"Fossies" - the Fresh Open Source Software Archive

Member "mariadb-connector-c-3.0.8-src/unittest/libmariadb/ssl.c.in" (18 Dec 2018, 35738 Bytes) of package /linux/misc/mariadb-connector-c-3.0.8-src.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "ssl.c.in": 3.0.4-src_vs_3.0.5-src.

    1 /************************************************************************************
    2   Copyright (C) 2012 Monty Program AB
    3 
    4   This library is free software; you can redistribute it and/or
    5   modify it under the terms of the GNU Library General Public
    6   License as published by the Free Software Foundation; either
    7   version 2 of the License, or (at your option) any later version.
    8 
    9   This library is distributed in the hope that it will be useful,
   10   but WITHOUT ANY WARRANTY; without even the implied warranty of
   11   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12   Library General Public License for more details.
   13 
   14   You should have received a copy of the GNU Library General Public
   15   License along with this library; if not see <http://www.gnu.org/licenses>
   16   or write to the Free Software Foundation, Inc.,
   17   51 Franklin St., Fifth Floor, Boston, MA 02110, USA
   18  *************************************************************************************/
   19 
   20 #include "my_test.h"
   21 #include <ma_pthread.h>
   22 #ifdef HAVE_OPENSSL
   23 #include <openssl/opensslv.h>
   24 #include <openssl/ssl.h>
   25 #endif
   26 
   27 #define FNLEN 4096
   28 
   29 static int skip_ssl= 1;
   30 static uchar have_openssl= 1;
   31 static unsigned char have_tls13= 0;
   32 
   33 const char *ssluser= "ssluser";
   34 const char *sslpw= "sslpw";
   35 char sslhost[128];
   36 char sslcert[FNLEN];
   37 char sslkey[FNLEN];
   38 char sslkey_enc[FNLEN];
   39 char sslca[FNLEN];
   40 char sslcrl[FNLEN];
   41 
   42 pthread_mutex_t LOCK_test;
   43 
   44 int check_skip_ssl()
   45 {
   46   const char *ssldir= NULL;
   47 #ifndef HAVE_TLS
   48   diag("client library built without OpenSSL support -> skip");
   49   return 1;
   50 #endif
   51   if (skip_ssl)
   52   {
   53     diag("server doesn't support SSL -> skip");
   54     return 1;
   55   }
   56   if (!(ssldir= getenv("SECURE_LOAD_PATH")))
   57   {
   58     ssldir= "@CERT_PATH@";
   59     if (!strlen(ssldir))
   60     {
   61       diag("certificate directory not found");
   62       return 1;
   63     }
   64   }
   65   snprintf(sslcert, FNLEN - 1, "%s/%s", ssldir, "client-cert.pem");
   66   snprintf(sslkey, FNLEN - 1, "%s/%s", ssldir, "client-key.pem");
   67   snprintf(sslkey_enc, FNLEN - 1, "%s/%s", ssldir, "client-key-enc.pem");
   68   snprintf(sslca, FNLEN - 1, "%s/%s", ssldir, "cacert.pem");
   69   return 0;
   70 }
   71 
   72 static int check_cipher(MYSQL *mysql)
   73 {
   74   char *cipher= (char *)mysql_get_ssl_cipher(mysql);
   75   if (!cipher)
   76     return 1;
   77   diag("cipher: %s", cipher);
   78 
   79   return 0;
   80 }
   81 
   82 static int create_ssl_user(const char *ssluser, my_bool is_X509)
   83 {
   84   int rc;
   85   char query[1024];
   86   MYSQL *mysql= mysql_init(NULL);
   87 
   88   FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
   89                          port, socketname, 0), mysql_error(mysql));
   90 
   91   sprintf(query, "DROP USER '%s'@'%s'", ssluser, this_host);
   92   rc= mysql_query(mysql, query);
   93 
   94   sprintf(query, "CREATE USER '%s'@'%s' IDENTIFIED BY '%s'", ssluser, this_host, sslpw);
   95   rc= mysql_query(mysql, query);
   96   check_mysql_rc(rc,mysql);
   97 
   98   sprintf(query, "GRANT ALL ON %s.* TO  '%s'@'%s' REQUIRE %s", schema, ssluser, this_host, is_X509 ? "X509" : "SSL");
   99   rc= mysql_query(mysql, query);
  100   check_mysql_rc(rc,mysql);
  101   rc= mysql_query(mysql, "FLUSH PRIVILEGES");
  102   check_mysql_rc(rc,mysql);
  103 
  104   mysql_close(mysql);
  105 
  106   return rc;
  107 }
  108 
  109 static int test_ssl(MYSQL *mysql)
  110 {
  111   int rc;
  112   unsigned int iversion;
  113   MYSQL_RES *res;
  114   MYSQL_ROW row;
  115   char *tls_library;
  116   MYSQL *my= mysql_init(NULL);
  117 
  118   mysql_ssl_set(my,0, 0, 0, 0, 0);
  119 
  120   create_ssl_user("ssluser", 0);
  121 
  122   FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema,
  123                          port, socketname, 0), mysql_error(my));
  124 
  125   mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION_ID, &iversion);
  126   diag("iversion: %d", iversion);
  127   if (iversion == 4)
  128     have_tls13= 1;
  129 
  130   mysql_close(my);
  131 
  132   rc= mysql_query(mysql, "SELECT @@have_ssl, @@have_openssl");
  133   check_mysql_rc(rc, mysql);
  134 
  135   res= mysql_store_result(mysql);
  136   FAIL_IF(!res, mysql_error(mysql));
  137 
  138   while ((row= mysql_fetch_row(res)))
  139   {
  140     if (!strcmp(row[0], "YES"))
  141       skip_ssl= 0;
  142     if (strcmp(row[1], "YES"))
  143       have_openssl= 0;
  144     diag("SSL: %s", row[0]);
  145   }
  146   mysql_free_result(res);
  147 
  148   /* In MySQL we need to check tls_version */
  149   if (!mariadb_connection(mysql))
  150   {
  151     rc= mysql_query(mysql, "select locate('v1.2', @@tls_version) > 0");
  152     check_mysql_rc(rc, mysql);
  153 
  154     res= mysql_store_result(mysql);
  155     FAIL_IF(!res, mysql_error(mysql));
  156 
  157     if ((row= mysql_fetch_row(res)))
