[
https://issues.apache.org/jira/browse/GEODE-8419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17180694#comment-17180694
]
ASF GitHub Bot commented on GEODE-8419:
---------------------------------------
bschuchardt commented on a change in pull request #5465:
URL: https://github.com/apache/geode/pull/5465#discussion_r473192044
##########
File path:
geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
##########
@@ -120,28 +117,14 @@ public void configureSSLEngine() {
SSLEngine engine = mock(SSLEngine.class);
when(engine.getSSLParameters()).thenReturn(parameters);
- final Object[] setProtocols = new Object[1];
- doAnswer((Answer<Void>) invocation -> {
- setProtocols[0] = invocation.getArgument(0);
- return null;
- }).when(engine).setEnabledProtocols(any(String[].class));
-
- final Object[] setCiphers = new Object[1];
- doAnswer((Answer<Void>) invocation -> {
- setCiphers[0] = invocation.getArgument(0);
- return null;
- }).when(engine).setEnabledCipherSuites(any(String[].class));
+ ArgumentCaptor<String[]> engineArgumentCaptor =
ArgumentCaptor.forClass(String[].class);
socketCreator.configureSSLEngine(engine, "somehost", 12345, true);
verify(engine).setUseClientMode(isA(Boolean.class));
verify(engine).setSSLParameters(parameters);
- verify(engine).setEnabledCipherSuites(isA(String[].class));
- assertThat(setProtocols[0]).isNotNull();
- String[] protocolStrings = (String[]) setProtocols[0];
- assertThat(protocolStrings[0].equals("someProtocol"));
- String[] cipherStrings = (String[]) setCiphers[0];
- assertThat(cipherStrings[0].equals("someCipher"));
+ verify(engine).setEnabledProtocols(engineArgumentCaptor.capture());
+ verify(engine).setEnabledCipherSuites(engineArgumentCaptor.capture());
Review comment:
The captor in this commit does capture both String[] values. The first
capture() returns the String[] with "someProtocol" and the second returns the
String[] with "someCipher". I'll add the content checks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> SSL/TLS protocol and cipher suite configuration is ignored
> ----------------------------------------------------------
>
> Key: GEODE-8419
> URL: https://issues.apache.org/jira/browse/GEODE-8419
> Project: Geode
> Issue Type: Bug
> Components: client/server, membership, security
> Affects Versions: 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0
> Reporter: Jacob Barrett
> Assignee: Bruce J Schuchardt
> Priority: Major
> Labels: pull-request-available
>
> Configuring {{ssl-protocols}} or {{ssl-ciphers}} properties, or per-component
> ssl properties, have no effect. Configuring {{ssl-protocols}} may effect the
> {{SSLContext}} selected and limit some of the protocols allowed but does not
> restrict to just the set specified in the property. The {{ssl-ciphers}}
> property does not limit cipher selection at all.
> The result is that all ciphers allowed under the match {{SSLContext}} are
> allowed and negotiated. This can result in an unintended cipher being used in
> SSL/TLS communication.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
