(tomcat) branch 11.0.x updated: Add test for OCSP enabled/disabled default

Tue, 13 Jan 2026 08:27:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new 334190980b Add test for OCSP enabled/disabled default
334190980b is described below

commit 334190980be9717440ae5d99b61eafc72134d49f
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Dec 17 17:37:06 2025 +0000

    Add test for OCSP enabled/disabled default
---
 test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java    | 4 ++++
 test/org/apache/tomcat/util/net/ocsp/TestOcspEnabled.java | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java 
b/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
index cf6a171ceb..7a9c133021 100644
--- a/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
+++ b/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
@@ -125,6 +125,9 @@ public class OcspBaseTest extends TomcatBaseTest {
         }
         SSLHostConfig sslHostConfig = 
tomcat.getConnector().findSslHostConfigs()[0];
         switch (verifyClientCert) {
+            case DEFAULT:
+                sslHostConfig.setCertificateVerification("required");
+                break;
             case DISABLED:
                 sslHostConfig.setOcspEnabled(false);
                 sslHostConfig.setCertificateVerification("required");
@@ -170,6 +173,7 @@ public class OcspBaseTest extends TomcatBaseTest {
 
 
     protected enum ClientCertificateVerification {
+        DEFAULT,
         ENABLED,
         OPTIONAL_NO_CA,
         DISABLED
diff --git a/test/org/apache/tomcat/util/net/ocsp/TestOcspEnabled.java 
b/test/org/apache/tomcat/util/net/ocsp/TestOcspEnabled.java
index c6a785a017..13e0898e9a 100644
--- a/test/org/apache/tomcat/util/net/ocsp/TestOcspEnabled.java
+++ b/test/org/apache/tomcat/util/net/ocsp/TestOcspEnabled.java
@@ -50,6 +50,11 @@ public class TestOcspEnabled extends OcspBaseTest {
         doTest(false, false, ClientCertificateVerification.DISABLED, false);
     }
 
+    @Test
+    public void testRevokedClientRevokedServerVerifyClientDefault() throws 
Exception {
+        doTest(false, false, ClientCertificateVerification.DEFAULT, false);
+    }
+
     @Test(expected = SSLHandshakeException.class)
     public void testRevokedClientRevokedServerVerifyServer() throws Exception {
         doTest(false, false, ClientCertificateVerification.DISABLED, true);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to