  158     {
  159       if (row[0] && row[0][0] == '0')
  160         have_openssl= 0;
  161     }
  162     mysql_free_result(res);
  163   }
  164   diag("OpenSSL: %d", have_openssl);
  165 
  166   mariadb_get_infov(NULL, MARIADB_TLS_LIBRARY, &tls_library);
  167   diag("SSL library: %s", tls_library);
  168 
  169   sslhost[0]= 0;
  170 
  171   if (!skip_ssl)
  172   {
  173     char *p;
  174 
  175     rc= mysql_query(mysql, "SELECT CURRENT_USER()");
  176     check_mysql_rc(rc, mysql);
  177     res= mysql_store_result(mysql);
  178     row= mysql_fetch_row(res);
  179     diag("user: %s", row[0]);
  180     if ((p= strchr(row[0], '@')))
  181       strcpy(sslhost, p+1);
  182     mysql_free_result(res);
  183   }
  184 
  185   return OK;
  186 }
  187 
  188 static int test_ssl_cipher(MYSQL *unused __attribute__((unused)))
  189 {
  190   MYSQL *my;
  191   MYSQL_RES *res;
  192   MYSQL_ROW row;
  193   int rc;
  194   
  195   if (check_skip_ssl())
  196     return SKIP;
  197 
  198   my= mysql_init(NULL);
  199   FAIL_IF(!my, "mysql_init() failed");
  200 
  201   mysql_ssl_set(my,0, 0, sslca, 0, 0);
  202 
  203   FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema,
  204                          port, socketname, 0), mysql_error(my));
  205 
  206   rc= mysql_query(my, "SHOW session status like 'Ssl_version'");
  207   check_mysql_rc(rc, my);
  208   res= mysql_store_result(my);
  209   row= mysql_fetch_row(res);
  210   diag("%s: %s", row[0], row[1]);
  211   diag("cipher: %s", mysql_get_ssl_cipher(my));
  212   mysql_free_result(res);
  213 
  214   FAIL_IF(check_cipher(my) != 0, "Invalid cipher");
  215   mysql_close(my);
  216   return OK;
  217 }
  218 
  219 static int test_conc95(MYSQL *unused __attribute__((unused)))
  220 {
  221   MYSQL *mysql;
  222 
  223   if (check_skip_ssl())
  224     return SKIP;
  225 
  226   create_ssl_user("ssluser1", 1);
  227 
  228   mysql= mysql_init(NULL);
  229   mysql_ssl_set(mysql, 
  230                 sslkey, 
  231                 sslcert, 
  232                 NULL,
  233                 NULL, 
  234                 NULL);
  235 
  236   if (!mysql_real_connect(mysql, hostname, "ssluser1", sslpw, schema,
  237                           port, socketname, 0))
  238   {
  239     diag("could not establish x509 connection. Error: %s", mysql_error(mysql));
  240     mysql_close(mysql);
  241     return FAIL;
  242   }
  243   mysql_close(mysql);
  244   return OK;
  245 }
  246 
  247 static int test_multi_ssl_connections(MYSQL *unused __attribute__((unused)))
  248 {
  249   MYSQL *mysql[50], *my;
  250   int i, rc;
  251   int old_connections= 0, new_connections= 0;
  252   MYSQL_RES *res;
  253   MYSQL_ROW row;
  254 
  255   if (check_skip_ssl())
  256     return SKIP;
  257 
  258   diag("Test doesn't work with yassl");
  259   return SKIP;
  260 
  261   create_ssl_user(ssluser, 0);
  262 
  263   my= mysql_init(NULL);
  264   FAIL_IF(!my,"mysql_init() failed");
  265   FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema,
  266            port, socketname, 0), mysql_error(my));
  267 
  268   rc= mysql_query(my, "SHOW STATUS LIKE 'Ssl_accepts'");
  269   check_mysql_rc(rc, my);
  270 
  271   res= mysql_store_result(my);
  272   if ((row= mysql_fetch_row(res)))
  273     old_connections= atoi(row[1]);
  274   mysql_free_result(res);
  275 
  276   for (i=0; i < 50; i++)
  277   {
  278     mysql[i]= mysql_init(NULL);
  279     FAIL_IF(!mysql[i],"mysql_init() failed");
  280 
  281     mysql_ssl_set(mysql[i], 0, 0, sslca, 0, 0);
  282 
  283     mysql_real_connect(mysql[i], hostname, ssluser, sslpw, schema,
  284                          port, socketname, 0);
  285     if (mysql_errno(mysql[i]))
  286     {
  287       diag("loop: %d error: %d %s", i, mysql_errno(mysql[i]), mysql_error(mysql[i]));
  288       return FAIL;
  289     }
  290 
  291     FAIL_IF(check_cipher(mysql[i]) != 0, "Invalid cipher");
  292   }
  293   for (i=0; i < 50; i++)
  294     mysql_close(mysql[i]);
  295 
  296   rc= mysql_query(my, "SHOW STATUS LIKE 'Ssl_accepts'");
  297   check_mysql_rc(rc, my);
  298 
  299   res= mysql_store_result(my);
  300   if ((row= mysql_fetch_row(res)))
  301     new_connections= atoi(row[1]);
  302   mysql_free_result(res);
  303 
  304   mysql_close(my);
  305 
  306   diag("%d SSL connections processed", new_connections - old_connections);
  307   FAIL_IF(new_connections - old_connections < 50, "new_connections should be at least old_connections + 50");
  308   return OK;
  309 }
  310 
  311 #ifndef WIN32
  312 static void ssl_thread(void *unused __attribute__((unused)))
  313 #else
  314 DWORD WINAPI ssl_thread(void *dummy)
  315 #endif
  316 {
  317   MYSQL *mysql= NULL;
  318 
  319   mysql_thread_init();
  320   
  321   if (!(mysql= mysql_init(NULL)))
  322   {
  323     goto end;
  324   }
  325   mysql_ssl_set(mysql, 0, 0, sslca, 0, 0);
  326 
  327   if(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  328           port, socketname, 0))
  329   {
  330     diag(">Error: %s", mysql_error(mysql));
  331     goto end;
  332   }
  333 
  334   pthread_mutex_lock(&LOCK_test);
  335   mysql_query(mysql, "UPDATE ssltest SET a=a+1");
  336   pthread_mutex_unlock(&LOCK_test);
  337 
  338 end:
  339   if(mysql)
  340     mysql_close(mysql);
  341   mysql_thread_end();
  342 #ifdef _WIN32
  343   return 0;
  344 #endif
  345 }
  346 
  347 static int test_ssl_threads(MYSQL *mysql)
