[
https://issues.apache.org/jira/browse/SOLR-9028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hoss Man updated SOLR-9028:
---------------------------
Attachment: SOLR-9028.patch
Here's my current in progress patch (summary of chagnes below). Feedback on
the changes/tests or suggestions for additional tests i haven't thought of yet
would be appreciated.
In particular: I would really love it if someone on OSX could run the new and
improved TestMiniSolrCloudClusterSSL and let me know if it passes for you --
clientAuth randomization in SolrTestCaseJ4 has been completley disabled on OSX
for a long time due to some consistent failures that no one ever got to the
bottom of, and I'm wondering if it was a JVM bug that's still a problem with
modern JVMs and/or if my changes to SSLTestConfig resolved whatever the
underlying problem is (if not, i have another avenue to explore - see nocommit
in SolrTestCaseJ4)
----
In this patch...
* SSLConfig
** jdocs that clientAuth and all other settings are ignored unless useSSL is
true
** fix createContextFactory to pay attention to clientAuth setting & only use
trustStore when it's set
** fix Boolean.getBoolean usage
* SSLTestConfig
** some refacotring & jdocs
** fix bug when building test *client* SSL Context
*** trust store & keystore have to be swapped from clients perspective
* SolrTestCaseJ4
** make clientAuth randomization more likely
* TestMiniSolrCloudClusterSSL
** don't rely on random sslConfig, test explicit SSL scenerios w/distinct test
clusters
** add sanity check asserts of things like baseURL when we expect to be using
SSL
** assert no false positives when requiring clientAuth by doing a HEAD request
from a client w/o any client certs
> fix bugs in (add sanity checks for) SSL clientAuth testing
> ----------------------------------------------------------
>
> Key: SOLR-9028
> URL: https://issues.apache.org/jira/browse/SOLR-9028
> Project: Solr
> Issue Type: Bug
> Reporter: Hoss Man
> Attachments: SOLR-9028.patch
>
>
> While looking into SOLR-8970 i realized there was a whole heap of problems
> with how clientAuth was being handled in tests. Notably: it wasn't actaully
> being used when the randomization selects it (aparently due to a copy/paste
> mistake in SOLR-7166). But there are few other misc issues (improper usage
> of sysprops overrides for tests, missuage of keystore/truststore in test
> clients, etc..)
> I'm working up a patch to fix all of this, and add some much needed tests to
> *explicitly* verify both SSL and clientAuth that will include some "false
> positive" verifications, and some "test the test" checks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
