This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 217a192284 Fix tests when running with APR
217a192284 is described below
commit 217a19228480f1c014dec2f91fcf666ffb8ce459
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 15 17:30:24 2026 +0000
Fix tests when running with APR
Heavily based on a patch by dsoumis
---
.../tomcat/security/TestSecurity2017Ocsp.java | 4 +--
test/org/apache/tomcat/util/net/TestSsl.java | 10 ++++---
test/org/apache/tomcat/util/net/TesterSupport.java | 31 +++++++++++++---------
.../apache/tomcat/util/net/ocsp/OcspBaseTest.java | 5 ++--
4 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
b/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
index 5cd73ce7b4..3dcab42228 100644
--- a/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
+++ b/test/org/apache/tomcat/security/TestSecurity2017Ocsp.java
@@ -83,8 +83,8 @@ public class TestSecurity2017Ocsp extends OcspBaseTest {
Tomcat.addServlet(ctx, "simple", new SimpleServlet());
ctx.addServletMappingDecoded("/simple", "simple");
- // User a valid (non-revoked) server certificate
- TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_RSA_JKS,
useOpenSSLTrust);
+ // Use the default (valid, non-revoked) server certificate
+ TesterSupport.initSsl(tomcat, useOpenSSLTrust);
// Require client certificates and enable verification
SSLHostConfig sslHostConfig =
tomcat.getConnector().findSslHostConfigs()[0];
diff --git a/test/org/apache/tomcat/util/net/TestSsl.java
b/test/org/apache/tomcat/util/net/TestSsl.java
index ef87ed26e4..d4aabb0327 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -258,8 +258,9 @@ public class TestSsl extends TomcatBaseTest {
Context ctxt = tomcat.addWebapp(null, "/examples",
appDir.getAbsolutePath());
ctxt.addApplicationListener(WsContextListener.class.getName());
- TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_KEYPASS_JKS,
false,
- TesterSupport.JKS_PASS, null, TesterSupport.JKS_KEY_PASS,
null);
+ TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_KEYPASS_JKS,
TesterSupport.LOCALHOST_RSA_CERT_PEM,
+ TesterSupport.LOCALHOST_RSA_KEY_PEM, false,
TesterSupport.JKS_PASS, null, TesterSupport.JKS_KEY_PASS,
+ null);
TesterSupport.configureSSLImplementation(tomcat,
sslImplementationName, useOpenSSL);
@@ -281,8 +282,9 @@ public class TestSsl extends TomcatBaseTest {
Context ctxt = tomcat.addWebapp(null, "/examples",
appDir.getAbsolutePath());
ctxt.addApplicationListener(WsContextListener.class.getName());
- TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_KEYPASS_JKS,
false,
- null, TesterSupport.JKS_PASS_FILE, null,
TesterSupport.JKS_KEY_PASS_FILE);
+ TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_KEYPASS_JKS,
TesterSupport.LOCALHOST_RSA_CERT_PEM,
+ TesterSupport.LOCALHOST_RSA_KEY_PEM, false, null,
TesterSupport.JKS_PASS_FILE, null,
+ TesterSupport.JKS_KEY_PASS_FILE);
TesterSupport.configureSSLImplementation(tomcat,
sslImplementationName, useOpenSSL);
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index b3cda2e310..8ba01f99c8 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -103,6 +103,8 @@ public final class TesterSupport {
public static final String OCSP_RESPONDER_RSA_CERT = SSL_DIR +
"ocsp-responder-rsa-cert.pem";
public static final String OCSP_RESPONDER_RSA_KEY = SSL_DIR +
"ocsp-responder-rsa-key.pem";
public static final String LOCALHOST_CRL_RSA_JKS = SSL_DIR +
"localhost-crl-rsa.jks";
+ public static final String LOCALHOST_CRL_RSA_CERT_PEM = SSL_DIR +
"localhost-crl-rsa-cert.pem";
+ public static final String LOCALHOST_CRL_RSA_KEY_PEM = SSL_DIR +
"localhost-crl-rsa-key.pem";
public static final String CLIENT_CRL_JKS = SSL_DIR + "user2-crl.jks";