  348 {
  349   int i, rc;
  350 #ifndef WIN32
  351   pthread_t threads[50];
  352 #else
  353   HANDLE hthreads[50];
  354   DWORD dthreads[50];
  355 #endif
  356   MYSQL_RES *res;
  357   MYSQL_ROW row;
  358   
  359   if (check_skip_ssl())
  360     return SKIP;
  361 
  362   rc= mysql_query(mysql, "DROP TABLE IF exists ssltest");
  363   check_mysql_rc(rc, mysql);
  364   rc= mysql_query(mysql, "CREATE TABLE ssltest (a int)");
  365   check_mysql_rc(rc, mysql);
  366   rc= mysql_query(mysql, "INSERT into ssltest VALUES (0)");
  367   check_mysql_rc(rc, mysql);
  368   pthread_mutex_init(&LOCK_test, NULL);
  369 
  370   pthread_mutex_init(&LOCK_test, NULL);
  371 
  372   for (i=0; i < 50; i++)
  373   {
  374 #ifndef WIN32
  375     pthread_create(&threads[i], NULL, (void *)ssl_thread, NULL);
  376 #else
  377     hthreads[i]= CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ssl_thread, NULL, 0, &dthreads[i]);
  378     if (hthreads[i]==NULL)
  379       diag("error while starting thread");
  380 #endif
  381   }
  382   for (i=0; i < 50; i++)
  383 #ifndef WIN32
  384     pthread_join(threads[i], NULL);
  385 #else
  386     WaitForSingleObject(hthreads[i], INFINITE);
  387 #endif
  388 
  389   pthread_mutex_destroy(&LOCK_test);
  390 
  391   rc= mysql_query(mysql, "SELECT a FROM ssltest");
  392   check_mysql_rc(rc, mysql);
  393   res= mysql_store_result(mysql);
  394   row= mysql_fetch_row(res);
  395   diag("Found: %s", row[0]);
  396   FAIL_IF(strcmp(row[0], "50") != 0, "Expected 50");
  397   mysql_free_result(res);
  398   rc= mysql_query(mysql, "DROP TABLE IF exists ssltest");
  399   check_mysql_rc(rc, mysql);
  400   return OK;
  401 }
  402 
  403 static int test_phpbug51647(MYSQL *unused __attribute__((unused)))
  404 {
  405   MYSQL* mysql;
  406 
  407   if (check_skip_ssl())
  408     return SKIP;
  409 
  410   mysql= mysql_init(NULL);
  411   FAIL_IF(!mysql, "Can't allocate memory");
  412 
  413   mysql_ssl_set(mysql, sslkey, 
  414                        sslcert,
  415                        sslca, 0, 0);
  416 
  417   FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  418            port, socketname, 0), mysql_error(mysql));
  419   diag("%s", mysql_get_ssl_cipher(mysql));
  420   mysql_close(mysql);
  421 
  422   return OK;
  423 }
  424 
  425 static int test_password_protected(MYSQL *unused __attribute__((unused)))
  426 {
  427   MYSQL* mysql;
  428 
  429   if (check_skip_ssl())
  430     return SKIP;
  431 
  432 #ifndef TEST_SSL_PASSPHRASE
  433   return SKIP;
  434 #endif
  435 
  436   mysql= mysql_init(NULL);
  437   FAIL_IF(!mysql, "Can't allocate memory");
  438 
  439   mysql_ssl_set(mysql, sslkey_enc,
  440                        sslcert,
  441                        sslca, 0, 0);
  442 
  443   mysql_options(mysql, MARIADB_OPT_TLS_PASSPHRASE, "qwerty");
  444 
  445   FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  446            port, socketname, 0), mysql_error(mysql));
  447   diag("%s", mysql_get_ssl_cipher(mysql));
  448   mysql_close(mysql);
  449 
  450   return OK;
  451 }
  452 
  453 
  454 static int test_conc50(MYSQL *unused __attribute__((unused)))
  455 {
  456   MYSQL *mysql;
  457 
  458   if (check_skip_ssl())
  459     return SKIP;
  460 
  461   mysql= mysql_init(NULL);
  462   FAIL_IF(!mysql, "Can't allocate memory");
  463 
  464   mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting_cert.pem", NULL, NULL);
  465 
  466   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  467            port, socketname, 0);
  468   diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql));
  469   FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
  470   mysql_close(mysql);
  471 
  472   return OK;
  473 }
  474 
  475 static int test_conc50_1(MYSQL *unused __attribute__((unused)))
  476 {
  477   MYSQL *mysql;
  478 
  479   if (check_skip_ssl())
  480     return SKIP;
  481 
  482   if (!have_openssl)
  483   {
  484     diag("Server with OpenSSL required");
  485     return SKIP;
  486   }
  487 
  488   create_ssl_user(ssluser, 0);
  489 
  490   mysql= mysql_init(NULL);
  491   FAIL_IF(!mysql, "Can't allocate memory");
  492 
  493   mysql_ssl_set(mysql, NULL, NULL, sslca, NULL, NULL);
  494 
  495   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  496            port, socketname, 0);
  497   if (mysql_errno(mysql))
  498     diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql));
  499   FAIL_IF(mysql_errno(mysql), "No error expected");
  500 
  501   mysql_close(mysql);
  502 
  503   return OK;
  504 }
  505 
  506 static int test_conc50_2(MYSQL *unused __attribute__((unused)))
  507 {
  508   MYSQL *mysql;
  509 
  510   if (check_skip_ssl())
  511     return SKIP;
  512 
  513   mysql= mysql_init(NULL);
  514   FAIL_IF(!mysql, "Can't allocate memory");
  515 
  516   mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting_cert.pem", NULL, NULL);
  517 
  518   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  519            port, socketname, 0);
  520   FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
  521   mysql_close(mysql);
  522 
  523   return OK;
  524 }
  525 
  526 static int test_conc127(MYSQL *unused __attribute__((unused)))
  527 {
  528   MYSQL *mysql;
  529 
  530   diag("test disabled - for testing disable other tests or run this test as first test");
  531   return SKIP;
  532 
  533   if (check_skip_ssl())
  534     return SKIP;
  535 
