|
48 | 48 | import sys |
49 | 49 |
|
50 | 50 | import tests |
| 51 | +if tests.SSL_AVAILABLE: |
| 52 | + import ssl |
| 53 | + |
51 | 54 | from tests import foreach_cnx, cnx_config |
52 | 55 | from . import PY2 |
53 | 56 | from mysql.connector import (connection, cursor, conversion, protocol, |
|
64 | 67 | CMySQLConnection = None |
65 | 68 |
|
66 | 69 | ERR_NO_CEXT = "C Extension not available" |
| 70 | +if tests.SSL_AVAILABLE: |
| 71 | + TLS_VERSIONS = {"TLSv1": ssl.PROTOCOL_TLSv1, |
| 72 | + "TLSv1.1": ssl.PROTOCOL_TLSv1_1, |
| 73 | + "TLSv1.2": ssl.PROTOCOL_TLSv1_2} |
67 | 74 |
|
68 | 75 |
|
69 | 76 | @unittest.skipIf(tests.MYSQL_VERSION == (5, 7, 4), |
@@ -4486,7 +4493,8 @@ def test_pool_exhaustion(self): |
4486 | 4493 | self.mysql_server.stop() |
4487 | 4494 | self.mysql_server.wait_down() |
4488 | 4495 | cur.execute(sql) |
4489 | | - except mysql.connector.errors.OperationalError: |
| 4496 | + except (mysql.connector.errors.OperationalError, |
| 4497 | + mysql.connector.errors.ProgrammingError): |
4490 | 4498 | try: |
4491 | 4499 | cur.close() |
4492 | 4500 | cnx.close() |
@@ -4932,3 +4940,83 @@ def test_cursor_prepared_statement_with_charset_utf8(self): |
4932 | 4940 | @foreach_cnx() |
4933 | 4941 | def test_cursor_prepared_statement_with_charset_latin1(self): |
4934 | 4942 | self._test_charset('latin1', [u'ñ', u'Ñ']) |
| 4943 | + |
| 4944 | + |
| 4945 | +@unittest.skipIf(tests.MYSQL_VERSION < (5, 7, 21), |
| 4946 | + "Not support for TLSv1.2 or not available by default") |
| 4947 | +class Bug26484601(tests.MySQLConnectorTests): |
| 4948 | + """UNABLE TO CONNECT TO A MYSQL SERVER USING TLSV1.2""" |
| 4949 | + |
| 4950 | + def try_connect(self, tls_version, expected_ssl_version): |
| 4951 | + config = tests.get_mysql_config().copy() |
| 4952 | + config['ssl_version'] = tls_version |
| 4953 | + config['ssl_ca'] = '' |
| 4954 | + cnx = connection.MySQLConnection(**config) |
| 4955 | + query = "SHOW STATUS LIKE 'ssl_version%'" |
| 4956 | + cur = cnx.cursor() |
| 4957 | + cur.execute(query) |
| 4958 | + res = cur.fetchall() |
| 4959 | + msg = ("Not using the expected TLS version: {}, instead the " |
| 4960 | + "connection used: {}.") |
| 4961 | + self.assertEqual(res[0][1], expected_ssl_version, |
| 4962 | + msg.format(expected_ssl_version, res)) |
| 4963 | + |
| 4964 | + def test_get_connection_using_given_TLS_version(self): |
| 4965 | + """Test connect using the given TLS version |
| 4966 | +
|
| 4967 | + The system variable tls_version determines which protocols the |
| 4968 | + server is permitted to use from those that are available (note#3). |
| 4969 | + +---------------+-----------------------+ |
| 4970 | + | Variable_name | Value | |
| 4971 | + +---------------+-----------------------+ |
| 4972 | + | tls_version | TLSv1,TLSv1.1,TLSv1.2 | |
| 4973 | + +---------------+-----------------------+ |
| 4974 | +
|
| 4975 | + To restrict and permit only connections with a specific version, the |
| 4976 | + variable can be set with those specific versions that will be allowed, |
| 4977 | + changing the configuration file. |
| 4978 | +
|
| 4979 | + [mysqld] |
| 4980 | + tls_version=TLSv1.1,TLSv1.2 |
| 4981 | +
|
| 4982 | + This test will take adventage of the fact that the connector can |
| 4983 | + request to use a defined version of TLS to test that the connector can |
| 4984 | + connect to the server using such version instead of changing the |
| 4985 | + configuration of the server that will imply the stoping and restarting |
| 4986 | + of the server incrementing the time to run the test. In addition the |
| 4987 | + test relay in the default value of the 'tls_version' variable is set to |
| 4988 | + 'TLSv1,TLSv1.1,TLSv1.2' (note#2). |
| 4989 | +
|
| 4990 | + On this test a connection will be |
| 4991 | + attempted forcing to use a determined version of TLS, (all of them |
| 4992 | + must be successfully) finally making sure that the connection was done |
| 4993 | + using the given TLS_version using the ssl.version() method (note#3). |
| 4994 | +
|
| 4995 | + Notes: |
| 4996 | + 1.- tls_version is only available on MySQL 5.7 |
| 4997 | + 2.- 5.6.39 does not support TLSv1.2 so for test will be skip. Currently |
| 4998 | + in 5.7.21 is set to default values TLSv1,TLSv1.1,TLSv1.2 same as in |
| 4999 | + 8.0.11+. This test will be only run in such versions and above. |
| 5000 | + 3.- The ssl.version() method returns the version of tls used in during |
| 5001 | + the connection, however the version returned using ssl.cipher() is |
| 5002 | + not correct on windows, only indicates the newer version supported. |
| 5003 | +
|
| 5004 | + """ |
| 5005 | + for tls_v_name, tls_version in TLS_VERSIONS.items(): |
| 5006 | + self.try_connect(tls_version, tls_v_name) |
| 5007 | + |
| 5008 | + def test_get_connection_using_servers_TLS_version(self): |
| 5009 | + """Test connect using the servers default TLS version |
| 5010 | +
|
| 5011 | + The TLS version used during the secured connection is chosen by the |
| 5012 | + server at the time the ssl handshake is made if the connector does not |
| 5013 | + specifies any specific version to use. The default value of the |
| 5014 | + ssl_version is None, however this only mean to the connector that none |
| 5015 | + specific version will be chosen by the server when the ssl handshake |
| 5016 | + occurs. |
| 5017 | + """ |
| 5018 | + # The default value for the connector 'ssl_version' is None |
| 5019 | + # For the expected version, the server will use the latest version of |
| 5020 | + # TLS available "TLSv1.2". |
| 5021 | + tls_version = None |
| 5022 | + self.try_connect(tls_version, "TLSv1.2") |
0 commit comments