[MDEV-10211] SSL tests failing in Fedora 23 Created: 2016-06-10  Updated: 2016-09-28  Resolved: 2016-09-28

Status: Closed
Project: MariaDB Server
Component/s: SSL, Tests
Affects Version/s: 5.5, 10.0, 10.1, 10.2
Fix Version/s: 5.5.53

Type: Bug Priority: Major
Reporter: Alexander Barkov Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 0
Labels: None
Environment:

Fedora 23


 Description   

A few SSL related tests are failing on Fedora 23:

./mtr --force main.userstat main.openssl_1 main.ssl main.ssl_timeout main.ssl_compress
 
...
 
==============================================================================
 
 
 
TEST                                      RESULT   TIME (ms) or COMMENT
 
--------------------------------------------------------------------------
 
 
 
worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019
 
main.userstat 'innodb_plugin'            [ fail ]
 
        Test ended at 2016-06-10 13:53:26
 
 
 
CURRENT_TEST: main.userstat
 
--- /home/bar/maria-git/server-10.1/mysql-test/r/userstat.result	2016-02-17 08:17:25.634155622 +0400
 
+++ /home/bar/maria-git/server-10.1/mysql-test/r/userstat.reject	2016-06-10 13:53:26.522422710 +0400
 
@@ -82,7 +82,7 @@
 
 drop table t1;
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 create table t1 (a int, primary key (a), b int default 0) engine=innodb;
 
 begin;
 
 insert into t1 values(1,1);
 
 
 
mysqltest: Result length mismatch
 
 
 
 - saving '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.userstat-innodb_plugin/' to '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.userstat-innodb_plugin/'
 
main.userstat 'xtradb'                   [ fail ]
 
        Test ended at 2016-06-10 13:53:29
 
 
 
CURRENT_TEST: main.userstat
 
--- /home/bar/maria-git/server-10.1/mysql-test/r/userstat.result	2016-02-17 08:17:25.634155622 +0400
 
+++ /home/bar/maria-git/server-10.1/mysql-test/r/userstat.reject	2016-06-10 13:53:29.832451214 +0400
 
@@ -82,7 +82,7 @@
 
 drop table t1;
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 create table t1 (a int, primary key (a), b int default 0) engine=innodb;
 
 begin;
 
 insert into t1 values(1,1);
 
 
 
mysqltest: Result length mismatch
 
 
 
 - saving '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.userstat-xtradb/' to '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.userstat-xtradb/'
 
main.openssl_1                           [ fail ]
 
        Test ended at 2016-06-10 13:53:34
 
 
 
CURRENT_TEST: main.openssl_1
 
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
 
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
 
ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
 
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
 
ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
 
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
 
ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
 
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
 
ERROR: Failed on connect: SSL connection error: SSL_CTX_set_default_verify_paths failed
 
--- /home/bar/maria-git/server-10.1/mysql-test/r/openssl_1.result	2016-05-05 15:44:20.820381349 +0400
 
+++ /home/bar/maria-git/server-10.1/mysql-test/r/openssl_1.reject	2016-06-10 13:53:31.519465741 +0400
 
@@ -59,7 +59,7 @@
 
 Variable_name	Value
 
 Ssl_cipher	DHE-RSA-AES256-SHA
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 End of 5.0 tests
 
 DROP TABLE IF EXISTS thread_status;
 
 DROP EVENT IF EXISTS event_status;
 
@@ -206,7 +206,7 @@
 
 FLUSH PRIVILEGES;
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 DROP USER bug42158@localhost;
 
 set global sql_mode=default;
 
 End of 5.1 tests
 
 
 
mysqltest: Result length mismatch
 
 
 
 - saving '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.openssl_1/' to '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.openssl_1/'
 
main.ssl                                 [ fail ]
 
        Test ended at 2016-06-10 13:53:39
 
 
 
CURRENT_TEST: main.ssl
 
--- /home/bar/maria-git/server-10.1/mysql-test/r/ssl.result	2016-02-17 08:17:25.618155502 +0400
 
+++ /home/bar/maria-git/server-10.1/mysql-test/r/ssl.reject	2016-06-10 13:53:39.252532333 +0400
 
@@ -1,6 +1,6 @@
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 SHOW STATUS LIKE 'Ssl_server_not_before';
 
