update C/C 3.4

note that: * unit.conc_tls is broken in mtr * schannel now doesn't fail on invalid ca path unless --ssl-verify-server-cert is used. openssl still does.

update C/C 3.4
note that: * unit.conc_tls is broken in mtr * schannel now doesn't fail on invalid ca path unless --ssl-verify-server-cert is used. openssl still does.
66f14ef6 · Sergei Golubchik · 6f357fea · de630591 · 66f14ef6 · 66f14ef6
Commit 66f14ef6 authored Aug 01, 2024 by Sergei Golubchik
7 changed files
--- a/libmariadb @ de630591
+++ b/libmariadb @ de630591
-Subproject commit dddcf400af9a693fdbed4e692d71bf98b79b7aa1
+Subproject commit de6305915f86bb33c83b1fe782a2b8a76920aec1
--- a/mysql-test/main/openssl_1.test
+++ b/mysql-test/main/openssl_1.test
@@ -81,7 +81,7 @@ drop table t1;
 #
 --replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
 --error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 --echo

 #
@@ -90,7 +90,7 @@ drop table t1;
 #
 --replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
 --error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 --echo

 #
@@ -203,7 +203,7 @@ set global sql_mode=default;

 --replace_regex /TLS\/SSL error:.*/TLS\/SSL error/
 --error 1
--exec $MYSQL_BINLOG --read-from-remote-server --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
+--exec $MYSQL_BINLOG --read-from-remote-server --ssl-verify-server-cert --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1

 # Wait till we reached the initial number of concurrent sessions
 --source include/wait_until_count_sessions.inc
--- a/mysql-test/main/ssl_ca.test
+++ b/mysql-test/main/ssl_ca.test
@@ -9,8 +9,8 @@

 --replace_regex /TLS\/SSL error.*/TLS\/SSL error: xxxx/
 --error 1
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1
+--exec $MYSQL --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1
 --echo

 --echo # try to connect with correct '--ssl-ca' path : should connect
--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';"
+--exec $MYSQL --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';"
--- a/mysql-test/main/ssl_fp.result
+++ b/mysql-test/main/ssl_fp.result
@@ -8,5 +8,6 @@ ERROR 2026 (HY000): TLS/SSL error: Failed to verify the server certificate
 test.have_ssl()
 yes
 # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
-ERROR 2026 (HY000): TLS/SSL error: Fingerprint verification of server certificate failed
+test.have_ssl()
+yes
 drop function have_ssl;
--- a/mysql-test/main/ssl_fp.test
+++ b/mysql-test/main/ssl_fp.test
@@ -24,10 +24,9 @@ if($is_win)
 --echo # mysql --protocol tcp -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()"
 --exec $MYSQL --protocol tcp $host -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
 #
-# wrong fingerprint fails even with --disable-ssl-verify-server-cert
+# --disable-ssl-verify-server-cert disables fingerprint checks too
 #
 --echo # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
--error 1
 --exec $MYSQL --protocol tcp $host -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()" 2>&1

 drop function have_ssl;
--- a/mysql-test/main/ssl_system_ca,bad.result
+++ b/mysql-test/main/ssl_system_ca,bad.result
-ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
+ERROR 2026 (HY000): TLS/SSL error: Hostname verification failed
--- a/mysql-test/suite/unit/disabled.def
+++ b/mysql-test/suite/unit/disabled.def
+conc_tls : broken