You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.global_priv WHERE host NOT IN ('localhost', '127.0.0.1', '::1') AND JSON_VALUE(Priv, '\$.ssl_type') = ''"
5219
+
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.global_priv WHERE host NOT IN ('localhost', '127.0.0.1', '::1') AND JSON_VALUE(Priv, '\$.ssl_type') = '' AND COALESCE(JSON_VALUE(Priv, '\$.is_role'), '') NOT IN ('true', '1')"
5215
5220
);
5216
5221
}
5217
5222
else {
5223
+
my $is_role_column = select_one(
5224
+
"select count(*) from information_schema.columns where TABLE_NAME='user' AND TABLE_SCHEMA='mysql' and COLUMN_NAME='IS_ROLE'"
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE host NOT IN ('localhost', '127.0.0.1', '::1') AND (ssl_type = 'NONE' OR ssl_type = '')"
5231
+
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE host NOT IN ('localhost', '127.0.0.1', '::1') AND (ssl_type = 'NONE' OR ssl_type = '')$extra_user_condition"
Copy file name to clipboardExpand all lines: tests/ssl_tls_validation.t
+68Lines changed: 68 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -115,6 +115,31 @@ subtest 'ssl_tls_recommendations' => sub {
115
115
main::ssl_tls_recommendations();
116
116
ok(grep(/Insecure TLS versions enabled/, @bad_prints), "Detects TLS 1.1 as insecure");
117
117
ok(grep(/No modern TLS versions/, @bad_prints), "Detects lack of TLS 1.2+");
118
+
119
+
# Case 5: MariaDB 11.4+ Zero-Configuration TLS (ssl_cert and ssl_key empty, but TLS active)
120
+
MySQLTuner::TestHelper::reset_state();
121
+
%main::myvar = ( %main::myvar,
122
+
'version'=>'11.8.8-MariaDB',
123
+
'have_ssl'=>'YES',
124
+
'require_secure_transport'=>'ON',
125
+
'tls_version'=>'TLSv1.2,TLSv1.3',
126
+
'ssl_cert'=>'',
127
+
'ssl_key'=>''
128
+
);
129
+
local *main::select_one = sub {
130
+
my$query = shift;
131
+
if ($query =~ /Ssl_cipher/) {
132
+
return"Ssl_cipher\tTLS_AES_256_GCM_SHA384";
133
+
}
134
+
return"";
135
+
};
136
+
@main::generalrec = ();
137
+
@bad_prints = ();
138
+
@good_prints = ();
139
+
@recommendations = ();
140
+
main::ssl_tls_recommendations();
141
+
ok(grep(/TLS is active, but no explicit ssl_cert\/ssl_key paths are configured/, @good_prints), "MariaDB 11.4+ Zero-Configuration TLS prints info message");
142
+
is(scalar(grep(/No SSL certificates configured/, @bad_prints)), 0, "No missing certificates warning for zero-config TLS");
118
143
};
119
144
120
145
subtest 'check_local_certificates'=>sub {
@@ -217,6 +242,49 @@ subtest 'check_remote_user_ssl' => sub {
217
242
@bad_prints = ();
218
243
main::check_remote_user_ssl();
219
244
ok(grep(/users can connect remotely without SSL/, @bad_prints), "Detects remote user without SSL (MySQL)");
0 commit comments