  536   mysql= mysql_init(NULL);
  537   FAIL_IF(!mysql, "Can't allocate memory");
  538 
  539   mysql_ssl_set(mysql, NULL, NULL, "./non_exisiting.pem", NULL, NULL);
  540 
  541   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  542            port, socketname, 0);
  543   diag("Error: %s", mysql_error(mysql));
  544   FAIL_IF(mysql_errno(mysql) == 0, "Error expected (invalid certificate)");
  545   mysql_close(mysql);
  546 
  547   return OK;
  548 }
  549 
  550 static int test_conc50_3(MYSQL *unused __attribute__((unused)))
  551 {
  552   MYSQL *mysql;
  553 
  554   if (check_skip_ssl())
  555     return SKIP;
  556 
  557   create_ssl_user(ssluser, 0);
  558 
  559   mysql= mysql_init(NULL);
  560   FAIL_IF(!mysql, "Can't allocate memory");
  561 
  562   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  563            port, socketname, 0);
  564   FAIL_IF(!mysql_errno(mysql), "Error expected, SSL connection required!");
  565   mysql_close(mysql);
  566 
  567   mysql= mysql_init(NULL);
  568   FAIL_IF(!mysql, "Can't allocate memory");
  569 
  570   mysql_ssl_set(mysql, NULL, NULL, sslca, NULL, NULL);
  571 
  572   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  573            port, socketname, 0);
  574   diag("Error: %s<", mysql_error(mysql));
  575   FAIL_IF(mysql_errno(mysql), "No error expected");
  576   mysql_close(mysql);
  577 
  578   return OK;
  579 }
  580 
  581 static int test_conc50_4(MYSQL *unused __attribute__((unused)))
  582 {
  583   MYSQL *mysql;
  584 
  585   if (check_skip_ssl())
  586     return SKIP;
  587 
  588   mysql= mysql_init(NULL);
  589   FAIL_IF(!mysql, "Can't allocate memory");
  590 
  591   mysql_ssl_set(mysql, NULL, sslca, NULL, NULL, NULL);
  592 
  593   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  594            port, socketname, 0);
  595   FAIL_IF(!mysql_errno(mysql) , "Error expected");
  596   mysql_close(mysql);
  597 
  598   return OK;
  599 }
  600 
  601 static int verify_ssl_server_cert(MYSQL *unused __attribute__((unused)))
  602 {
  603   MYSQL *mysql;
  604   uint verify= 1;
  605 
  606   if (check_skip_ssl())
  607     return SKIP;
  608 
  609   if (!hostname || !strcmp(hostname, "localhost"))
  610     return SKIP;
  611 
  612   mysql= mysql_init(NULL);
  613   FAIL_IF(!mysql, "Can't allocate memory");
  614 
  615   mysql_ssl_set(mysql, NULL, NULL, sslca, NULL, NULL);
  616   mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
  617 
  618   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  619            port, socketname, 0);
  620 
  621   FAIL_IF(!mysql_errno(mysql), "Expected error");
  622   diag("Error (expected): %s", mysql_error(mysql));
  623   mysql_close(mysql);
  624 
  625   return OK;
  626 }
  627 
  628 static int test_bug62743(MYSQL *unused __attribute__((unused)))
  629 {
  630   MYSQL *mysql;
  631 
  632   if (check_skip_ssl())
  633     return SKIP;
  634 
  635   mysql= mysql_init(NULL);
  636   FAIL_IF(!mysql, "Can't allocate memory");
  637 
  638   mysql_ssl_set(mysql, "dummykey", NULL, NULL, NULL, NULL);
  639 
  640   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  641            port, socketname, 0);
  642   diag("Error: %s", mysql_error(mysql));
  643   FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
  644   mysql_close(mysql);
  645 
  646   mysql= mysql_init(NULL);
  647   FAIL_IF(!mysql, "Can't allocate memory");
  648 
  649   mysql_ssl_set(mysql, sslkey, NULL, NULL, NULL, NULL);
  650 
  651   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  652            port, socketname, 0);
  653   diag("Error with key: %s", mysql_error(mysql));
  654   FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026");
  655   mysql_close(mysql);
  656 
  657   mysql= mysql_init(NULL);
  658   FAIL_IF(!mysql, "Can't allocate memory");
  659 
  660   mysql_ssl_set(mysql, sslkey,
  661                        sslcert, NULL, NULL, NULL);
  662 
  663   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  664            port, socketname, 0);
  665   FAIL_IF(mysql_errno(mysql) != 0, "Expected no error");
  666   mysql_close(mysql);
  667 
  668   mysql= mysql_init(NULL);
  669   FAIL_IF(!mysql, "Can't allocate memory");
  670 
  671   mysql_ssl_set(mysql, sslkey, "blablubb", NULL, NULL, NULL);
  672 
  673   mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
  674            port, socketname, 0);
  675   diag("Error with cert: %s", mysql_error(mysql));
  676   FAIL_IF(mysql_errno(mysql) == 0, "Expected error");
  677   mysql_close(mysql);
  678 
  679   return OK;
  680 }
  681 
  682 #ifndef WIN32
  683 int thread_conc102(void)
  684 #else
  685 DWORD WINAPI thread_conc102(void)
  686 #endif
  687 {
  688   MYSQL *mysql;
  689   int rc;
  690   MYSQL_RES *res;
  691   mysql_thread_init();
  692   mysql= mysql_init(NULL);
  693 
  694   mysql_ssl_set(mysql, sslkey,
  695                        sslcert,
  696                        sslca,
  697                         NULL, NULL);
  698   mysql_ssl_set(mysql,0, 0, sslca, 0, 0);
  699 
  700   if(!mysql_real_connect(mysql, hostname, username, password, schema,
  701           port, socketname, 0))
  702   {
  703     diag(">Error: %s", mysql_error(mysql));
  704     goto end;
  705   }
  706   if (!mysql_get_ssl_cipher(mysql))
  707   {
  708     diag("Error: No ssl connection");
  709     goto end;
  710   }
  711   pthread_mutex_lock(&LOCK_test);
  712   rc= mysql_query(mysql, "UPDATE t_conc102 SET a=a+1");
