Bug #22295186: CERTIFICATE VALIDATION BUG IN MYSQL MAY ALLOW MITM

Yashwant Sahu · Yashwant Sahu · commit d9f89fff1667 · 2016-01-11T14:44:49.000+05:30
Test fix for 5.5 and 5.6
diff --git a/mysql-test/suite/auth_sec/t/cert_verify.test b/mysql-test/suite/auth_sec/t/cert_verify.test
@@ -9,11 +9,7 @@
 let $ssl_verify_fail_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-key-verify-fail.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert-verify-fail.pem;
 let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-key=$MYSQL_TEST_DIR/std_data/server-key-verify-pass.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert-verify-pass.pem;
 
-let $tls_default= TLSv1.1;
-let $openssl= query_get_value("SHOW STATUS LIKE 'Rsa_public_key'", Variable_name, 1);
-if ($openssl == 'Rsa_public_key'){
-  let $tls_default= TLSv1.2;
-}
+let $tls_default= TLSv1;
 
 --echo #T1: Host name (/CN=localhost/) as OU name in the server certificate, server certificate verification should fail.
 --exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
