Use libmariadb as updated for server redirection, and fix tests

The updated libmariadb parses the `ER_SERVER_REDIRECT` error packets (with the message component formatted as `|Human-readable message|value of SERVER_REDIRECT_TARGET system variable`) and reconnects accordingly. The updated libmariadb also includes fixes for https://jira.mariadb.org/browse/CONC-648 and https://jira.mariadb.org/browse/MDEV-28634 (the latter is indeed a Connector/C issue, despite its categorization in MDEV rather than CONC). Due to the fix for https://jira.mariadb.org/browse/MDEV-28634, the `mariadb` CLI now (correctly!) fails to connect when `mariadb --ssl` is specified, but the server doesn't support SSL. The results of the test `main.ssl_7937` are updated to reflect this. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
MariaDB · Jun 28, 2023 · 621bf77 · 621bf77
1 parent 8664e12
commit 621bf77
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/libmariadb b/libmariadb
diff --git a/mysql-test/main/ssl_7937,nossl.result b/mysql-test/main/ssl_7937,nossl.result
@@ -3,15 +3,13 @@ select if(variable_value > '','yes','no') as 'have_ssl'
   from information_schema.session_status
 where variable_name='ssl_cipher';
 mysql --ssl-ca=cacert.pem -e "call test.have_ssl()"
-have_ssl
-no
+ERROR 2026 (HY000): Client requires TLS/SSL, but the server does not support it
 mysql --ssl -e "call test.have_ssl()"
-have_ssl
-no
+ERROR 2026 (HY000): Client requires TLS/SSL, but the server does not support it
 mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
-ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it
+ERROR 2026 (HY000): Client requires TLS/SSL, but the server does not support it
 mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
-ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it
+ERROR 2026 (HY000): Client requires TLS/SSL, but the server does not support it
 #
 # MDEV-27105 --ssl option set as default for mariadb CLI
 #

diff --git a/mysql-test/main/ssl_7937.test b/mysql-test/main/ssl_7937.test
@@ -20,6 +20,13 @@ create procedure have_ssl()
 --echo mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
 
+# The replace_regex below replaces
+# "self signed certificate in certificate chain" with "Failed to verify the server certificate"
+#
+# This replacement was added in 6484288cd260cc9ad34d93a35502e66c034f01a7, and it
+# is intended to paper over a difference between various versions of OpenSSL (and its derivatives)
+# in terms of exactly what error message is printed in case of a TLS error caused by a
+# self-signed certificate.
 --echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
 --replace_regex /TLS\/SSL error.*certificate[^\n]*/TLS\/SSL error: Failed to verify the server certificate/
 --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1