Details
Major Description
When FIPS=1 some ssl tests are failing.
see bug #920865
:/usr/share/mysql-test # ./mysql-test-run.pl --do-test=ssl --force
|
Logging: ./mysql-test-run.pl --do-test=ssl --force
|
vardir: /usr/share/mysql-test/var
|
Checking leftover processes...
|
Removing old var directory...
|
Creating var directory '/usr/share/mysql-test/var'...
|
Checking supported features...
|
MariaDB Version 10.0.16-MariaDB
|
- SSL connections supported
|
Using suites: main-,archive-,binlog-,csv-,federated-,funcs_1-,funcs_2-,handler-,heap-,innodb-,innodb_fts-,innodb_zip-,maria-,multi_source-,optimizer_unfixed_bugs-,parts-,percona-,perfschema-,plugins-,roles-,rpl-,sys_vars-,unit-,vcol-,connect,metadata_lock_info,mroonga/storage,mroonga/wrapper,query_response_time,sequence,spider,spider/bg,sql_discovery
|
Collecting tests...
|
Installing system database...
|
|
|
==============================================================================
|
|
|
TEST RESULT TIME (ms) or COMMENT
|
--------------------------------------------------------------------------
|
|
|
worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019
|
worker[1] mysql-test-run: WARNING: running this script as _root_ will cause some tests to be skipped
|
main.ssl-big [ skipped ] Test needs --big-test
|
main.ssl_crl [ disabled ] broken upstream
|
main.ssl_crl_clients_valid [ disabled ] broken upstream
|
main.ssl_crl_clrpath [ disabled ] broken upstream
|
main.ssl_and_innodb 'innodb_plugin' [ pass ] 19
|
main.ssl_and_innodb 'xtradb' [ pass ] 31
|
main.ssl_8k_key [ fail ]
|
Test ended at 2015-03-05 15:57:28
|
|
|
CURRENT_TEST: main.ssl_8k_key
|
mysqltest: At line 8: exec of '/usr/bin/mysql --defaults-file=/usr/share/mysql-test/var/my.cnf --ssl --ssl-key=/usr/share/mysql-test/std_data/client-key.pem --ssl-cert=/usr/share/mysql-test/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1' failed, error: 256, status: 1, errno: 2
|
Output from before failure:
|
ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
|
|
|
- saving '/usr/share/mysql-test/var/log/main.ssl_8k_key/' to '/usr/share/mysql-test/var/log/main.ssl_8k_key/'
|
main.ssl_cipher [ pass ] 109
|
main.ssl_crl_clients [ pass ] 203
|
main.ssl [ fail ]
|
Test ended at 2015-03-05 15:57:32
|
|
|
CURRENT_TEST: main.ssl
|
--- /usr/share/mysql-test/r/ssl.result 2015-01-25 16:21:40.000000000 +0100
|
+++ /usr/share/mysql-test/r/ssl.reject 2015-03-05 15:57:32.128759583 +0100
|
@@ -1,12 +1,12 @@
|
SHOW STATUS LIKE 'Ssl_cipher';
|
Variable_name Value
|
-Ssl_cipher DHE-RSA-AES256-SHA
|
+Ssl_cipher AES256-GCM-SHA384
|
SHOW STATUS LIKE 'Ssl_server_not_before';
|
Variable_name Value
|
-Ssl_server_not_before Feb 20 02:55:06 2010 GMT
|
+Ssl_server_not_before Mar 4 14:55:11 2015 GMT
|
SHOW STATUS LIKE 'Ssl_server_not_after';
|
Variable_name Value
|
-Ssl_server_not_after Sep 3 02:55:06 2030 GMT
|
+Ssl_server_not_after Feb 27 14:55:11 2035 GMT
|
drop table if exists t1,t2,t3,t4;
|
CREATE TABLE t1 (
|
Period smallint(4) unsigned zerofill DEFAULT '0000' NOT NULL,
|
@@ -2165,4 +2165,4 @@
|
drop table t1;
|
SHOW STATUS LIKE 'Ssl_cipher';
|
Variable_name Value
|
-Ssl_cipher DHE-RSA-AES256-SHA
|
+Ssl_cipher AES256-GCM-SHA384
|
|
|
mysqltest: Result length mismatch
|
|
|
- saving '/usr/share/mysql-test/var/log/main.ssl/' to '/usr/share/mysql-test/var/log/main.ssl/'
|
main.ssl_compress [ fail ]
|
Test ended at 2015-03-05 15:57:34
|
|
|
CURRENT_TEST: main.ssl_compress
|
--- /usr/share/mysql-test/r/ssl_compress.result 2015-01-25 16:21:36.000000000 +0100
|
+++ /usr/share/mysql-test/r/ssl_compress.reject 2015-03-05 15:57:34.484759583 +0100
|
@@ -1,6 +1,6 @@
|
SHOW STATUS LIKE 'Ssl_cipher';
|
Variable_name Value
|
-Ssl_cipher DHE-RSA-AES256-SHA
|
+Ssl_cipher AES256-GCM-SHA384
|
SHOW STATUS LIKE 'Compression';
|
Variable_name Value
|
Compression ON
|
@@ -2162,7 +2162,7 @@
|
drop table t1;
|
SHOW STATUS LIKE 'Ssl_cipher';
|
Variable_name Value
|
-Ssl_cipher DHE-RSA-AES256-SHA
|
+Ssl_cipher AES256-GCM-SHA384
|
SHOW STATUS LIKE 'Compression';
|
Variable_name Value
|
Compression ON
|
|
|
mysqltest: Result length mismatch
|
|
|
- saving '/usr/share/mysql-test/var/log/main.ssl_compress/' to '/usr/share/mysql-test/var/log/main.ssl_compress/'
|
main.ssl_connect [ pass ] 677
|
sys_vars.ssl_ca_basic [ pass ] 4
|
sys_vars.ssl_capath_basic [ pass ] 1
|
sys_vars.ssl_cert_basic [ pass ] 7
|
sys_vars.ssl_cipher_basic [ pass ] 1
|
sys_vars.ssl_crl_basic [ pass ]
|
sys_vars.ssl_crlpath_basic [ pass ]
|
sys_vars.ssl_key_basic [ pass ] 1
|
--------------------------------------------------------------------------
|
The servers were restarted 7 times
|
Spent 1.053 of 21 seconds executing testcases
|
|
|
Completed: Failed 3/15 tests, 80.00% were successful.
|
|
|
Failing test(s): main.ssl_8k_key main.ssl main.ssl_compress
|
|
|
The log files in var/log may give you some hint of what went wrong.
|
|
|
If you want to report this error, please read first the documentation
|
at http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html
|
(bug #920246 - MDEV-7536 - ssl certs regenerated as workaround - do not take in an account SHOW STATUS LIKE 'Ssl_server_not_before'; in main.ssl)