Run SSL tests with netcoreapp3.0.

bgrainger · bgrainger · commit 3262b4c51e74 · 2019-09-24T09:46:38.000-07:00
This tests TLS 1.3 support on Linux.
diff --git a/.ci/config/config.compression+ssl.json b/.ci/config/config.compression+ssl.json
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "RsaEncryption,CachingSha2Password,Tls12,UuidToBin",
+      "UnsupportedFeatures": "RsaEncryption,CachingSha2Password,Tls12,Tls13,UuidToBin",
       "MySqlBulkLoaderLocalCsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.TSV",
       "CertificatesPath": "../../../../../.ci/server/certs"
diff --git a/.ci/config/config.compression.json b/.ci/config/config.compression.json
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "Ed25519,RsaEncryption,CachingSha2Password,Tls12,UnixDomainSocket,UuidToBin",
+      "UnsupportedFeatures": "Ed25519,RsaEncryption,CachingSha2Password,Tls12,Tls13,UnixDomainSocket,UuidToBin",
       "MySqlBulkLoaderLocalCsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.TSV"
     }
diff --git a/.ci/config/config.json b/.ci/config/config.json
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "Ed25519,RsaEncryption,CachingSha2Password,Tls12,UnixDomainSocket,UuidToBin",
+      "UnsupportedFeatures": "Ed25519,RsaEncryption,CachingSha2Password,Tls12,Tls13,UnixDomainSocket,UuidToBin",
       "MySqlBulkLoaderLocalCsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.TSV"
     }
diff --git a/.ci/config/config.ssl.json b/.ci/config/config.ssl.json
@@ -4,7 +4,7 @@
       "SocketPath": "./../../../../../.ci/run/mysql/mysqld.sock",
       "PasswordlessUser": "no_password",
       "SecondaryDatabase": "testdb2",
-      "UnsupportedFeatures": "RsaEncryption,CachingSha2Password,Tls12,UuidToBin",
+      "UnsupportedFeatures": "RsaEncryption,CachingSha2Password,Tls12,Tls13,UuidToBin",
       "MySqlBulkLoaderLocalCsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.CSV",
       "MySqlBulkLoaderLocalTsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.TSV",
       "CertificatesPath": "../../../../../.ci/server/certs"
diff --git a/.ci/integration-tests-steps.yml b/.ci/integration-tests-steps.yml
@@ -27,13 +27,6 @@ steps:
     connectionString: 'server=localhost;port=3300;user id=mysqltest;password=test;database=mysqltest;ssl mode=none;DefaultCommandTimeout=3600'
     platform: 'netcoreapp2.1'
     description: 'No SSL'
-- template: 'sidebyside-test-steps.yml'
-  parameters:
-    image: ${{ parameters.image }}
-    unsupportedFeatures: ${{ parameters.unsupportedFeatures }}
-    connectionString: 'server=localhost;port=3300;user id=mysqltest;password=test;database=mysqltest;ssl mode=required;DefaultCommandTimeout=3600;certificate file=$(Build.Repository.LocalPath)/.ci/server/certs/ssl-client.pfx'
-    platform: 'netcoreapp2.1'
-    description: 'SSL'
 - task: UseDotNet@2
   displayName: 'Install .NET Core'
   inputs:
@@ -45,6 +38,13 @@ steps:
     connectionString: 'server=localhost;port=3300;user id=mysqltest;password=test;database=mysqltest;ssl mode=none;DefaultCommandTimeout=3600'
     platform: 'netcoreapp3.0'
     description: 'No SSL'
+- template: 'sidebyside-test-steps.yml'
+  parameters:
+    image: ${{ parameters.image }}
+    unsupportedFeatures: ${{ parameters.unsupportedFeatures }}
+    connectionString: 'server=localhost;port=3300;user id=mysqltest;password=test;database=mysqltest;ssl mode=required;DefaultCommandTimeout=3600;certificate file=$(Build.Repository.LocalPath)/.ci/server/certs/ssl-client.pfx'
+    platform: 'netcoreapp3.0'
+    description: 'SSL'
 - template: 'sidebyside-test-steps.yml'
   parameters:
     image: ${{ parameters.image }}
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -134,16 +134,16 @@ jobs:
     matrix:
       'MySQL 5.6':
         image: 'mysql:5.6'
-        unsupportedFeatures: 'Ed25519,Json,Sha256Password,RsaEncryption,LargePackets,CachingSha2Password,SessionTrack,Tls11,Tls12,UuidToBin'
+        unsupportedFeatures: 'Ed25519,Json,Sha256Password,RsaEncryption,LargePackets,CachingSha2Password,SessionTrack,Tls11,Tls12,Tls13,UuidToBin'
       'MySQL 5.7':
         image: 'mysql:5.7'
-        unsupportedFeatures: 'Ed25519,RsaEncryption,CachingSha2Password,Tls12,UuidToBin'
+        unsupportedFeatures: 'Ed25519,RsaEncryption,CachingSha2Password,Tls12,Tls13,UuidToBin'
       'MySQL 8.0':
         image: 'mysql:8.0'
-        unsupportedFeatures: 'Ed25519'
+        unsupportedFeatures: 'Ed25519,Tls13'
       'Percona 5.7':
         image: 'percona:5.7.22'
-        unsupportedFeatures: 'CachingSha2Password,Ed25519,UuidToBin'
+        unsupportedFeatures: 'CachingSha2Password,Ed25519,Tls13,UuidToBin'
       'MariaDB 10.2':
         image: 'mariadb:10.2'
         unsupportedFeatures: 'Ed25519,Json,Sha256Password,CachingSha2Password,RoundDateTime,UuidToBin'
diff --git a/tests/README.md b/tests/README.md
@@ -34,6 +34,8 @@ Otherwise, set the following options appropriately:
   * `Timeout`: server can cancel queries promptly (so timed tests don't time out)
   * `Tls11`: server supports TLS 1.1
   * `Tls12`: server supports TLS 1.2
+  * `Tls13`: server supports TLS 1.3
+  * `UnixDomainSocket`: server is accessible via a Unix domain socket
   * `UuidToBin`: server supports `UUID_TO_BIN` (MySQL 8.0 and later)
 