  713   check_mysql_rc(rc, mysql);
  714   pthread_mutex_unlock(&LOCK_test);
  715   check_mysql_rc(rc, mysql);
  716   if ((res= mysql_store_result(mysql)))
  717     mysql_free_result(res);
  718 end:
  719   mysql_close(mysql);
  720   mysql_thread_end();
  721   return 0;
  722 }
  723 
  724 static int test_conc_102(MYSQL *mysql)
  725 {
  726 
  727   int rc;
  728   int i;
  729   MYSQL_ROW row;
  730   MYSQL_RES *res;
  731 #ifndef WIN32
  732   pthread_t threads[50];
  733 #else
  734   HANDLE hthreads[50];
  735   DWORD threads[50];
  736 #endif
  737 
  738   if (check_skip_ssl())
  739     return SKIP;
  740 
  741   rc= mysql_query(mysql, "DROP TABLE IF EXISTS t_conc102");
  742   check_mysql_rc(rc, mysql);
  743   rc= mysql_query(mysql, "CREATE TABLE t_conc102 ( a int)");
  744   check_mysql_rc(rc, mysql);
  745   rc= mysql_query(mysql, "INSERT INTO t_conc102 VALUES (0)");
  746   check_mysql_rc(rc, mysql);
  747   pthread_mutex_init(&LOCK_test, NULL);
  748 
  749   for (i=0; i < 50; i++)
  750   {
  751 #ifndef WIN32
  752     pthread_create(&threads[i], NULL, (void *)thread_conc102, NULL);
  753 #else
  754     hthreads[i]= CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)thread_conc102, NULL, 0, &threads[i]);
  755     if (hthreads[i]==NULL)
  756       diag("error while starting thread");
  757 #endif
  758   }
  759   for (i=0; i < 50; i++)
  760   {
  761 #ifndef WIN32
  762     pthread_join(threads[i], NULL);
  763 #else
  764     WaitForSingleObject(hthreads[i], INFINITE);
  765 #endif
  766   } 
  767   pthread_mutex_destroy(&LOCK_test);
  768   rc= mysql_query(mysql, "SELECT a FROM t_conc102");
  769   check_mysql_rc(rc, mysql);
  770   res= mysql_store_result(mysql);
  771   row= mysql_fetch_row(res);
  772   diag("Found: %s", row[0]);
  773   FAIL_IF(strcmp(row[0], "50") != 0, "Expected 50");
  774   mysql_free_result(res);
  775   rc= mysql_query(mysql, "DROP TABLE IF EXISTS t_conc102");
  776   check_mysql_rc(rc, mysql);
  777   return OK;
  778 }
  779 
  780 const char *ssl_cert_finger_print= "@CERT_FINGER_PRINT@";
  781 
  782 static int test_ssl_fp(MYSQL *unused __attribute__((unused)))
  783 {
  784   MYSQL *my;
  785   MYSQL_RES *res;
  786   MYSQL_ROW row;
  787   int rc;
  788   
  789   if (check_skip_ssl())
  790     return SKIP;
  791 
  792   if (!ssl_cert_finger_print[0])
  793   {
  794     diag("No fingerprint available");
  795     return SKIP;
  796   }
  797 
  798   my= mysql_init(NULL);
  799   FAIL_IF(!my, "mysql_init() failed");
  800 
  801   mysql_ssl_set(my,0, 0, sslca, 0, 0);
  802 
  803   mysql_options(my, MARIADB_OPT_SSL_FP, ssl_cert_finger_print);
  804 
  805   FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema,
  806                          port, socketname, 0), mysql_error(my));
  807   
  808   FAIL_IF(check_cipher(my) != 0, "Invalid cipher");
  809 
  810   rc= mysql_query(my, "SET @a:=1");
  811   check_mysql_rc(rc, my);
  812 
  813   rc= mysql_query(my, "SELECT @a");
  814   check_mysql_rc(rc, my);
  815 
  816   if ((res= mysql_store_result(my)))
  817   {
  818     row= mysql_fetch_row(res);
  819     diag("@a:=%s", row[0]);
  820     mysql_free_result(res);
  821   }
  822 
  823   mysql_close(my);
  824   return OK;
  825 }
  826 
  827 static int test_ssl_fp_list(MYSQL *unused __attribute__((unused)))
  828 {
  829   MYSQL *my;
  830 
  831   if (check_skip_ssl())
  832     return SKIP;
  833 
  834 #ifndef TEST_SSL_SHA1
  835   return SKIP;
  836 #endif
  837 
  838   if (!ssl_cert_finger_print[0])
  839   {
  840     diag("No fingerprint available");
  841     return SKIP;
  842   }
  843   my= mysql_init(NULL);
  844   FAIL_IF(!my, "mysql_init() failed");
  845 
  846   mysql_ssl_set(my,0, 0, sslca, 0, 0);
  847 
  848   mysql_options(my, MARIADB_OPT_SSL_FP_LIST, "@CERT_PATH@/server-cert.sha1");
  849 
  850   if(!mysql_real_connect(my, hostname, username, password, schema,
  851                          port, socketname, 0))
  852   {
  853     diag("Error: %s", mysql_error(my));
  854     mysql_close(my);
  855     return FAIL;
  856   }
  857 
  858   FAIL_IF(check_cipher(my) != 0, "Invalid cipher");
  859   mysql_close(my);
  860   return OK;
  861 }
  862 
  863 static int test_ssl_version(MYSQL *unused __attribute__((unused)))
  864 {
  865   unsigned int iversion;
  866   char *version, *library;
  867   MYSQL *my;
  868 
  869   if (check_skip_ssl())
  870     return SKIP;
  871 
  872   my= mysql_init(NULL);
  873   FAIL_IF(!my, "mysql_init() failed");
  874 
  875   mysql_ssl_set(my,0, 0, sslca, 0, 0);
  876   FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema,
  877                          port, socketname, 0), mysql_error(my));
  878 
  879   diag("cipher: %s", mysql_get_ssl_cipher(my));
  880   mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION_ID, &iversion);
  881   diag("protocol: %d", iversion);
  882   mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION, &version);
  883   diag("protocol: %s", version);
  884 
  885   mariadb_get_infov(my, MARIADB_TLS_LIBRARY, &library);
  886   diag("library: %s", library);
  887 
  888   mysql_close(my);
  889 
  890   return OK;
  891 }
  892 
  893 #ifdef HAVE_SCHANNEL
  894 static int test_schannel_cipher(MYSQL *unused __attribute__((unused)))
  895 {
  896   MYSQL *my;
  897   unsigned int cipher_strength= 256;
  898 
  899   if (check_skip_ssl())
  900     return SKIP;
  901 
  902   my= mysql_init(NULL);
