Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7794

MariaDB - mysql-test - fips: some ssl tests with cipher are failing

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.16
    • Fix Version/s: 10.0.18
    • Component/s: SSL
    • Labels:
    • Environment:
      SLES 12 x86-64

      Description

      When FIPS=1 some ssl tests are failing.

      see bug #920865

      :/usr/share/mysql-test # ./mysql-test-run.pl --do-test=ssl --force
      Logging: ./mysql-test-run.pl  --do-test=ssl --force
      vardir: /usr/share/mysql-test/var
      Checking leftover processes...
      Removing old var directory...
      Creating var directory '/usr/share/mysql-test/var'...
      Checking supported features...
      MariaDB Version 10.0.16-MariaDB
       - SSL connections supported
      Using suites: main-,archive-,binlog-,csv-,federated-,funcs_1-,funcs_2-,handler-,heap-,innodb-,innodb_fts-,innodb_zip-,maria-,multi_source-,optimizer_unfixed_bugs-,parts-,percona-,perfschema-,plugins-,roles-,rpl-,sys_vars-,unit-,vcol-,connect,metadata_lock_info,mroonga/storage,mroonga/wrapper,query_response_time,sequence,spider,spider/bg,sql_discovery
      Collecting tests...
      Installing system database...
       
      ==============================================================================
       
      TEST                                      RESULT   TIME (ms) or COMMENT
      --------------------------------------------------------------------------
       
      worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019
      worker[1] mysql-test-run: WARNING: running this script as _root_ will cause some tests to be skipped
      main.ssl-big                             [ skipped ]  Test needs --big-test
      main.ssl_crl                             [ disabled ]  broken upstream
      main.ssl_crl_clients_valid               [ disabled ]  broken upstream
      main.ssl_crl_clrpath                     [ disabled ]  broken upstream
      main.ssl_and_innodb 'innodb_plugin'      [ pass ]     19
      main.ssl_and_innodb 'xtradb'             [ pass ]     31
      main.ssl_8k_key                          [ fail ]
              Test ended at 2015-03-05 15:57:28
       
      CURRENT_TEST: main.ssl_8k_key
      mysqltest: At line 8: exec of '/usr/bin/mysql --defaults-file=/usr/share/mysql-test/var/my.cnf --ssl --ssl-key=/usr/share/mysql-test/std_data/client-key.pem --ssl-cert=/usr/share/mysql-test/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1' failed, error: 256, status: 1, errno: 2
      Output from before failure:
      ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
       
       - saving '/usr/share/mysql-test/var/log/main.ssl_8k_key/' to '/usr/share/mysql-test/var/log/main.ssl_8k_key/'
      main.ssl_cipher                          [ pass ]    109
      main.ssl_crl_clients                     [ pass ]    203
      main.ssl                                 [ fail ]
              Test ended at 2015-03-05 15:57:32
       
      CURRENT_TEST: main.ssl
      --- /usr/share/mysql-test/r/ssl.result	2015-01-25 16:21:40.000000000 +0100
      +++ /usr/share/mysql-test/r/ssl.reject	2015-03-05 15:57:32.128759583 +0100
      @@ -1,12 +1,12 @@
       SHOW STATUS LIKE 'Ssl_cipher';
       Variable_name	Value
      -Ssl_cipher	DHE-RSA-AES256-SHA
      +Ssl_cipher	AES256-GCM-SHA384
       SHOW STATUS LIKE 'Ssl_server_not_before';
       Variable_name	Value
      -Ssl_server_not_before	Feb 20 02:55:06 2010 GMT
      +Ssl_server_not_before	Mar  4 14:55:11 2015 GMT
       SHOW STATUS LIKE 'Ssl_server_not_after';
       Variable_name	Value
      -Ssl_server_not_after	Sep  3 02:55:06 2030 GMT
      +Ssl_server_not_after	Feb 27 14:55:11 2035 GMT
       drop table if exists t1,t2,t3,t4;
       CREATE TABLE t1 (
       Period smallint(4) unsigned zerofill DEFAULT '0000' NOT NULL,
      @@ -2165,4 +2165,4 @@
       drop table t1;
       SHOW STATUS LIKE 'Ssl_cipher';
       Variable_name	Value
      -Ssl_cipher	DHE-RSA-AES256-SHA
      +Ssl_cipher	AES256-GCM-SHA384
       
      mysqltest: Result length mismatch
       
       - saving '/usr/share/mysql-test/var/log/main.ssl/' to '/usr/share/mysql-test/var/log/main.ssl/'
      main.ssl_compress                        [ fail ]
              Test ended at 2015-03-05 15:57:34
       
      CURRENT_TEST: main.ssl_compress
      --- /usr/share/mysql-test/r/ssl_compress.result	2015-01-25 16:21:36.000000000 +0100
      +++ /usr/share/mysql-test/r/ssl_compress.reject	2015-03-05 15:57:34.484759583 +0100
      @@ -1,6 +1,6 @@
       SHOW STATUS LIKE 'Ssl_cipher';
       Variable_name	Value
      -Ssl_cipher	DHE-RSA-AES256-SHA
      +Ssl_cipher	AES256-GCM-SHA384
       SHOW STATUS LIKE 'Compression';
       Variable_name	Value
       Compression	ON
      @@ -2162,7 +2162,7 @@
       drop table t1;
       SHOW STATUS LIKE 'Ssl_cipher';
       Variable_name	Value
      -Ssl_cipher	DHE-RSA-AES256-SHA
      +Ssl_cipher	AES256-GCM-SHA384
       SHOW STATUS LIKE 'Compression';
       Variable_name	Value
       Compression	ON
       
      mysqltest: Result length mismatch
       
       - saving '/usr/share/mysql-test/var/log/main.ssl_compress/' to '/usr/share/mysql-test/var/log/main.ssl_compress/'
      main.ssl_connect                         [ pass ]    677
      sys_vars.ssl_ca_basic                    [ pass ]      4
      sys_vars.ssl_capath_basic                [ pass ]      1
      sys_vars.ssl_cert_basic                  [ pass ]      7
      sys_vars.ssl_cipher_basic                [ pass ]      1
      sys_vars.ssl_crl_basic                   [ pass ]       
      sys_vars.ssl_crlpath_basic               [ pass ]       
      sys_vars.ssl_key_basic                   [ pass ]      1
      --------------------------------------------------------------------------
      The servers were restarted 7 times
      Spent 1.053 of 21 seconds executing testcases
       
      Completed: Failed 3/15 tests, 80.00% were successful.
       
      Failing test(s): main.ssl_8k_key main.ssl main.ssl_compress
       
      The log files in var/log may give you some hint of what went wrong.
       
      If you want to report this error, please read first the documentation
      at http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html

      (bug #920246 - MDEV-7536 - ssl certs regenerated as workaround - do not take in an account SHOW STATUS LIKE 'Ssl_server_not_before'; in main.ssl)

      https://bugzilla.suse.com/show_bug.cgi?id=920896

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                nirbhay_c Nirbhay Choubey (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: