diff --git a/cmake/copy_openssl_binary.cmake b/cmake/copy_openssl_binary.cmake new file mode 100644 index 000000000000..2b2f2b07a7f4 --- /dev/null +++ b/cmake/copy_openssl_binary.cmake @@ -0,0 +1,120 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License, version 2.0, +# as published by the Free Software Foundation. +# +# This program is also distributed with certain software (including +# but not limited to OpenSSL) that is licensed under separate terms, +# as designated in a particular file or component or in included license +# documentation. The authors of MySQL hereby grant you an additional +# permission to link the program and your derivative works with the +# separately licensed software that they have included with MySQL. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License, version 2.0, for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +SET(MSG_TXT + "Copied OPENSSL_EXECUTABLE = ${executable_full_filename} to") +IF(BUILD_IS_SINGLE_CONFIG) + IF(EXISTS "${executable_name}") +# MESSAGE(STATUS "${executable_name} already copied") + RETURN() + ENDIF() + EXECUTE_PROCESS( + COMMAND ${CMAKE_COMMAND} -E copy + "${executable_full_filename}" "${executable_name}" + ) + SET(MSG_TXT "${MSG_TXT} ${CWD}/${executable_name}") + MESSAGE(STATUS "${MSG_TXT}") +ELSE() + IF(EXISTS "./${CMAKE_CFG_INTDIR}/${executable_name}") +# MESSAGE(STATUS "${CMAKE_CFG_INTDIR}/${executable_name} already copied") + RETURN() + ENDIF() + EXECUTE_PROCESS( + COMMAND ${CMAKE_COMMAND} -E copy + "${executable_full_filename}" "${CMAKE_CFG_INTDIR}/${executable_name}" + ) + SET(MSG_TXT "${MSG_TXT} ${CWD}/${CMAKE_CFG_INTDIR}/${executable_name}") + MESSAGE(STATUS "${MSG_TXT}") +ENDIF() + +IF(LINUX) + EXECUTE_PROCESS( + COMMAND ${PATCHELF_EXECUTABLE} --version + OUTPUT_VARIABLE PATCHELF_VERSION + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + STRING(REPLACE "patchelf" "" PATCHELF_VERSION "${PATCHELF_VERSION}") + + IF(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND + PATCHELF_VERSION VERSION_LESS "0.14.5") + SET(PATCHELF_PAGE_SIZE_ARGS --page-size ${CPU_PAGE_SIZE}) + ENDIF() + + EXECUTE_PROCESS( + COMMAND ${PATCHELF_EXECUTABLE} ${PATCHELF_PAGE_SIZE_ARGS} + --set-rpath "$ORIGIN/../lib:$ORIGIN/../${INSTALL_PRIV_LIBDIR}" + "./${executable_name}" + ) +ENDIF(LINUX) + +IF(APPLE) + MESSAGE(STATUS "CRYPTO_VERSION is ${CRYPTO_VERSION}") + MESSAGE(STATUS "OPENSSL_VERSION is ${OPENSSL_VERSION}") + EXECUTE_PROCESS( + COMMAND otool -L ${CMAKE_CFG_INTDIR}/${executable_name} + OUTPUT_VARIABLE OTOOL_OPENSSL_DEPS + ) + + STRING(REPLACE "\n" ";" DEPS_LIST ${OTOOL_OPENSSL_DEPS}) + FOREACH(LINE ${DEPS_LIST}) + IF(LINE MATCHES "libssl") + STRING(REGEX MATCH "[ ]*([.a-zA-Z0-9/@_]+.dylib).*" UNUSED "${LINE}") + MESSAGE(STATUS "dependency ${CMAKE_MATCH_1}") + SET(LIBSSL_MATCH "${CMAKE_MATCH_1}") + ENDIF() + IF(LINE MATCHES "libcrypto") + STRING(REGEX MATCH "[ ]*([.a-zA-Z0-9/@_]+.dylib).