This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new fa28934ab9 Skip tests for some OpenSSL derivatives
fa28934ab9 is described below
commit fa28934ab98aa0506a0dce1addc3fc197424feaf
Author: remm <r...@apache.org>
AuthorDate: Mon Oct 7 13:30:30 2024 +0200
Skip tests for some OpenSSL derivatives
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 7 +++++++
test/org/apache/tomcat/util/net/TestClientCert.java | 12 ++++++++++++
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 7 +++++++
.../apache/tomcat/util/net/TestCustomSslTrustManager.java | 7 +++++++
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 5 +++++
test/org/apache/tomcat/util/net/TestSsl.java | 6 ++++++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 3 +++
7 files changed, 47 insertions(+)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index 0fcecf1f4b..8e15f79627 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -44,6 +44,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.TesterSupport;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@RunWith(Parameterized.class)
public class TestResolverSSL extends TomcatBaseTest {
@@ -82,6 +83,12 @@ public class TestResolverSSL extends TomcatBaseTest {
sslHostConfig.setSessionCacheSize(20 * 1024);
tomcat.start();
+
+ Assume.assumeFalse("LibreSSL does not allow renegotiation",
+ OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
System.out.println(res.toString());
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index eeabba688c..2ff237aac3 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -22,6 +22,7 @@ import java.util.Collection;
import java.util.List;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -31,6 +32,7 @@ import org.apache.catalina.Context;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -84,6 +86,11 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
+ Assume.assumeFalse("LibreSSL does not allow renegotiation",
+ OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -156,6 +163,11 @@ public class TestClientCert extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+ Assume.assumeFalse("LibreSSL does not allow renegotiation",
+ OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 5f8555b1c8..d74e2e8f87 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -79,6 +79,10 @@ public class TestClientCertTls13 extends TomcatBaseTest {
public void testClientCertGet() throws Exception {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+
+ Assume.assumeFalse("LibreSSL does not allow PHA",
+ OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
}
@@ -88,6 +92,9 @@ public class TestClientCertTls13 extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+ Assume.assumeFalse("LibreSSL does not allow PHA",
+ OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
int size = 32 * 1024;
byte[] body = new byte[size];
diff --git a/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
b/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
index 58ed008c62..92c5247654 100644
--- a/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
+++ b/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
@@ -24,6 +24,7 @@ import java.util.List;
import javax.net.ssl.SSLException;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -35,6 +36,7 @@ import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -117,6 +119,11 @@ public class TestCustomSslTrustManager extends
TomcatBaseTest {
// Start Tomcat
tomcat.start();
+ Assume.assumeFalse("LibreSSL does not allow renegotiation",
+ OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
TesterSupport.configureClientSsl();
// Unprotected resource
diff --git a/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
b/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
index 9d5c8ecbf8..14ec875c7d 100644
--- a/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
+++ b/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
@@ -22,6 +22,7 @@ import java.util.Collection;
import java.util.List;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -36,6 +37,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.StoreType;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
import org.apache.tomcat.util.net.TesterSupport.ClientSSLSocketFactory;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/*
* Tests compatibility of JSSE and OpenSSL settings.
@@ -296,6 +298,9 @@ public class TestSSLHostConfigCompat extends TomcatBaseTest
{
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+ Assume.assumeFalse("BoringSSL removes support for many ciphers",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
// Check a request can be made
ByteChunk res = getUrl("https://localhost:"; + getPort() + "/");
Assert.assertEquals("OK", res.toString());
diff --git a/test/org/apache/tomcat/util/net/TestSsl.java
b/test/org/apache/tomcat/util/net/TestSsl.java
index 004765b3d5..46501ddd2b 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -45,6 +45,7 @@ import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -63,6 +64,7 @@ import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.catalina.valves.ValveBase;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
import org.apache.tomcat.websocket.server.WsContextListener;
/**
@@ -147,6 +149,10 @@ public class TestSsl extends TomcatBaseTest {
TesterSupport.configureSSLImplementation(tomcat,
sslImplementationName, useOpenSSL);
tomcat.start();
+
+ Assume.assumeFalse("BoringSSL and LibreSSL return no session id",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName())
|| OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
getUrl("https://localhost:"; + getPort() +
"/examples/servlets/servlet/HelloWorldExample");
// SSL is the only source for the requested session ID, and
SessionTrackingMode.SSL is set on examples
Assert.assertNotNull(sessionId);
diff --git a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
index 3bd32e6956..553597c776 100644
--- a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
+++ b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
@@ -123,6 +123,9 @@ public class TestOpenSSLConf extends TomcatBaseTest {
tomcat.start();
+ Assume.assumeFalse("BoringSSL does not support OpenSSLConf",
+ OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
Assert.assertEquals("Wrong SSLHostConfigCount", 1,
sslHostConfigs.length);
return sslHostConfigs[0];
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
