[ https://issues.apache.org/jira/browse/SOLR-9028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hoss Man updated SOLR-9028: --------------------------- Attachment: SOLR-9028.patch Here's my current in progress patch (summary of chagnes below). Feedback on the changes/tests or suggestions for additional tests i haven't thought of yet would be appreciated. In particular: I would really love it if someone on OSX could run the new and improved TestMiniSolrCloudClusterSSL and let me know if it passes for you -- clientAuth randomization in SolrTestCaseJ4 has been completley disabled on OSX for a long time due to some consistent failures that no one ever got to the bottom of, and I'm wondering if it was a JVM bug that's still a problem with modern JVMs and/or if my changes to SSLTestConfig resolved whatever the underlying problem is (if not, i have another avenue to explore - see nocommit in SolrTestCaseJ4) ---- In this patch... * SSLConfig ** jdocs that clientAuth and all other settings are ignored unless useSSL is true ** fix createContextFactory to pay attention to clientAuth setting & only use trustStore when it's set ** fix Boolean.getBoolean usage * SSLTestConfig ** some refacotring & jdocs ** fix bug when building test *client* SSL Context *** trust store & keystore have to be swapped from clients perspective * SolrTestCaseJ4 ** make clientAuth randomization more likely * TestMiniSolrCloudClusterSSL ** don't rely on random sslConfig, test explicit SSL scenerios w/distinct test clusters ** add sanity check asserts of things like baseURL when we expect to be using SSL ** assert no false positives when requiring clientAuth by doing a HEAD request from a client w/o any client certs > fix bugs in (add sanity checks for) SSL clientAuth testing > ---------------------------------------------------------- > > Key: SOLR-9028 > URL: https://issues.apache.org/jira/browse/SOLR-9028 > Project: Solr > Issue Type: Bug > Reporter: Hoss Man > Attachments: SOLR-9028.patch > > > While looking into SOLR-8970 i realized there was a whole heap of problems > with how clientAuth was being handled in tests. Notably: it wasn't actaully > being used when the randomization selects it (aparently due to a copy/paste > mistake in SOLR-7166). But there are few other misc issues (improper usage > of sysprops overrides for tests, missuage of keystore/truststore in test > clients, etc..) > I'm working up a patch to fix all of this, and add some much needed tests to > *explicitly* verify both SSL and clientAuth that will include some "false > positive" verifications, and some "test the test" checks. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org