*" UNUSED "${LINE}") + MESSAGE(STATUS "dependency ${CMAKE_MATCH_1}") + SET(LIBCRYPTO_MATCH "${CMAKE_MATCH_1}") + ENDIF() + ENDFOREACH() + + IF(BUILD_IS_SINGLE_CONFIG) + # install_name_tool -change old new file + EXECUTE_PROCESS(COMMAND install_name_tool -change + "${LIBSSL_MATCH}" "@loader_path/../lib/${OPENSSL_VERSION}" + "./${executable_name}" + ) + EXECUTE_PROCESS(COMMAND install_name_tool -change + "${LIBCRYPTO_MATCH}" "@loader_path/../lib/${CRYPTO_VERSION}" + "./${executable_name}" + ) + EXECUTE_PROCESS( + COMMAND chmod +w "./${executable_name}" + ) + ELSE() + # install_name_tool -change old new file + EXECUTE_PROCESS(COMMAND install_name_tool -change + "${LIBSSL_MATCH}" + "@loader_path/../../lib/${CMAKE_CFG_INTDIR}/${OPENSSL_VERSION}" + "./${CMAKE_CFG_INTDIR}/${executable_name}" + ) + EXECUTE_PROCESS(COMMAND install_name_tool -change + "${LIBCRYPTO_MATCH}" + "@loader_path/../../lib/${CMAKE_CFG_INTDIR}/${CRYPTO_VERSION}" + "./${CMAKE_CFG_INTDIR}/${executable_name}" + ) + EXECUTE_PROCESS( + COMMAND chmod +w "./${CMAKE_CFG_INTDIR}/${executable_name}" + ) + ENDIF() +ENDIF(APPLE) diff --git a/cmake/install_macros.cmake b/cmake/install_macros.cmake index 859715a45c4a..870c9f13732d 100644 --- a/cmake/install_macros.cmake +++ b/cmake/install_macros.cmake @@ -602,6 +602,89 @@ FUNCTION(SET_PATH_TO_CUSTOM_SSL_FOR_APPLE target) ENDIF() ENDFUNCTION() +# For custom SSL, copy the openssl executable to the build directory, +# and INSTALL it at part of the Test COMPONENT. +# +# We update the RUNPATH of the executable to +# $ORIGIN/../lib:$ORIGIN/lib/private for Linux +# @loader_path/../lib for macOS. +# +# executable_full_filename is ${WITH_SSL_PATH}/bin/openssl. +# Arguments CRYPTO_VERSION OPENSSL_VERSION are used for macOS only. +# Set ${OUTPUT_TARGET_NAME} to the name of a target which will do the copying. +# +# We cannot install 'openssl' in a public bin/ directory, +# so we rename it to 'my_openssl'. +FUNCTION(COPY_OPENSSL_BINARY executable_full_filename + CRYPTO_VERSION OPENSSL_VERSION + OUTPUT_TARGET_NAME) + GET_FILENAME_COMPONENT(executable_name "${executable_full_filename}" NAME) + GET_FILENAME_COMPONENT(exe_name_we "${executable_full_filename}" NAME_WE) + + SET(COPY_TARGET_NAME "copy_${exe_name_we}") + SET(${OUTPUT_TARGET_NAME} "${COPY_TARGET_NAME}" PARENT_SCOPE) + + # Get rid of Warning MSB8065: File not created + # MY_ADD_CUSTOM_TARGET fails in mysterious ways, so we touch here instead. + IF(CMAKE_GENERATOR MATCHES "Visual Studio") + EXECUTE_PROCESS( + COMMAND ${CMAKE_COMMAND} -E touch + "${CMAKE_BINARY_DIR}/cmakefiles/${COPY_TARGET_NAME}" + ) + ENDIF() + + # Do copying and patching in a sub-process, so that we can skip it if + # already done. + ADD_CUSTOM_TARGET(${COPY_TARGET_NAME} ALL + COMMAND ${CMAKE_COMMAND} + -Dexecutable_full_filename="${executable_full_filename}" + -Dexecutable_name="my_${executable_name}" + -DCWD="${CMAKE_BINARY_DIR}/runtime_output_directory" + -DAPPLE=${APPLE} + -DLINUX=${LINUX} + -DWIN32=${WIN32} + -DCRYPTO_VERSION="${CRYPTO_VERSION}" + -DOPENSSL_VERSION="${OPENSSL_VERSION}" + -DINSTALL_PRIV_LIBDIR="${INSTALL_PRIV_LIBDIR}" + -DPATCHELF_EXECUTABLE="${PATCHELF_EXECUTABLE}" + -DCPU_PAGE_SIZE="${CPU_PAGE_SIZE}" + -DBUILD_IS_SINGLE_CONFIG="${BUILD_IS_SINGLE_CONFIG}" + -DCMAKE_GENERATOR="${CMAKE_GENERATOR}" + -DCMAKE_SYSTEM_PROCESSOR="${CMAKE_SYSTEM_PROCESSOR}" + -DCMAKE_CFG_INTDIR="${CMAKE_CFG_INTDIR}" + -P ${CMAKE_SOURCE_DIR}/cmake/copy_openssl_binary.cmake + WORKING_DIRECTORY + "${CMAKE_BINARY_DIR}/runtime_output_directory" + ) + + SET(PERMISSIONS_EXECUTABLE + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE + ) + + MESSAGE(STATUS "INSTALL ${executable_name} TO ${INSTALL_BINDIR}") + IF(BUILD_IS_SINGLE_CONFIG) + INSTALL(FILES + "${CMAKE_BINARY_DIR}/runtime_output_directory/my_${executable_name}" + DESTINATION "${INSTALL_BINDIR}" + COMPONENT Test + ${PERMISSIONS_EXECUTABLE} + ) + ELSE() + FOREACH(cfg Debug Release RelWithDebInfo MinSizeRel) + INSTALL(FILES + "${CMAKE_BINARY_DIR}/runtime_output_directory/${cfg}/my_${executable_name}" + DESTINATION "${INSTALL_BINDIR}" + CONFIGURATIONS ${cfg} + COMPONENT Test + ${PERMISSIONS_EXECUTABLE} + ) + ENDFOREACH() + ENDIF() +ENDFUNCTION(COPY_OPENSSL_BINARY) + # For standalone Linux build and -DWITH_LDAP -DWITH_SASL -DWITH_SSL and # -DWITH_KERBEROS set to custom path. diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake index 95d0f585248e..d4b586d39e32 100644 --- a/cmake/ssl.cmake +++ b/cmake/ssl.cmake @@ -348,8 +348,14 @@ MACRO (MYSQL_CHECK_SSL) OPENSSL_MAJOR_VERSION STREQUAL "1" ) SET(OPENSSL_FOUND TRUE) - FIND_PROGRAM(OPENSSL_EXECUTABLE openssl - DOC "path to the openssl executable") + IF(WITH_SSL_PATH) + FIND_PROGRAM(OPENSSL_EXECUTABLE openssl + NO_DEFAULT_PATH + PATHS "${WITH_SSL_PATH}/bin" + DOC "path to the openssl executable") + ELSE() + FIND_PROGRAM(OPENSSL_EXECUTABLE openssl) + ENDIF() IF(OPENSSL_EXECUTABLE) SET(OPENSSL_EXECUTABLE_HAS_ZLIB 0) EXECUTE_PROCESS( @@ -481,7 +487,10 @@ MACRO(MYSQL_CHECK_SSL_DLLS) ADD_CUSTOM_TARGET(copy_openssl_dlls DEPENDS ${crypto_target} ${openssl_target}) - ENDIF() + COPY_OPENSSL_BINARY(${OPENSSL_EXECUTABLE} "" "" openssl_exe_target) + ADD_DEPENDENCIES(${openssl_exe_target} copy_openssl_dlls) + + ENDIF(LINUX AND HAVE_CRYPTO_SO AND HAVE_OPENSSL_SO) IF(APPLE) GET_FILENAME_COMPONENT(CRYPTO_EXT "${CRYPTO_LIBRARY}" EXT) @@ -561,6 +570,11 @@ MACRO(MYSQL_CHECK_SSL_DLLS) "${CMAKE_BINARY_DIR}/library_output_directory/${CMAKE_CFG_INTDIR}" ) + COPY_OPENSSL_BINARY(${OPENSSL_EXECUTABLE} + ${CRYPTO_VERSION} ${OPENSSL_VERSION} + openssl_exe_target) + ADD_DEPENDENCIES(${openssl_exe_target} copy_openssl_dlls) + # Create symlinks for plugins, see MYSQL_ADD_PLUGIN/install_name_tool ADD_CUSTOM_TARGET(link_openssl_dlls ALL COMMAND ${CMAKE_COMMAND} -E create_symlink @@ -692,6 +706,8 @@ MACRO(MYSQL_CHECK_SSL_DLLS) "${HAVE_CRYPTO_DLL}" "${HAVE_OPENSSL_DLL}" DESTINATION "${INSTALL_BINDIR}" COMPONENT SharedLibraries) + COPY_OPENSSL_BINARY(${OPENSSL_EXECUTABLE} "" "" openssl_exe_target) + ADD_DEPENDENCIES(${openssl_exe_target} copy_openssl_dlls) ELSE() MESSAGE(STATUS "Cannot find SSL dynamic libraries") IF(OPENSSL_MINOR_VERSION VERSION_EQUAL 1) diff --git a/mysql-test/include/check_openssl_version.inc b/mysql-test/include/check_openssl_version.inc index 0e4bafaf495c..30d644b8d90c 100644 --- a/mysql-test/include/check_openssl_version.inc +++ b/mysql-test/include/check_openssl_version.inc @@ -10,14 +10,14 @@ let OPENSSL_CONFIG_INC= $MYSQLTEST_VARDIR/log/openssl_binary_config.inc; --remove_file $OPENSSL_CONFIG_INC --error 0,1, 127 ---exec openssl version > $OPENSSL_VERSION_INFO +--exec $OPENSSL_EXECUTABLE version > $OPENSSL_VERSION_INFO perl; use strict; my $search_file= $ENV{'OPENSSL_VERSION_INFO'}; - my $search_pattern_1= "0.9.