  903   FAIL_IF(!my, "mysql_init() failed");
  904 
  905   mysql_ssl_set(my,0, 0, sslca, 0, 0);
  906   mysql_options(my, MARIADB_OPT_TLS_CIPHER_STRENGTH, &cipher_strength);
  907   FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema,
  908                          port, socketname, 0), mysql_error(my));
  909 
  910   diag("cipher: %s", mysql_get_ssl_cipher(my));
  911 
  912   mysql_close(my);
  913 
  914   return OK;
  915 }
  916 
  917 #endif
  918 
  919 #if defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL)
  920 
  921 static int test_cipher_mapping(MYSQL *unused __attribute__((unused)))
  922 {
  923   unsigned int i=0;
  924   const char *ciphers[]= { "DHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA",
  925 #ifdef TEST_CAMELLIA_CIPHER
  926                            "DHE-RSA-CAMELLIA256-SHA", "CAMELLIA256-SHA",
  927                            "DHE-RSA-CAMELLIA128-SHA", "CAMELLIA128-SHA",
  928 #endif
  929 #ifdef TEST_DES_CIPHER
  930                            "EDH-RSA-DES-CBC3-SHA",
  931                            "DES-CBC3-SHA",
  932 #endif
  933                            "AES256-GCM-SHA384", "AES256-SHA256", "AES256-SHA",
  934                            "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA",
  935                            "AES128-GCM-SHA256", "AES128-SHA256", "AES128-SHA",
  936                            "DHE-RSA-AES256-SHA", "AES256-SHA",
  937                            NULL };
  938 
  939   diag("This test depends on OpenSSL version - since several ciphers might not be available");
  940   return SKIP;
  941 
  942   if (check_skip_ssl())
  943     return SKIP;
  944 
  945   if (!have_openssl)
  946   {
  947     diag("test requires Server with OpenSSL");
  948     return SKIP;
  949   }
  950 
  951   while (ciphers[i] != NULL)
  952   {
  953     MYSQL *mysql= mysql_init(NULL);
  954     MYSQL_ROW row;
  955     MYSQL_RES *res;
  956     char c[100];
  957     int rc;
  958     const char *cipher;
  959 
  960     mysql_options(mysql, MYSQL_OPT_TLS_VERSION, "TLSv1.0,TLSv1.1,TLSv1.2");
  961     mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, ciphers[i]);
  962     diag("%s", ciphers[i]);
  963     
  964     mysql->options.use_ssl= 1;
  965     FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
  966                          port, socketname, 0), mysql_error(mysql));
  967     if (!(cipher= mysql_get_ssl_cipher(mysql)) ||
  968         strcmp(ciphers[i], cipher) != 0)
  969     {
  970       diag("cipher %s differs: (%s)", ciphers[i], cipher);
  971       mysql_close(mysql);
  972       goto cont;
  973     }
  974     else
  975     {
  976       rc= mysql_query(mysql, "SHOW STATUS LIKE 'ssl_cipher'");
  977       check_mysql_rc(rc, mysql);
  978       res= mysql_store_result(mysql);
  979       row= mysql_fetch_row(res);
  980       strcpy(c, row[1]);
  981       mysql_free_result(res);
  982       mysql_close(mysql);
  983       if (strcmp(ciphers[i], c) != 0)
  984       {
  985         diag("expected: %s instead of %s", ciphers[i], c);
  986         /* depending if server supports ECC, ciphers may differ,
  987            so we don't return failure here */
  988       }
  989     }
  990 cont:
  991     i++;
  992   }
  993   return OK;
  994 }
  995 #endif  
  996 
  997 static int test_openssl_1(MYSQL *mysql)
  998 {
  999   int rc;
 1000   MYSQL *my;
 1001   uchar val= 1;
 1002   char query[1024];
 1003   int i;
 1004 
 1005   if (check_skip_ssl())
 1006     return SKIP;
 1007 
 1008   if (have_tls13)
 1009     return SKIP;
 1010 
 1011   if (!mariadb_connection(mysql))
 1012     return SKIP;
 1013 
 1014   for (i=1; i < 6; i++)
 1015   {
 1016     sprintf(query, "DROP USER 'ssluser%d'@'%s'", i, this_host);
 1017     rc= mysql_query(mysql, query);
 1018     sprintf(query, "CREATE USER 'ssluser%d'@'%s'", i, this_host);
 1019     rc= mysql_query(mysql, query);
 1020     check_mysql_rc(rc, mysql);
 1021   }
 1022   rc= mysql_query(mysql, "FLUSH PRIVILEGES");
 1023   check_mysql_rc(rc, mysql);
 1024   diag("sslusers created");
 1025 
 1026   diag("ssluser1");
 1027   sprintf(query, "grant select on %s.* to 'ssluser1'@'%s' require ssl", schema, this_host);
 1028   rc= mysql_query(mysql, query);
 1029   check_mysql_rc(rc, mysql);
 1030 
 1031 
 1032   my= mysql_init(NULL);
 1033   mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES128-SHA");
 1034   FAIL_IF(!mysql_real_connect(my, hostname, "ssluser1", NULL, schema,
 1035                          port, socketname, 0), mysql_error(my));
 1036   FAIL_IF(!mysql_get_ssl_cipher(my), "No TLS connection");
 1037   mysql_close(my);
 1038 
 1039   my= mysql_init(NULL);
 1040   mysql_options(my, MYSQL_OPT_SSL_ENFORCE, &val);
 1041   FAIL_IF(!mysql_real_connect(my, hostname, "ssluser1", NULL, schema,
 1042                          port, socketname, 0), mysql_error(my));
 1043   FAIL_IF(!mysql_get_ssl_cipher(my), "No TLS connection");
 1044   mysql_close(my);
 1045 
 1046   diag("ssluser2");
 1047   sprintf(query, "grant select on %s.* to 'ssluser2'@'%s' require cipher 'AES256-SHA'", schema, this_host);
 1048   rc= mysql_query(mysql, query);
 1049   check_mysql_rc(rc, mysql);
 1050 
 1051 #ifdef TEST_RANDOM_RESULT
 1052 /* ssl_user2: connect with enforce should work */
 1053   my= mysql_init(NULL);
 1054   mysql_options(my, MYSQL_OPT_SSL_ENFORCE, &val);
 1055   mysql_real_connect(my, hostname, "ssluser2", NULL, schema,
 1056                          port, socketname, 0);
