This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 40e58cbc6e Add additional check for the OpenSSL variant
40e58cbc6e is described below
commit 40e58cbc6e7524b8646fe6a151a4eb0c3195d247
Author: remm <[email protected]>
AuthorDate: Wed Oct 16 15:14:15 2024 +0200
Add additional check for the OpenSSL variant
Otherwise since this is all static, JSSE could be skipped in some cases
for example.
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 4 ++--
test/org/apache/tomcat/util/net/TestClientCert.java | 8 ++++----
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 4 ++--
test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java | 4 ++--
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 2 +-
test/org/apache/tomcat/util/net/TestSsl.java | 3 ++-
test/org/apache/tomcat/util/net/TesterSupport.java | 6 ++++++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 5 +++--
8 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index 8e15f79627..4252beec09 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -85,9 +85,9 @@ public class TestResolverSSL extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index 2ff237aac3..4659054559 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -87,9 +87,9 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -164,9 +164,9 @@ public class TestClientCert extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index d74e2e8f87..4cac01286a 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -81,7 +81,7 @@ public class TestClientCertTls13 extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow PHA",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
@@ -93,7 +93,7 @@ public class TestClientCertTls13 extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow PHA",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
int size = 32 * 1024;
diff --git a/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
b/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
index 8d87e256b2..1cf3a52e9c 100644
--- a/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
+++ b/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
@@ -120,9 +120,9 @@ public class TestCustomSslTrustManager extends
TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
TesterSupport.configureClientSsl();
diff --git a/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
b/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
index 91695b48cc..f22943aa3f 100644
--- a/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
+++ b/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
@@ -295,7 +295,7 @@ public class TestSSLHostConfigCompat extends TomcatBaseTest
{
tomcat.start();
Assume.assumeFalse("BoringSSL removes support for many ciphers",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
// Check a request can be made
ByteChunk res = getUrl("https://localhost:"; + getPort() + "/");
diff --git a/test/org/apache/tomcat/util/net/TestSsl.java
b/test/org/apache/tomcat/util/net/TestSsl.java
index 46501ddd2b..925e0a403e 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -151,7 +151,8 @@ public class TestSsl extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("BoringSSL and LibreSSL return no session id",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName())
|| OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL)
+ || TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
getUrl("https://localhost:"; + getPort() +
"/examples/servlets/servlet/HelloWorldExample");
// SSL is the only source for the requested session ID, and
SessionTrackingMode.SSL is set on examples
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index 3bbaff9c32..1552b23800 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -66,6 +66,7 @@ import
org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
import org.apache.tomcat.util.net.jsse.JSSEImplementation;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
public final class TesterSupport {
@@ -227,6 +228,11 @@ public final class TesterSupport {
Assert.assertTrue(tomcat.getConnector().setProperty("sslImplementationName",
sslImplementationName));
}
+ public static boolean isOpenSSLVariant(String sslImplementationName,
OpenSSLStatus.Name name) {
+ return
"org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation".equals(sslImplementationName)
+ && name.equals(OpenSSLStatus.getName());
+ }
+
public static void configureClientCertContext(Tomcat tomcat) {
initSsl(tomcat);
diff --git a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
index 553597c776..46f07d0ac6 100644
--- a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
+++ b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
@@ -96,7 +96,8 @@ public class TestOpenSSLConf extends TomcatBaseTest {
} else if
("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation".equals(sslImplementationName))
{
LifecycleListener listener = new OpenSSLLifecycleListener();
Assume.assumeTrue(OpenSSLLifecycleListener.isAvailable());
-
Assume.assumeFalse(Class.forName("org.apache.tomcat.util.openssl.openssl_h_Compatibility").getField("LIBRESSL").getBoolean(null));
+ Assume.assumeFalse("LibreSSL does not support OpenSSLConf",
+
Class.forName("org.apache.tomcat.util.openssl.openssl_h_Compatibility").getField("LIBRESSL").getBoolean(null));
StandardServer server = (StandardServer) tomcat.getServer();
server.addLifecycleListener(listener);
}
@@ -124,7 +125,7 @@ public class TestOpenSSLConf extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("BoringSSL does not support OpenSSLConf",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
Assert.assertEquals("Wrong SSLHostConfigCount", 1,
sslHostConfigs.length);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