*"; - my $search_pattern_2= "1.0.0.*"; - my $search_pattern_3= "1.0.1.*"; + my $search_pattern_1= "0\\.9.*"; + my $search_pattern_2= "1\\.0\\.0.*"; + my $search_pattern_3= "1\\.0\\.1.*"; my $content= ""; my $dir= $ENV{'MYSQLTEST_VARDIR'}; open(CONFIG_INC, ">$dir/log/openssl_binary_config.inc"); diff --git a/mysql-test/include/excludenoskip.list b/mysql-test/include/excludenoskip.list index dff0ce99fa91..b8978c5d728b 100644 --- a/mysql-test/include/excludenoskip.list +++ b/mysql-test/include/excludenoskip.list @@ -106,7 +106,6 @@ fix_priv_tables.test federated_bug_25714.test # 4.4 -have_openssl_binary.inc check_openssl_version.inc have_tlsv13.inc not_have_tlsv13.inc diff --git a/mysql-test/include/have_openssl_binary.inc b/mysql-test/include/have_openssl_binary.inc deleted file mode 100644 index 8dc146a28309..000000000000 --- a/mysql-test/include/have_openssl_binary.inc +++ /dev/null @@ -1,60 +0,0 @@ ---disable_query_log ---disable_result_log -let OPENSSL_EXEC_LOG= $MYSQLTEST_VARDIR/log/openssl_exec_log.txt; -let OPENSSL_CONFIG_INC= $MYSQLTEST_VARDIR/log/openssl_binary_config.inc; ---error 0,1 ---remove_file $OPENSSL_EXEC_LOG ---error 0,1 ---remove_file $OPENSSL_CONFIG_INC - ---error 0,1, 127 ---exec openssl version 2> $OPENSSL_EXEC_LOG -let STATUS_VAR= $__error; -if ($STATUS_VAR) -{ - --error 0,1 - --remove_file $OPENSSL_EXEC_LOG - --skip Test requires openssl binary -} - -perl; - use strict; - my $search_file= $ENV{'OPENSSL_EXEC_LOG'}; - my $search_pattern_1= "can't open config file"; - my $search_pattern_2= "Unable to load config info"; - my $content= ""; - my $dir= $ENV{'MYSQLTEST_VARDIR'}; - open(CONFIG_INC, ">$dir/log/openssl_binary_config.inc"); - open(FILE, "$search_file") or die("Unable to open '$search_file' : $!\n"); - - read(FILE, $content, 100, 0); - close(FILE); - - if ( ($content =~ m{$search_pattern_1}) || ($content =~ m{$search_pattern_2}) ) { - print CONFIG_INC "let \$STATUS_VAR = 1;\n"; - } - else { - print CONFIG_INC "let \$STATUS_VAR = 0;\n"; - } - - close(CONFIG_INC); -EOF - ---source $OPENSSL_CONFIG_INC - -if ($STATUS_VAR) -{ - --error 0,1 - --remove_file $OPENSSL_EXEC_LOG - --error 0,1 - --remove_file $OPENSSL_CONFIG_INC - --skip Test requires openssl binary but either config file for openssl is not found or openssl is unable to load config from the file -} - ---error 0,1 ---remove_file $OPENSSL_EXEC_LOG ---error 0,1 ---remove_file $OPENSSL_CONFIG_INC - ---enable_query_log ---enable_result_log diff --git a/mysql-test/include/have_openssl_binary_version.inc b/mysql-test/include/have_openssl_binary_version.inc index c0eca0b23138..fb460b7d0c8a 100644 --- a/mysql-test/include/have_openssl_binary_version.inc +++ b/mysql-test/include/have_openssl_binary_version.inc @@ -8,7 +8,6 @@ # --let $openssl_binary_version = 1.1.