssl              Dont start sterver with support for ssl connections
   bench                 Run the benchmark suite FIXME
   small-bench           FIXME
 
@@ -2522,6 +2597,7 @@ Options to control what test suites or cases to run
 
   force                 Continue to run the suite after failure
   with-ndbcluster       Use cluster, and enable test cases that requres it
+  skip-ndb[cluster]     Use cluster, and enable test cases that requres it
   do-test=PREFIX        Run test cases which name are prefixed with PREFIX
   start-from=PREFIX     Run test cases starting from test prefixed with PREFIX
   suite=NAME            Run the test suite named NAME. The default is "main"
@@ -2545,7 +2621,7 @@ Options that pass on options
 Options to run test on running server
 
   extern                Use running server for tests FIXME DANGEROUS
-  ndbconnectstring=STR  Use running cluster, and connect using STR      
+  ndbconnectstring=STR  Use running cluster, and connect using STR
   user=USER             User for connect to server
 
 Options for debugging the product
@@ -2570,7 +2646,6 @@ Misc options
 
   verbose               Verbose output from this script
   script-debug          Debug this script itself
-  compress              Use the compressed protocol between client and server
   timer                 Show test case execution time
   start-and-exit        Only initiate and start the "mysqld" servers, use the startup
                         settings for the specified test case if any
@@ -2583,6 +2658,9 @@ Misc options
   testcase-timeout=MINUTES Max test case run time (default 5)
   suite-timeout=MINUTES    Max test suite run time (default 120)
 
+Deprecated options
+  with-openssl          Deprecated option for ssl
+
 
 Options not yet described, or that I want to look into more
 
@@ -2599,7 +2677,6 @@ Options not yet described, or that I want to look into more
   wait-timeout=SECONDS  
   warnings              
   log-warnings          
-  with-openssl          
 
 HERE
   mtr_exit(1);

mysql-test/r/have_openssl_1.require

-Variable_name	Value
-Ssl_cipher	DHE-RSA-AES256-SHA

mysql-test/r/openssl_1.result

@@ -6,21 +6,33 @@ grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA
 grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
 grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
 flush privileges;
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
 select * from t1;
 f1
 5
 delete from t1;
 ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1'
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
 select * from t1;
 f1
 5
 delete from t1;
 ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1'
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
 select * from t1;
 f1
 5
 delete from t1;
 ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1'
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
 select * from t1;
 f1
 5

mysql-test/t/compress.test

+# Turn on compression between the client and server
+# and run a number of tests
+
+-- source include/have_compress.inc
+
+enable_compress;
+
+# Reconnect to turn compress on for
+# default connection
+disconnect default;
+connect (default,localhost,root,,);
+
+# Check compression turned on
+SHOW STATUS LIKE 'Compression';
+
+# Source select test case
+-- source t/select.test
+
+disable_compress;

mysql-test/t/openssl_1.test

 # We test openssl. Result set is optimized to be compiled with --with-openssl.
 # Use mysql-test-run with --with-openssl option.
--- source include/have_openssl_1.inc
+-- source include/have_openssl.inc
 
 --disable_warnings
 drop table if exists t1;
@@ -13,27 +13,36 @@ grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA
 grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
 grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
 flush privileges;
+enable_ssl;
 connect (con1,localhost,ssl_user1,,);
 connect (con2,localhost,ssl_user2,,);
 connect (con3,localhost,ssl_user3,,);
 connect (con4,localhost,ssl_user4,,);
 
 connection con1;
+# Check ssl turned on
+SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error 1142
 delete from t1;
 
 connection con2;
+# Check ssl turned on
+SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error 1142
 delete from t1;
 
 connection con3;
+# Check ssl turned on
+SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error 1142
 delete from t1;
 
 connection con4;
+# Check ssl turned on
+SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error 1142
 delete from t1;

mysql-test/t/rpl_openssl.test

-source include/have_openssl_1.inc;
+source include/have_openssl.inc;
 source include/master-slave.inc;
 
 # We don't test all types of ssl auth params here since it's a bit hard 

mysql-test/t/ssl.test

+# Turn on ssl between the client and server
+# and run a number of tests
+
+-- source include/have_openssl.inc
+
+enable_ssl;
+
+# Reconnect to turn ssl on for
+# default connection
+disconnect default;
+connect (default,localhost,root,,);
+
+# Check ssl turned on
+SHOW STATUS LIKE 'Ssl_cipher';
+
+# Source select test case
+-- source t/select.test
+
+disable_ssl;
+
+

mysql-test/t/ssl_compress.test

+# Turn on compression between the client and server
+# and run a number of tests
+
+-- source include/have_openssl.inc
+-- source include/have_compress.inc
+
+enable_compress;
+enable_ssl;
+
+# Reconnect to turn ssl and compress on for
+# default connection
+disconnect default;
+connect (default,localhost,root,,);
+
+# Check ssl turned on
+SHOW STATUS LIKE 'Ssl_cipher';
+
+# Check compression turned on
+SHOW STATUS LIKE 'Compression';
+
+# Source select test case
+-- source t/select.test
+
+disable_compress;
+disable_ssl;

