svn commit: r1843404 - /tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Wed, 10 Oct 2018 01:03:01 -0700 

Author: markt
Date: Wed Oct 10 08:02:33 2018
New Revision: 1843404

URL: http://svn.apache.org/viewvc?rev=1843404&view=rev
Log:
Fix CLIENT-CERT test failures when JSSE TLSv1.3 is available.

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1843404&r1=1843403&r2=1843404&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Wed Oct 10 
08:02:33 2018
@@ -228,6 +228,14 @@ public final class TesterSupport {
     protected static void configureClientCertContext(Tomcat tomcat) {
         TesterSupport.initSsl(tomcat);
 
+        /* When running on Java 11, TLSv1.3 is enabled by default. The JSSE
+         * implementation of TLSv1.3 does not support
+         * certificateVerification="optional", a setting on which these tests
+         * depend. Therefore, force these tests to use TLSv1.2 so that they 
pass
+         * when running on TLSv1.3.
+         */
+        tomcat.getConnector().setProperty("sslEnabledProtocols", "TLSv1.2");
+
         // Need a web application with a protected and unprotected URL
         // No file system docBase required
         Context ctx = tomcat.addContext("", null);



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to