* # --source include/have_openssl_binary_version.inc -source include/have_openssl_binary.inc; --disable_query_log --disable_result_log @@ -22,7 +21,7 @@ let OPENSSL_SEARCH_PATTERN=$openssl_binary_version; --remove_file $OPENSSL_CONFIG_INC --error 0,1, 127 ---exec openssl version > $OPENSSL_VERSION_INFO +--exec $OPENSSL_EXECUTABLE version > $OPENSSL_VERSION_INFO perl; use strict; diff --git a/mysql-test/include/have_openssl_zlib.inc b/mysql-test/include/have_openssl_zlib.inc index 60ab9e4924b2..9f7a1568d5db 100644 --- a/mysql-test/include/have_openssl_zlib.inc +++ b/mysql-test/include/have_openssl_zlib.inc @@ -4,9 +4,9 @@ # Sets $have_openssl_zlib to 0|1 # --error 0,1,2,127 ---exec openssl list -cipher-commands > $MYSQL_TMP_DIR/openssl.out 2>&1 +--exec $OPENSSL_EXECUTABLE list -cipher-commands > $MYSQL_TMP_DIR/openssl.out 2>&1 --error 0,1,2,127 ---exec openssl list-cipher-commands >> $MYSQL_TMP_DIR/openssl.out 2>&1 +--exec $OPENSSL_EXECUTABLE list-cipher-commands >> $MYSQL_TMP_DIR/openssl.out 2>&1 --perl use strict; diff --git a/mysql-test/include/ssl_cache.inc b/mysql-test/include/ssl_cache.inc index b977e14884f2..4c45d1a990f6 100644 --- a/mysql-test/include/ssl_cache.inc +++ b/mysql-test/include/ssl_cache.inc @@ -1,7 +1,6 @@ --echo # --echo # WL#13075: Support TLS session reuse in the C API version independent part --echo # ---source include/have_openssl_binary.inc # ==== Purpose ==== # @@ -102,7 +101,7 @@ exec $MYSQL --tls-version=$tls_version --ssl-mode=required -e "ssl_session_data_ source include/assert_grep.inc; --echo # openssl sess_id should be able to parse the file -exec openssl sess_id -in $session_file -inform PEM -noout -text > $out_file 2>&1; +exec $OPENSSL_EXECUTABLE sess_id -in $session_file -inform PEM -noout -text > $out_file 2>&1; --let $assert_file=$out_file --let $assert_text=Checking if session file is PEM format --let $assert_select=Protocol[\ \t]*\:[\ \t]*TLSv1\. diff --git a/mysql-test/include/test_ssl_verify_identity.inc b/mysql-test/include/test_ssl_verify_identity.inc index 6fc95274eef0..0574bc1485df 100644 --- a/mysql-test/include/test_ssl_verify_identity.inc +++ b/mysql-test/include/test_ssl_verify_identity.inc @@ -34,7 +34,6 @@ # Note that these test cases are written keeping in mind that the openssl version used by the system will # be 1.0.2+. For older versions of openssl, the test will be skipped. ---source include/have_openssl_binary.inc --source include/check_openssl_version.inc --echo ### Trying to connect with ssl-mode as DISABLED. This should establish an unencrypted connection. diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 2a3c1c586b92..bffc37188ea6 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -327,6 +327,7 @@ our $exe_mysql_keyring_encryption_test; our $exe_mysqladmin; our $exe_mysqltest; +our $exe_openssl; our $glob_mysql_test_dir; our $mysql_version_extra; our $mysql_version_id; @@ -2674,6 +2675,31 @@ () [ "runtime_output_directory", "libexec", "sbin", "bin" ], "mysql_keyring_encryption_test"); + # For custom OpenSSL builds, look for the my_openssl executable. + $exe_openssl = + my_find_bin($bindir, + [ "runtime_output_directory", "bin" ], + "my_openssl", NOT_REQUIRED); + # For system OpenSSL builds, use openssl found in PATH: + if (!