 1057   if (!mysql_error(my) &&
 1058        strcmp(mysql_get_ssl_cipher(my), "AES256-SHA"))
 1059   {
 1060     diag("Expected error or correct cipher");
 1061     return FAIL;
 1062   }
 1063   mysql_close(my);
 1064 #endif
 1065   /* ssl_user2: connect with correct cipher */
 1066   diag("ssluser2");
 1067   if (mysql_get_server_version(mysql) >= 100100)
 1068   {
 1069     my= mysql_init(NULL);
 1070     mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES256-SHA");
 1071     FAIL_IF(!mysql_real_connect(my, hostname, "ssluser2", NULL, schema,
 1072                            port, socketname, 0), mysql_error(my));
 1073     FAIL_IF(strcmp("AES256-SHA", mysql_get_ssl_cipher(my)) != 0, "expected cipher AES256-SHA");
 1074     mysql_close(my);
 1075   }
 1076 
 1077   /* ssl_user2: connect with wrong cipher should not work */
 1078   diag("ssluser2");
 1079   my= mysql_init(NULL);
 1080   mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES128-SHA");
 1081   FAIL_IF(mysql_real_connect(my, hostname, "ssluser2", NULL, schema,
 1082                          port, socketname, 0), "Error expected");
 1083   mysql_close(my);
 1084 
 1085 
 1086   if (!travis_test)
 1087   {
 1088     sprintf(query, "grant select on %s.* to 'ssluser3'@'%s' require cipher 'AES256-SHA' AND "
 1089                  " SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client'", schema, this_host);
 1090     rc= mysql_query(mysql, query);
 1091     check_mysql_rc(rc, mysql);
 1092 
 1093     /* ssluser3: connect with cipher only */
 1094     my= mysql_init(NULL);
 1095     mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES256-SHA");
 1096     FAIL_IF(mysql_real_connect(my, hostname, "ssluser3", NULL, schema,
 1097                                port, socketname, 0), "Error expected");
 1098     mysql_close(my);
 1099 
 1100     /* ssluser3 connect with cipher and certs */
 1101     my= mysql_init(NULL);
 1102     mysql_ssl_set(my, sslkey, 
 1103                   sslcert, 
 1104                   sslca, 
 1105                   NULL, 
 1106                   "AES256-SHA");
 1107     FAIL_IF(!mysql_real_connect(my, hostname, "ssluser3", NULL, schema,
 1108                            port, socketname, 0), mysql_error(my));
 1109 
 1110     mysql_close(my);
 1111 
 1112     sprintf(query, "grant select on %s.* to 'ssluser4'@'%s' require cipher 'AES256-SHA' AND "
 1113                    " ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'", schema, this_host);
 1114     rc= mysql_query(mysql, query);
 1115     check_mysql_rc(rc, mysql);
 1116 
 1117     /* ssluser4: connect with cipher only */
 1118     my= mysql_init(NULL);
 1119     mysql_ssl_set(my, NULL, NULL, NULL, NULL, "AES256-SHA");
 1120     FAIL_IF(mysql_real_connect(my, hostname, "ssluser4", NULL, schema,
 1121                            port, socketname, 0), "Error expected");
 1122     mysql_close(my);
 1123 
 1124     /* ssluser4 connect with cipher and certs */
 1125     my= mysql_init(NULL);
 1126     mysql_ssl_set(my, sslkey,
 1127                   sslcert,
 1128                   sslca,
 1129                   NULL,
 1130                   "AES256-SHA");
 1131     FAIL_IF(!mysql_real_connect(my, hostname, "ssluser4", NULL, schema,
 1132                            port, socketname, 0), mysql_error(my));
 1133     mysql_close(my);
 1134   }
 1135   diag("drop users");
 1136   for (i=1; i < 6; i++)
 1137   {
 1138     sprintf(query, "DROP USER 'ssluser%d'@'%s'", i, this_host);
 1139     rc= mysql_query(mysql, query);
 1140   }
 1141 
 1142   return OK;
 1143 }
 1144 
 1145 static int test_ssl_timeout(MYSQL *unused __attribute__((unused)))
 1146 {
 1147   MYSQL *mysql;
 1148   my_bool enforce= 1;
 1149   int read_timeout= 1;
 1150   int rc;
 1151 
 1152   if (check_skip_ssl())
 1153     return SKIP;
 1154 
 1155   mysql= mysql_init(NULL);
 1156   mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &enforce);
 1157   mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, &read_timeout);
 1158   mysql->options.use_ssl= 1;
 1159   FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
 1160                          port, socketname, 0), mysql_error(mysql));
 1161   diag("cipher: %s\n", mysql_get_ssl_cipher(mysql));
 1162   rc= mysql_query(mysql, "SELECT SLEEP(600)");
 1163   if (!rc)
 1164   {
 1165     diag("error expected (timeout)");
 1166     return FAIL;
 1167   }
 1168 
 1169   mysql_close(mysql);
 1170   return OK;
 1171 }
 1172 
 1173 static int drop_ssl_user(MYSQL *mysql)
 1174 {
 1175   int rc;
 1176 
 1177   rc= mysql_query(mysql, "DELETE FROM mysql.user where user like 'ssl%'");
 1178   check_mysql_rc(rc, mysql);
 1179   rc= mysql_query(mysql, "DELETE FROM mysql.db where user like 'ssl%'");
 1180   check_mysql_rc(rc, mysql);
 1181   return OK;
 1182 }
 1183 
 1184 static int test_conc286(MYSQL *unused __attribute__((unused)))
 1185 {
 1186   MYSQL *my;
 1187 
 1188   if (check_skip_ssl())
 1189     return SKIP;
 1190 
 1191   if (!ssl_cert_finger_print[0])
 1192   {
 1193     diag("No fingerprint available");
 1194     return SKIP;
 1195   }
 1196   my= mysql_init(NULL);
 1197   FAIL_IF(!my, "mysql_init() failed");
 1198 
 1199   mysql_options(my, MARIADB_OPT_SSL_FP, ssl_cert_finger_print);
 1200 
 1201   FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema,
 1202                          port, socketname, 0), mysql_error(my));
 1203   
 1204   FAIL_IF(check_cipher(my) != 0, "Invalid cipher");
 1205 
 1206   mysql_close(my);
