Author: markt
Date: Thu Feb 3 09:20:34 2011
New Revision: 1066766
URL: http://svn.apache.org/viewvc?rev=1066766&view=rev
Log:
Hmm. Can't see a way (without changing the connector code) to test SSL
renegotiation failure if the JVM supports RFC5746. Need to think about this
some more. In the meantime, get the tests working.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1066766&r1=1066765&r2=1066766&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Thu Feb 3
09:20:34 2011
@@ -69,6 +69,13 @@ public class TestSsl extends TomcatBaseT
boolean handshakeDone = false;
public void testRenegotiateFail() throws Exception {
+
+ // If RFC5746 is supported, renegotiation will always will (and will
+ // always be secure)
+ if (TesterSupport.RFC_5746_SUPPORTED) {
+ return;
+ }
+
Tomcat tomcat = getTomcatInstance();
File appDir = new File(getBuildDirectory(), "webapps/examples");
@@ -200,8 +207,10 @@ public class TestSsl extends TomcatBaseT
@Override
public void setUp() throws Exception {
- // Make sure SSL renegotiation is not disabled in the JVM
- System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
"true");
+ if (!TesterSupport.RFC_5746_SUPPORTED) {
+ // Make sure SSL renegotiation is not disabled in the JVM
+ System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
"true");
+ }
super.setUp();
}
}
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1066766&r1=1066765&r2=1066766&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Thu Feb 3
09:20:34 2011
@@ -17,14 +17,44 @@
package org.apache.tomcat.util.net;
import java.io.File;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.security.cert.X509Certificate;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.catalina.startup.Tomcat;
public final class TesterSupport {
+
+ protected static final boolean RFC_5746_SUPPORTED;
+
+ static {
+ boolean result = false;
+ SSLContext context;
+ try {
+ context = SSLContext.getInstance("TLS");
+ context.init(null, null, new SecureRandom());
+ SSLServerSocketFactory ssf = context.getServerSocketFactory();
+ String ciphers[] = ssf.getSupportedCipherSuites();
+ for (String cipher : ciphers) {
+ if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
+ result = true;
+ break;
+ }
+ }
+ } catch (NoSuchAlgorithmException e) {
+ // Assume no RFC 5746 support
+ } catch (KeyManagementException e) {
+ // Assume no RFC 5746 support
+ }
+ RFC_5746_SUPPORTED = result;
+ }
+
protected static final TrustManager[] TRUST_ALL_CERTS = new TrustManager[]
{
new X509TrustManager() {
@Override
@@ -65,4 +95,5 @@ public final class TesterSupport {
tomcat.getConnector().setSecure(true);
tomcat.getConnector().setProperty("SSLEnabled", "true");
}
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