$exe_openssl) { + if (IS_MAC) { + # We use homebrew, rather than macOS SSL. + # TODO(tdidriks) add an option to mysqltest to see whether we are using + # openssl@1.1 or openssl@3 + my $machine_hw_name = `uname -m`; + if ($machine_hw_name =~ "arm64") { + $exe_openssl = "/opt/homebrew/opt/" . "openssl\@1.1" . "/bin/openssl"; + } else { + $exe_openssl = "/usr/local/opt/" . "openssl\@1.1" . "/bin/openssl"; + } + } else { + # We could use File::Which('openssl'), + # but we don't need to know the actual path. + $exe_openssl = 'openssl'; + } + } + mtr_verbose("openssl is $exe_openssl"); + if ($ndbcluster_enabled) { # Look for single threaded NDB $exe_ndbd = @@ -3207,6 +3233,7 @@ sub environment_setup { client_arguments_no_grp_suffix("mysql_config_editor"); $ENV{'MYSQL_SECURE_INSTALLATION'} = "$path_client_bindir/mysql_secure_installation"; + $ENV{'OPENSSL_EXECUTABLE'} = $exe_openssl; my $exe_mysqld = find_mysqld($basedir); $ENV{'MYSQLD'} = $exe_mysqld; diff --git a/mysql-test/suite/auth_sec/t/mysql_ssl_rsa_setup.test b/mysql-test/suite/auth_sec/t/mysql_ssl_rsa_setup.test index 5f6f369de72d..b9ad786b0040 100644 --- a/mysql-test/suite/auth_sec/t/mysql_ssl_rsa_setup.test +++ b/mysql-test/suite/auth_sec/t/mysql_ssl_rsa_setup.test @@ -1,4 +1,3 @@ ---source include/have_openssl_binary.inc # Save the initial number of concurrent sessions --source include/count_sessions.inc diff --git a/mysql-test/suite/auth_sec/t/openssl_cert_generation_subject.test b/mysql-test/suite/auth_sec/t/openssl_cert_generation_subject.test index 5015d124c3fe..2c381e2dc6da 100644 --- a/mysql-test/suite/auth_sec/t/openssl_cert_generation_subject.test +++ b/mysql-test/suite/auth_sec/t/openssl_cert_generation_subject.test @@ -1,5 +1,3 @@ ---source include/have_openssl_binary.inc - -- echo # -- echo # Bug#21087159 : AUTO-GENERATED SSL CERTS HAVE NO CN -- echo # @@ -45,9 +43,9 @@ let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect; --echo # Restart completed. # Fetch subjects from X509 certificates ---exec openssl x509 -in $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem -noout -subject > $X509_SUBJECT_LOG ---exec openssl x509 -in $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem -noout -subject >> $X509_SUBJECT_LOG ---exec openssl x509 -in $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem -noout -subject >> $X509_SUBJECT_LOG +--exec $OPENSSL_EXECUTABLE x509 -in $MYSQLTEST_VARDIR/mysqld.1/data/ca.pem -noout -subject > $X509_SUBJECT_LOG +--exec $OPENSSL_EXECUTABLE x509 -in $MYSQLTEST_VARDIR/mysqld.1/data/server-cert.pem -noout -subject >> $X509_SUBJECT_LOG +--exec $OPENSSL_EXECUTABLE x509 -in $MYSQLTEST_VARDIR/mysqld.1/data/client-cert.pem -noout -subject >> $X509_SUBJECT_LOG perl; use strict; diff --git a/mysql-test/suite/innodb/t/ibd2sdi.test b/mysql-test/suite/innodb/t/ibd2sdi.test index d9357890024c..9ce85946b686 100644 --- a/mysql-test/suite/innodb/t/ibd2sdi.test +++ b/mysql-test/suite/innodb/t/ibd2sdi.test @@ -1,5 +1,3 @@ ---source include/have_openssl_binary.inc - --echo # --echo # Bug#25738491 - IBD2SDI TOOL CAN HAVE BETTER VALIDATION OF FILE FORMATS --echo # diff --git a/mysql-test/suite/x/t/ssl_verify_identity.test b/mysql-test/suite/x/t/ssl_verify_identity.test index 5a54eb4917c7..d5fba99c6a5d 100644 --- a/mysql-test/suite/x/t/ssl_verify_identity.test +++ b/mysql-test/suite/x/t/ssl_verify_identity.test @@ -12,7 +12,6 @@ # be 1.0.2+. For older versions of openssl, the test will be skipped. --source include/allowed_ciphers.inc ---source include/have_openssl_binary.inc --source include/check_openssl_version.inc --source include/xplugin_preamble.inc --source include/xplugin_create_user.inc diff --git a/mysql-test/t/mysqlpump_basic_zlib.test b/mysql-test/t/mysqlpump_basic_zlib.test index f984c5911f2d..653f80e404a4 100644 --- a/mysql-test/t/mysqlpump_basic_zlib.test +++ b/mysql-test/t/mysqlpump_basic_zlib.test @@ -56,7 +56,7 @@ if ($ZLIB_DECOMPRESS) if (!