Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MTRs to further test coverage around TLS functionality #3540

Open
wants to merge 2 commits into
base: 10.11
Choose a base branch
from
Open

Add MTRs to further test coverage around TLS functionality #3540

wants to merge 2 commits into from

Conversation

tonychen2001
Copy link
Contributor

Description

Increase TLS functionality coverage in MTRs.

A few additional test coverage added:

  • Server behaves safely with invalid ssl-cipher configuration
  • Server behaves safely when cipher and server certificate are incompatible

Release Notes

N/A

How can this PR be tested?

N/A

Basing the PR against the correct MariaDB version

  • This adds test coverage and targets the earliest branch in which the test applies (The added MTRs are applicable to 10.11+).

PR quality check

Copyright

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.

LinuxJedi
LinuxJedi approved these changes Sep 24, 2024
View reviewed changes
Copy link
Contributor

@LinuxJedi LinuxJedi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, many thanks.

@LinuxJedi LinuxJedi enabled auto-merge (rebase) September 30, 2024 13:28
@LinuxJedi
Copy link
Contributor

@tonychen2001 I don't have permission to rebase this branch, auto-merge is on, can you please execute a rebase?

auto-merge was automatically disabled October 3, 2024 00:03

Head branch was pushed to by a user without write access

@tonychen2001
Copy link
Contributor Author

@tonychen2001 I don't have permission to rebase this branch, auto-merge is on, can you please execute a rebase?

Hi @LinuxJedi, I've rebased but it disables auto-merge.

@tonychen2001
Add MTR to ensure startup fails with invalid ssl-cipher
5e66843 
Add a simple test to verify that the server will fail to start up when no valid
cipher suites are passed to `ssl-cipher`.

As different TLS libraries and versions have differing cipher suite support, it
would be a good idea to ensure the server behaves in a safe manner if it is
configured with invalid cipher suites.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
@tonychen2001
Add MTR to verify behavior on incompatible TLS configuration
3eaf625 
Add a simple test to verify the server behaves in a safe manner if configured
with ciphers that aren't compatible with the server certificate.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
@LinuxJedi LinuxJedi enabled auto-merge (rebase) October 8, 2024 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LinuxJedi LinuxJedi LinuxJedi approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tonychen2001 @LinuxJedi