[#MDEV-7794] MariaDB - mysql-test - fips: some ssl tests with cipher are failing

:/usr/share/mysql-test # ./mysql-test-run.pl --do-test=ssl --force

Logging: ./mysql-test-run.pl  --do-test=ssl --force

vardir: /usr/share/mysql-test/var

Checking leftover processes...

Removing old var directory...

Creating var directory '/usr/share/mysql-test/var'...

Checking supported features...

MariaDB Version 10.0.16-MariaDB

 - SSL connections supported

Using suites: main-,archive-,binlog-,csv-,federated-,funcs_1-,funcs_2-,handler-,heap-,innodb-,innodb_fts-,innodb_zip-,maria-,multi_source-,optimizer_unfixed_bugs-,parts-,percona-,perfschema-,plugins-,roles-,rpl-,sys_vars-,unit-,vcol-,connect,metadata_lock_info,mroonga/storage,mroonga/wrapper,query_response_time,sequence,spider,spider/bg,sql_discovery

Collecting tests...

Installing system database...

==============================================================================

TEST                                      RESULT   TIME (ms) or COMMENT

--------------------------------------------------------------------------

worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019

worker[1] mysql-test-run: WARNING: running this script as _root_ will cause some tests to be skipped

main.ssl-big                             [ skipped ]  Test needs --big-test

main.ssl_crl                             [ disabled ]  broken upstream

main.ssl_crl_clients_valid               [ disabled ]  broken upstream

main.ssl_crl_clrpath                     [ disabled ]  broken upstream

main.ssl_and_innodb 'innodb_plugin'      [ pass ]     19

main.ssl_and_innodb 'xtradb'             [ pass ]     31

main.ssl_8k_key                          [ fail ]

        Test ended at 2015-03-05 15:57:28

CURRENT_TEST: main.ssl_8k_key

mysqltest: At line 8: exec of '/usr/bin/mysql --defaults-file=/usr/share/mysql-test/var/my.cnf --ssl --ssl-key=/usr/share/mysql-test/std_data/client-key.pem --ssl-cert=/usr/share/mysql-test/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1' failed, error: 256, status: 1, errno: 2

Output from before failure:

ERROR 2026 (HY000): SSL connection error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

 - saving '/usr/share/mysql-test/var/log/main.ssl_8k_key/' to '/usr/share/mysql-test/var/log/main.ssl_8k_key/'

main.ssl_cipher                          [ pass ]    109

main.ssl_crl_clients                     [ pass ]    203

main.ssl                                 [ fail ]

        Test ended at 2015-03-05 15:57:32

CURRENT_TEST: main.ssl

--- /usr/share/mysql-test/r/ssl.result	2015-01-25 16:21:40.000000000 +0100

+++ /usr/share/mysql-test/r/ssl.reject	2015-03-05 15:57:32.128759583 +0100

@@ -1,12 +1,12 @@

 SHOW STATUS LIKE 'Ssl_cipher';

 Variable_name	Value

-Ssl_cipher	DHE-RSA-AES256-SHA

+Ssl_cipher	AES256-GCM-SHA384

 SHOW STATUS LIKE 'Ssl_server_not_before';

 Variable_name	Value

-Ssl_server_not_before	Feb 20 02:55:06 2010 GMT

+Ssl_server_not_before	Mar  4 14:55:11 2015 GMT

 SHOW STATUS LIKE 'Ssl_server_not_after';

 Variable_name	Value

-Ssl_server_not_after	Sep  3 02:55:06 2030 GMT

+Ssl_server_not_after	Feb 27 14:55:11 2035 GMT

 drop table if exists t1,t2,t3,t4;

 CREATE TABLE t1 (

 Period smallint(4) unsigned zerofill DEFAULT '0000' NOT NULL,

@@ -2165,4 +2165,4 @@

 drop table t1;

 SHOW STATUS LIKE 'Ssl_cipher';

 Variable_name	Value

-Ssl_cipher	DHE-RSA-AES256-SHA

+Ssl_cipher	AES256-GCM-SHA384

mysqltest: Result length mismatch

 - saving '/usr/share/mysql-test/var/log/main.ssl/' to '/usr/share/mysql-test/var/log/main.ssl/'

main.ssl_compress                        [ fail ]

        Test ended at 2015-03-05 15:57:34

CURRENT_TEST: main.ssl_compress

--- /usr/share/mysql-test/r/ssl_compress.result	2015-01-25 16:21:36.000000000 +0100

+++ /usr/share/mysql-test/r/ssl_compress.reject	2015-03-05 15:57:34.484759583 +0100

@@ -1,6 +1,6 @@

 SHOW STATUS LIKE 'Ssl_cipher';

 Variable_name	Value

-Ssl_cipher	DHE-RSA-AES256-SHA

+Ssl_cipher	AES256-GCM-SHA384

 SHOW STATUS LIKE 'Compression';

 Variable_name	Value

 Compression	ON

@@ -2162,7 +2162,7 @@

 drop table t1;

 SHOW STATUS LIKE 'Ssl_cipher';

 Variable_name	Value

-Ssl_cipher	DHE-RSA-AES256-SHA

+Ssl_cipher	AES256-GCM-SHA384

 SHOW STATUS LIKE 'Compression';

 Variable_name	Value

 Compression	ON

mysqltest: Result length mismatch

 - saving '/usr/share/mysql-test/var/log/main.ssl_compress/' to '/usr/share/mysql-test/var/log/main.ssl_compress/'

main.ssl_connect                         [ pass ]    677

sys_vars.ssl_ca_basic                    [ pass ]      4

sys_vars.ssl_capath_basic                [ pass ]      1

sys_vars.ssl_cert_basic                  [ pass ]      7

sys_vars.ssl_cipher_basic                [ pass ]      1

sys_vars.ssl_crl_basic                   [ pass ]

sys_vars.ssl_crlpath_basic               [ pass ]

sys_vars.ssl_key_basic                   [ pass ]      1

--------------------------------------------------------------------------

The servers were restarted 7 times

Spent 1.053 of 21 seconds executing testcases

Completed: Failed 3/15 tests, 80.00% were successful.

Failing test(s): main.ssl_8k_key main.ssl main.ssl_compress

The log files in var/log may give you some hint of what went wrong.

If you want to report this error, please read first the documentation

at http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html

(bug #920246 - ~~MDEV-7536~~ - ssl certs regenerated as workaround - do not take in an account SHOW STATUS LIKE 'Ssl_server_not_before'; in main.ssl)

[MDEV-7794] MariaDB - mysql-test - fips: some ssl tests with cipher are failing Created: 2015-03-17 Updated: 2016-02-12 Resolved: 2015-05-03
Status:	Closed
Project:	MariaDB Server
Component/s:	SSL
Affects Version/s:	10.0.16
Fix Version/s:	10.0.18

[MDEV-7794] MariaDB - mysql-test - fips: some ssl tests with cipher are failing Created: 2015-03-17 Updated: 2016-02-12 Resolved: 2015-05-03