sql-common/client.c

@@ -1474,6 +1474,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
 	      const char *capath __attribute__((unused)),
 	      const char *cipher __attribute__((unused)))
 {
+  DBUG_ENTER("mysql_ssl_set");
 #ifdef HAVE_OPENSSL
   mysql->options.ssl_key=    strdup_if_not_null(key);
   mysql->options.ssl_cert=   strdup_if_not_null(cert);
@@ -1481,7 +1482,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
   mysql->options.ssl_capath= strdup_if_not_null(capath);
   mysql->options.ssl_cipher= strdup_if_not_null(cipher);
 #endif /* HAVE_OPENSSL */
-  return 0;
+  DBUG_RETURN(0);
 }
 
 
@@ -1494,6 +1495,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
 static void
 mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
 {
+  DBUG_ENTER("mysql_ssl_free");
   my_free(mysql->options.ssl_key, MYF(MY_ALLOW_ZERO_PTR));
   my_free(mysql->options.ssl_cert, MYF(MY_ALLOW_ZERO_PTR));
   my_free(mysql->options.ssl_ca, MYF(MY_ALLOW_ZERO_PTR));
@@ -1507,6 +1509,7 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
   mysql->options.ssl_cipher= 0;
   mysql->options.use_ssl = FALSE;
   mysql->connector_fd = 0;
+  DBUG_VOID_RETURN;
 }
 #endif /* HAVE_OPENSSL */
 

sql/mysqld.cc

@@ -2765,7 +2765,14 @@ static void init_ssl()
 					  opt_ssl_cipher);
     DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
     if (!ssl_acceptor_fd)
+    {
       opt_use_ssl = 0;
+      have_openssl= SHOW_OPTION_DISABLED;
+    }
+  }
+  else
+  {
+    have_openssl= SHOW_OPTION_DISABLED;
   }
   if (des_key_file)
     load_des_key_file(des_key_file);
@@ -5851,6 +5858,9 @@ struct show_var_st status_vars[]= {
   {"Com_xa_recover",           (char*) offsetof(STATUS_VAR, com_stat[(uint) SQLCOM_XA_RECOVER]),SHOW_LONG_STATUS},
   {"Com_xa_rollback",          (char*) offsetof(STATUS_VAR, com_stat[(uint) SQLCOM_XA_ROLLBACK]),SHOW_LONG_STATUS},
   {"Com_xa_start",             (char*) offsetof(STATUS_VAR, com_stat[(uint) SQLCOM_XA_START]),SHOW_LONG_STATUS},
+#ifdef HAVE_COMPRESS
+  {"Compression",              (char*) 0,                        SHOW_NET_COMPRESSION},
+#endif /* HAVE_COMPRESS */
   {"Connections",              (char*) &thread_id,              SHOW_LONG_CONST},
   {"Created_tmp_disk_tables",  (char*) offsetof(STATUS_VAR, created_tmp_disk_tables), SHOW_LONG_STATUS},
   {"Created_tmp_files",	       (char*) &my_tmp_file_created,	SHOW_LONG},

sql/sql_show.cc

@@ -1632,6 +1632,11 @@ static bool show_status_array(THD *thd, const char *wild,
 	  value= (value-(char*) &dflt_key_cache_var)+ (char*) dflt_key_cache;
 	  end= longlong10_to_str(*(longlong*) value, buff, 10);
 	  break;
+#ifdef HAVE_COMPRESS
+        case SHOW_NET_COMPRESSION:
+          end= strmov(buff, thd->net.compress ? "ON" : "OFF");
+          break;
+#endif /* HAVE_COMPRESS */
         case SHOW_UNDEF:				// Show never happen
         case SHOW_SYS:
           break;					// Return empty string

sql/structs.h

@@ -185,6 +185,9 @@ enum SHOW_TYPE
   SHOW_SSL_CTX_SESS_TIMEOUTS, SHOW_SSL_CTX_SESS_CACHE_FULL,
   SHOW_SSL_GET_CIPHER_LIST,
 #endif /* HAVE_OPENSSL */
+#ifdef HAVE_COMPRESS
+  SHOW_NET_COMPRESSION,
+#endif /* HAVE_COMPRESS */
   SHOW_RPL_STATUS, SHOW_SLAVE_RUNNING, SHOW_SLAVE_RETRIED_TRANS,
   SHOW_KEY_CACHE_LONG, SHOW_KEY_CACHE_CONST_LONG, SHOW_KEY_CACHE_LONGLONG,
   SHOW_LONG_STATUS, SHOW_LONG_CONST_STATUS, SHOW_SLAVE_SKIP_ERRORS