 Variable_name	Value
 
 Ssl_server_not_before	Apr 25 14:55:05 2015 GMT
 
@@ -2165,7 +2165,7 @@
 
 drop table t1;
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 select aes_decrypt('MySQL','adf');
 
 aes_decrypt('MySQL','adf')
 
 NULL
 
 
 
mysqltest: Result length mismatch
 
 
 
 - saving '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.ssl/' to '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.ssl/'
 
main.ssl_compress                        [ fail ]
 
        Test ended at 2016-06-10 13:53:44
 
 
 
CURRENT_TEST: main.ssl_compress
 
--- /home/bar/maria-git/server-10.1/mysql-test/r/ssl_compress.result	2016-02-17 08:17:25.618155502 +0400
 
+++ /home/bar/maria-git/server-10.1/mysql-test/r/ssl_compress.reject	2016-06-10 13:53:44.537577844 +0400
 
@@ -1,6 +1,6 @@
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 SHOW STATUS LIKE 'Compression';
 
 Variable_name	Value
 
 Compression	ON
 
@@ -2162,7 +2162,7 @@
 
 drop table t1;
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 SHOW STATUS LIKE 'Compression';
 
 Variable_name	Value
 
 Compression	ON
 
 
 
mysqltest: Result length mismatch
 
 
 
 - saving '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.ssl_compress/' to '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.ssl_compress/'
 
main.ssl_timeout                         [ fail ]
 
        Test ended at 2016-06-10 13:53:55
 
 
 
CURRENT_TEST: main.ssl_timeout
 
--- /home/bar/maria-git/server-10.1/mysql-test/r/ssl_timeout.result	2016-02-17 08:17:25.619155510 +0400
 
+++ /home/bar/maria-git/server-10.1/mysql-test/r/ssl_timeout.reject	2016-06-10 13:53:55.318670684 +0400
 
@@ -2,6 +2,6 @@
 
 # Check ssl turned on
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	DHE-RSA-AES256-SHA
 
+Ssl_cipher	AES256-GCM-SHA384
 
 SELECT SLEEP(600);
 
 ERROR HY000: Lost connection to MySQL server during query
 
 
 
mysqltest: Result length mismatch
 
 
 
 - saving '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.ssl_timeout/' to '/home/bar/maria-git/server-10.1/mysql-test/var/log/main.ssl_timeout/'
 
--------------------------------------------------------------------------
 
The servers were restarted 5 times
 
Spent 0.000 of 36 seconds executing testcases
 
 
 
Completed: Failed 6/6 tests, 0.00% were successful.
 
 
 
Failing test(s): main.userstat main.openssl_1 main.ssl main.ssl_compress main.ssl_timeout
 
 
 
The log files in var/log may give you some hint of what went wrong.
 
 
 
If you want to report this error, please read first the documentation
 
at http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html
 
 
 
mysql-test-run: *** ERROR: there were failing test cases



 Comments   
Comment by Vladislav Vaintroub [ 2016-06-10 ]

This is a test problem, they rely on specific ciphers being used by default, which happened to be the case and match for openssl/yassl in the past at least. But the intention is just to checjk if connection is using SSL. So instead of

SHOW STATUS like 'ssl_cipher'

there should be something like

SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';

so that the output does not depend on a specific value of cipher chosen by openssl or other implementations.

Comment by Elena Stepanova [ 2016-08-20 ]

Variation on trusty:

main.ssl                                 w2 [ fail ]
 
        Test ended at 2016-07-12 11:47:36
 
 
 
CURRENT_TEST: main.ssl
 
--- /usr/share/mysql/mysql-test/r/ssl.result	2016-07-12 10:31:13.000000000 +0000
 
+++ /run/shm/var/2/log/ssl.reject	2016-07-12 11:47:36.139907808 +0000
 
@@ -1,6 +1,6 @@
 
 SHOW STATUS LIKE 'Ssl_cipher';
 
 Variable_name	Value
 
-Ssl_cipher	AES128-GCM-SHA256
 
+Ssl_cipher	DHE-RSA-AES256-GCM-SHA384
 
 SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';
 
 have_ssl
 
 1
 
 
 
mysqltest: Result length mismatch

Generated at Thu Feb 08 07:40:29 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.