This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new bc0c17083d8 Fix TLS integration tests for use with http1
bc0c17083d8 is described below
commit bc0c17083d84a1f84d4bf6207d3e62b7b73ee49c
Author: Houston Putman <[email protected]>
AuthorDate: Mon Oct 30 13:42:35 2023 -0400
Fix TLS integration tests for use with http1
(cherry picked from commit 5482b3514aa22cdf98bbb53fa8fcb503e98d508a)
---
solr/packaging/test/test_ssl.bats | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/solr/packaging/test/test_ssl.bats
b/solr/packaging/test/test_ssl.bats
index 10266768b7e..0af57e34420 100644
--- a/solr/packaging/test/test_ssl.bats
+++ b/solr/packaging/test/test_ssl.bats
@@ -112,8 +112,8 @@ teardown() {
export SOLR_SSL_CHECK_PEER_NAME=true
# This should fail the peername check
- run ! solr api -get "https://localhost:${SOLR_PORT}/solr/test/select?q=*:*";
- assert_output --partial 'Server refused connection'
+ run ! solr api -verbose -get
"https://localhost:${SOLR_PORT}/solr/test/select?q=*:*";
+ assert_output --regexp '(No subject alternative DNS name matching localhost
found|Server refused connection)'
# Restart the server enabling the SNI hostcheck
export SOLR_SSL_CHECK_PEER_NAME=false
@@ -232,7 +232,7 @@ teardown() {
export SOLR_SECURITY_MANAGER_ENABLED=true
export SOLR_OPTS="-Djava.io.tmpdir=${test_tmp_dir}"
export SOLR_LOG_LEVEL="DEBUG"
- export SOLR_TOOL_OPTS="-Djava.io.tmpdir=${test_tmp_dir}
-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake"
+ export SOLR_TOOL_OPTS="-Djava.io.tmpdir=${test_tmp_dir}" # To debug further
use: -Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
export ssl_dir="${BATS_TEST_TMPDIR}/ssl"
export server_ssl_dir="${ssl_dir}/server"
@@ -348,8 +348,8 @@ teardown() {
export SOLR_SSL_CLIENT_KEY_STORE=
export SOLR_SSL_CLIENT_KEY_STORE_PASSWORD=
- run ! solr api -get
"https://localhost:${SOLR_PORT}/solr/test/select?q=*:*&rows=0";
- assert_output --partial 'Server refused connection'
+ run ! solr api -verbose -get
"https://localhost:${SOLR_PORT}/solr/test/select?q=*:*&rows=0";
+ assert_output --regexp '(bad_certificate|Server refused connection)'
)
)
@@ -361,8 +361,8 @@ teardown() {
# We can't check if the server has come up, because we can't connect to it,
so just wait
sleep 5
- run ! solr api -get
"https://localhost:${SOLR3_PORT}/solr/test/select?q=*:*&rows=0";
- assert_output --partial 'Server refused connection'
+ run ! solr api -verbose -get
"https://localhost:${SOLR3_PORT}/solr/test/select?q=*:*&rows=0";
+ assert_output --regexp
'(certificate_unknown|java.nio.channels.ClosedChannelException|Server refused
connection)'
}
@test "start solr with mTLS wanted" {
@@ -373,7 +373,7 @@ teardown() {
export SOLR_SECURITY_MANAGER_ENABLED=true
export SOLR_OPTS="-Djava.io.tmpdir=${test_tmp_dir}"
- export SOLR_TOOL_OPTS="-Djava.io.tmpdir=${test_tmp_dir}
-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake"
+ export SOLR_TOOL_OPTS="-Djava.io.tmpdir=${test_tmp_dir}" # To debug further
use: -Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
export ssl_dir="${BATS_TEST_TMPDIR}/ssl"
export server_ssl_dir="${ssl_dir}/server"
@@ -491,6 +491,6 @@ teardown() {
export SOLR_SSL_CLIENT_TRUST_STORE_PASSWORD=
# TLS cannot work if a truststore and keystore are not provided (either
Server or Client)
- run solr api -get
"https://localhost:${SOLR_PORT}/solr/test/select?q=*:*&rows=0";
- assert_output --partial 'Server refused connection'
+ run solr api -verbose -get
"https://localhost:${SOLR_PORT}/solr/test/select?q=*:*&rows=0";
+ assert_output --regexp '(unable to find valid certification path to
requested target|Server refused connection)'
}
