This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new b30b36e746 Add additional check for the OpenSSL variant
b30b36e746 is described below
commit b30b36e74682e879da4947f820401f051628437b
Author: remm <r...@apache.org>
AuthorDate: Wed Oct 16 15:14:15 2024 +0200
Add additional check for the OpenSSL variant
Otherwise since this is all static, JSSE could be skipped in some cases
for example.
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 4 ++--
test/org/apache/tomcat/util/net/TestClientCert.java | 8 ++++----
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 4 ++--
test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java | 4 ++--
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 2 +-
test/org/apache/tomcat/util/net/TestSsl.java | 3 ++-
test/org/apache/tomcat/util/net/TesterSupport.java | 6 ++++++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 5 +++--
8 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index 7b2c7a095b..ba59cd9a59 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -85,9 +85,9 @@ public class TestResolverSSL extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index 2ff237aac3..4659054559 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -87,9 +87,9 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -164,9 +164,9 @@ public class TestClientCert extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index d74e2e8f87..4cac01286a 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -81,7 +81,7 @@ public class TestClientCertTls13 extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow PHA",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
Assert.assertEquals("OK-" + TesterSupport.ROLE, res.toString());
@@ -93,7 +93,7 @@ public class TestClientCertTls13 extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow PHA",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
int size = 32 * 1024;
diff --git a/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
b/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
index 0a7e638095..cf125af8aa 100644
--- a/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
+++ b/test/org/apache/tomcat/util/net/TestCustomSslTrustManager.java
@@ -125,9 +125,9 @@ public class TestCustomSslTrustManager extends
TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("LibreSSL does not allow renegotiation",
- OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
TesterSupport.configureClientSsl();
diff --git a/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
b/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
index 91695b48cc..f22943aa3f 100644
--- a/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
+++ b/test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java
@@ -295,7 +295,7 @@ public class TestSSLHostConfigCompat extends TomcatBaseTest
{
tomcat.start();
Assume.assumeFalse("BoringSSL removes support for many ciphers",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
// Check a request can be made
ByteChunk res = getUrl("https://localhost:"; + getPort() + "/");
diff --git a/test/org/apache/tomcat/util/net/TestSsl.java
b/test/org/apache/tomcat/util/net/TestSsl.java
index 03770e09a8..2cc75c76c4 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -150,7 +150,8 @@ public class TestSsl extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("BoringSSL and LibreSSL return no session id",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName())
|| OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL)
+ || TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.LIBRESSL));
getUrl("https://localhost:"; + getPort() +
"/examples/servlets/servlet/HelloWorldExample");
// SSL is the only source for the requested session ID, and
SessionTrackingMode.SSL is set on examples
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index 64180b54ae..5ccec9be7b 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -66,6 +66,7 @@ import
org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
import org.apache.tomcat.util.net.jsse.JSSEImplementation;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
public final class TesterSupport {
@@ -245,6 +246,11 @@ public final class TesterSupport {
return true;
}
+ public static boolean isOpenSSLVariant(String sslImplementationName,
OpenSSLStatus.Name name) {
+ return
"org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation".equals(sslImplementationName)
+ && name.equals(OpenSSLStatus.getName());
+ }
+
public static void configureClientCertContext(Tomcat tomcat) {
initSsl(tomcat);
diff --git a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
index 8539bada27..87caba7b15 100644
--- a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
+++ b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
@@ -107,7 +107,8 @@ public class TestOpenSSLConf extends TomcatBaseTest {
} else if
("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation".equals(sslImplementationName))
{
LifecycleListener listener = new OpenSSLLifecycleListener();
Assume.assumeTrue(OpenSSLLifecycleListener.isAvailable());
-
Assume.assumeFalse(Class.forName("org.apache.tomcat.util.openssl.openssl_h_Compatibility").getField("LIBRESSL").getBoolean(null));
+ Assume.assumeFalse("LibreSSL does not support OpenSSLConf",
+
Class.forName("org.apache.tomcat.util.openssl.openssl_h_Compatibility").getField("LIBRESSL").getBoolean(null));
StandardServer server = (StandardServer) tomcat.getServer();
server.addLifecycleListener(listener);
}
@@ -136,7 +137,7 @@ public class TestOpenSSLConf extends TomcatBaseTest {
tomcat.start();
Assume.assumeFalse("BoringSSL does not support OpenSSLConf",
- OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+ TesterSupport.isOpenSSLVariant(sslImplementationName,
OpenSSLStatus.Name.BORINGSSL));
sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
Assert.assertEquals("Wrong SSLHostConfigCount", 1,
sslHostConfigs.length);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