public static final String CLIENT_CRL_LONG_JKS = SSL_DIR +
"user3-crl-long.jks";
public static final boolean TLSV13_AVAILABLE;
@@ -128,17 +130,24 @@ public final class TesterSupport {
}
public static void initSsl(Tomcat tomcat) {
+ // By default, use JSSE JSSE trust
+ initSsl(tomcat, false);
+ }
+
+ public static void initSsl(Tomcat tomcat, boolean opensslTrust) {
+ // By default, use JSSE configuration
// TLS material for tests uses default password
- initSsl(tomcat, LOCALHOST_RSA_JKS, false);
+ initSsl(tomcat, LOCALHOST_RSA_JKS, LOCALHOST_RSA_CERT_PEM,
LOCALHOST_RSA_KEY_PEM, opensslTrust);
}
- public static void initSsl(Tomcat tomcat, String keystore, boolean
opensslTrust) {
+ public static void initSsl(Tomcat tomcat, String keystore, String
certifcateFile, String certificateKeyFile,
+ boolean opensslTrust) {
// TLS material for tests uses default password
- initSsl(tomcat, keystore, opensslTrust, null, null, null, null);
+ initSsl(tomcat, keystore, certifcateFile, certificateKeyFile,
opensslTrust, null, null, null, null);
}
- protected static void initSsl(Tomcat tomcat, String keystore, boolean
opensslTrust,
- String keystorePass, String keystorePassFile, String keyPass,
String keyPassFile) {
+ protected static void initSsl(Tomcat tomcat, String keystore, String
certifcateFile, String certificateKeyFile,
+ boolean opensslTrust, String keystorePass, String
keystorePassFile, String keyPass, String keyPassFile) {
Connector connector = tomcat.getConnector();
connector.setSecure(true);
@@ -161,11 +170,6 @@ public final class TesterSupport {
}
sslHostConfig.setSslProtocol("tls");
certificate.setCertificateKeystoreFile(new
File(keystore).getAbsolutePath());
- if (opensslTrust) {
- sslHostConfig.setCaCertificateFile(new
File(CA_CERT_PEM).getAbsolutePath());
- } else {
- sslHostConfig.setTruststoreFile(new
File(CA_JKS).getAbsolutePath());
- }
if (keystorePassFile != null) {
certificate.setCertificateKeystorePasswordFile(new
File(keystorePassFile).getAbsolutePath());
}
@@ -179,9 +183,12 @@ public final class TesterSupport {
certificate.setCertificateKeyPassword(keyPass);
}
} else {
- certificate.setCertificateFile(new
File(LOCALHOST_RSA_CERT_PEM).getAbsolutePath());
- certificate.setCertificateKeyFile(new
File(LOCALHOST_RSA_KEY_PEM).getAbsolutePath());
+ certificate.setCertificateFile(new
File(certifcateFile).getAbsolutePath());
+ certificate.setCertificateKeyFile(new
File(certificateKeyFile).getAbsolutePath());
+ }
+ if (opensslTrust) {
sslHostConfig.setCaCertificateFile(new
File(CA_CERT_PEM).getAbsolutePath());
+ } else {
sslHostConfig.setTruststoreFile(new
File(CA_JKS).getAbsolutePath());
}
}
diff --git a/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
b/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
index 5460a4ef06..e84ebd41ef 100644
--- a/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
+++ b/test/org/apache/tomcat/util/net/ocsp/OcspBaseTest.java
@@ -123,9 +123,10 @@ public class OcspBaseTest extends TomcatBaseTest {
ctx.addServletMappingDecoded("/simple", "simple");
if (serverCertValid) {
- TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_RSA_JKS,
useOpenSSLTrust);
+ TesterSupport.initSsl(tomcat, useOpenSSLTrust);
} else {
- TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_CRL_RSA_JKS,
useOpenSSLTrust);
+ TesterSupport.initSsl(tomcat, TesterSupport.LOCALHOST_CRL_RSA_JKS,
TesterSupport.LOCALHOST_CRL_RSA_CERT_PEM,
+ TesterSupport.LOCALHOST_CRL_RSA_KEY_PEM, useOpenSSLTrust);
}
SSLHostConfig sslHostConfig =
tomcat.getConnector().findSslHostConfigs()[0];
switch (verifyClientCert) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