$ZLIB_DECOMPRESS) { ---exec openssl zlib -d < $MYSQLTEST_VARDIR/tmp/bug21644479_zlib.zlib > $MYSQLTEST_VARDIR/tmp/bug21644479_zlib.sql +--exec $OPENSSL_EXECUTABLE zlib -d < $MYSQLTEST_VARDIR/tmp/bug21644479_zlib.zlib > $MYSQLTEST_VARDIR/tmp/bug21644479_zlib.sql } DROP DATABASE bug21644479_zlib; diff --git a/mysql-test/t/ssl_cache.test b/mysql-test/t/ssl_cache.test index 080d1592292b..2edcabd99ff1 100644 --- a/mysql-test/t/ssl_cache.test +++ b/mysql-test/t/ssl_cache.test @@ -1,6 +1,6 @@ # openssl 1.0.x behaves differently wrt sending session tickets. # this file is for openssl 1.1.x (that has TLS1.3) ---let $openssl_binary_version = 1.1.* +--let $openssl_binary_version = 1\\.1.* source include/have_openssl_binary_version.inc; source include/have_tlsv13.inc; diff --git a/mysql-test/t/ssl_cache_openssl1_0.test b/mysql-test/t/ssl_cache_openssl1_0.test index 9f5831fa5ee3..7085c9578d84 100644 --- a/mysql-test/t/ssl_cache_openssl1_0.test +++ b/mysql-test/t/ssl_cache_openssl1_0.test @@ -1,6 +1,6 @@ # openssl 1.0.x behaves differently wrt sending session tickets. # this file is for openssl 1.0.x (that doesn't have TLS1.3) ---let $openssl_binary_version = 1.0.* +--let $openssl_binary_version = 1\\.0.* source include/have_openssl_binary_version.inc; source include/not_tlsv13.inc; diff --git a/mysql-test/t/ssl_cache_tls13.test b/mysql-test/t/ssl_cache_tls13.test index 719683e3de90..00303f44fbff 100644 --- a/mysql-test/t/ssl_cache_tls13.test +++ b/mysql-test/t/ssl_cache_tls13.test @@ -1,7 +1,7 @@ --echo # --echo # WL#13075: Support TLS session reuse in the C API TLS v1.3 --echo # ---let $openssl_binary_version = 1.1.* +--let $openssl_binary_version = 1\\.1.* source include/have_openssl_binary_version.inc; source include/have_tlsv13.inc; diff --git a/mysql-test/t/ssl_verify_identity.test b/mysql-test/t/ssl_verify_identity.test index 436b784f35db..411fb5d7541b 100644 --- a/mysql-test/t/ssl_verify_identity.test +++ b/mysql-test/t/ssl_verify_identity.test @@ -11,7 +11,6 @@ # Note that these test cases are written keeping in mind that the openssl version used by the system will # be 1.0.2+. For older versions of openssl, the test will be skipped. ---source include/have_openssl_binary.inc --source include/check_openssl_version.inc --source include/allowed_ciphers.inc diff --git a/packaging/rpm-oel/mysql.spec.in b/packaging/rpm-oel/mysql.spec.in index 993414c54a18..4a030843186d 100644 --- a/packaging/rpm-oel/mysql.spec.in +++ b/packaging/rpm-oel/mysql.spec.in @@ -1438,6 +1438,7 @@ fi %attr(644, root, root) %{_sysconfdir}/ld.so.conf.d/mysql-%{_arch}.conf %{_libdir}/mysql/libmysqlclient.so.21* %if 0%{?ssl_bundled} +%attr(755, root, root) %{_bindir}/my_openssl %attr(755, root, root) %{_libdir}/mysql/private/libssl.so %attr(755, root, root) %{_libdir}/mysql/private/libssl.so.1.1 %attr(755, root, root) %{_libdir}/mysql/private/libcrypto.so