 ## Running Tests
diff --git a/tests/SideBySide/ServerFeatures.cs b/tests/SideBySide/ServerFeatures.cs
@@ -22,5 +22,6 @@ public enum ServerFeatures
 		UuidToBin = 0x2000,
 		Ed25519 = 0x4000,
 		UnixDomainSocket = 0x8000,
+		Tls13 = 0x1_0000,
 	}
 }
diff --git a/tests/SideBySide/SslTests.cs b/tests/SideBySide/SslTests.cs
@@ -1,4 +1,5 @@
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
@@ -177,6 +178,15 @@ public async Task ConnectSslTlsVersion()
 			var expectedProtocolString = expectedProtocol == SslProtocols.Tls12 ? "TLSv1.2" :
 				expectedProtocol == SslProtocols.Tls11 ? "TLSv1.1" : "TLSv1";
 
+#if NETCOREAPP3_0
+			// https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0#tls-13--openssl-111-on-linux
+			if (expectedProtocol == SslProtocols.Tls12 && AppConfig.SupportedFeatures.HasFlag(ServerFeatures.Tls13) && RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+			{
+				expectedProtocol = SslProtocols.Tls13;
+				expectedProtocolString = "TLSv1.3";
+			}
+#endif
+
 #if !BASELINE
 			Assert.Equal(expectedProtocol, connection.SslProtocol);
 #endif

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`"SocketPath": "./../../../../../.ci/run/mysql/mysqld.sock",`
`5`	`5`	`"PasswordlessUser": "no_password",`
`6`	`6`	`"SecondaryDatabase": "testdb2",`
`7`		`- "UnsupportedFeatures": "Ed25519,RsaEncryption,CachingSha2Password,Tls12,UnixDomainSocket,UuidToBin",`
	`7`	`+ "UnsupportedFeatures": "Ed25519,RsaEncryption,CachingSha2Password,Tls12,Tls13,UnixDomainSocket,UuidToBin",`
`8`	`8`	`"MySqlBulkLoaderLocalCsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.CSV",`
`9`	`9`	`"MySqlBulkLoaderLocalTsvFile": "../../../../TestData/LoadData_UTF8_BOM_Unix.TSV"`
`10`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,5 +22,6 @@ public enum ServerFeatures`
`22`	`22`	`UuidToBin = 0x2000,`
`23`	`23`	`Ed25519 = 0x4000,`
`24`	`24`	`UnixDomainSocket = 0x8000,`
	`25`	`+ Tls13 = 0x1_0000,`
`25`	`26`	`}`
`26`	`27`	`}`