 1207   return OK;
 1208 }
 1209 
 1210 static int test_mdev14027(MYSQL *mysql __attribute__((unused)))
 1211 {
 1212   char *tls_library;
 1213   const char *check_library=
 1214 #if defined(HAVE_OPENSSL)
 1215 #if defined(HAVE_LIBRESSL)
 1216     "LibreSSL";
 1217 #else
 1218     "OpenSSL";
 1219 #endif
 1220 #elif defined(HAVE_GNUTLS)
 1221     "GnuTLS";
 1222 #elif defined(HAVE_SCHANNEL)
 1223     "Schannel";
 1224 #else
 1225     "Off";
 1226 #endif
 1227   mariadb_get_infov(NULL, MARIADB_TLS_LIBRARY, &tls_library);
 1228   diag("TLS/SSL library in use: %s\n", tls_library);
 1229   if (!strstr(tls_library, check_library))
 1230   {
 1231     diag("expected %s, got %s", check_library, tls_library);
 1232     return FAIL;
 1233   }
 1234   return OK;
 1235 }
 1236 
 1237 static int test_mdev14101(MYSQL *my __attribute__((unused)))
 1238 {
 1239   struct {
 1240     bool do_yassl;
 1241     const char *opt_tls_version;
 1242     const char *expected;
 1243   } combinations[]= {
 1244     {1, "TLSv1.0", "TLSv1.0"},
 1245     {1, "TLSv1.1", "TLSv1.1"},
 1246     {1, "TLSv1,TLSv1.1", "TLSv1.1"},
 1247     {0, "TLSv1.2", "TLSv1.2"},
 1248     {0, NULL, "TLSv1.2"},
 1249     {0, "TLSv1.0,TLSv1.1,TLSv1.2", "TLSv1.2"},
 1250     {1, NULL, NULL}
 1251   };
 1252 
 1253   int i;
 1254 #ifdef HAVE_SCHANNEL
 1255   bool skip_tlsv12= 1;
 1256 #else
 1257   bool skip_tlsv12= !have_openssl;
 1258 #endif
 1259 
 1260 #if defined(HAVE_OPENSSL) && defined(TLS1_3_VERSION)
 1261   diag("Test fails with TLS v1.3");
 1262   return(SKIP);
 1263 #endif
 1264 
 1265   for (i=0; combinations[i].expected; i++)
 1266   {
 1267     MYSQL *mysql;
 1268     bool val=1;
 1269     char *tls_version;
 1270 
 1271     if (!combinations[i].do_yassl && skip_tlsv12)
 1272       break;
 1273 
 1274     diag("combination %d: %s", i, combinations[i].opt_tls_version);
 1275 
 1276     mysql= mysql_init(NULL);
 1277     mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &val);
 1278     mysql_options(mysql, MARIADB_OPT_TLS_VERSION, combinations[i].opt_tls_version);
 1279     FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
 1280                          port, socketname, 0), mysql_error(mysql));
 1281     mariadb_get_infov(mysql, MARIADB_CONNECTION_TLS_VERSION, &tls_version);
 1282     diag("options: %s", combinations[i].opt_tls_version);
 1283     diag("protocol: %s expected: %s", tls_version, combinations[i].expected);
 1284     FAIL_IF(strcmp(combinations[i].expected, tls_version), "Wrong tls_version");
 1285     mysql_close(mysql);
 1286   }
 1287   return OK;
 1288 }
 1289 
 1290 struct my_tests_st my_tests[] = {
 1291   {"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1292   {"test_mdev14101", test_mdev14101, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1293   {"test_mdev14027", test_mdev14027, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1294   {"test_conc286", test_conc286, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1295   {"test_ssl_timeout", test_ssl_timeout, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1296   {"test_openssl_1", test_openssl_1, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1297 #ifndef HAVE_SCHANNEL
 1298   {"test_cipher_mapping", test_cipher_mapping, TEST_CONNECTION_NONE, 0,  NULL,  NULL},
 1299 #endif
 1300   {"test_conc127", test_conc127, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1301 /* Both tests work with GNU tls, however we can't create fingerprints with
 1302    gnutls-cli in CMakeLists.txt */
 1303 #ifndef HAVE_SCHANNEL
 1304   {"test_ssl_fp", test_ssl_fp, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1305   {"test_ssl_fp_list", test_ssl_fp_list, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1306 #endif
 1307   {"test_conc50", test_conc50, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1308   {"test_conc50_1", test_conc50_1, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1309   {"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1310   {"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1311   {"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1312   {"test_conc95", test_conc95, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1313   {"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1314   {"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1315   {"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL},
 1316   {"test_ssl_cipher", test_ssl_cipher, TEST_CONNECTION_NONE, 0,  NULL,  NULL},
 1317   {"test_multi_ssl_connections", test_multi_ssl_connections, TEST_CONNECTION_NONE, 0,  NULL,  NULL},
 1318   {"test_conc_102", test_conc_102, TEST_CONNECTION_NEW, 0, NULL, NULL},
 1319   {"test_ssl_version", test_ssl_version, TEST_CONNECTION_NEW, 0, NULL, NULL},
 1320   {"test_ssl_threads", test_ssl_threads, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1321 #ifndef HAVE_SCHANNEL
 1322   {"test_password_protected", test_password_protected, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1323 #else
 1324   {"test_schannel_cipher", test_schannel_cipher, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1325 #endif
 1326   {"drop_ssl_user", drop_ssl_user, TEST_CONNECTION_NEW, 0,  NULL,  NULL},
 1327   {NULL, NULL, 0, 0, NULL, NULL}
 1328 };
 1329 
 1330 
 1331 int main(int argc, char **argv)
 1332 {
 1333   get_envvars();
 1334 
 1335   if (argc > 1)
 1336     get_options(argc, argv);
 1337   run_tests(my_tests);
 1338 
 1339   mysql_server_end();
 1340   return(exit_status());
 1341 }
 1342