Author: markt
Date: Tue Dec 18 20:11:13 2018
New Revision: 1849222
URL: http://svn.apache.org/viewvc?rev=1849222&view=rev
Log:
More work required to get the TLS tests to play nicely with Java 7 through 11
(and hopefully beyond)
Modified:
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
Modified:
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1849222&r1=1849221&r2=1849222&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
(original)
+++ tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Tue
Dec 18 20:11:13 2018
@@ -53,6 +53,7 @@ import org.apache.catalina.startup.Tomca
import org.apache.tomcat.jni.Library;
import org.apache.tomcat.jni.LibraryNotFoundError;
import org.apache.tomcat.jni.SSL;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.compat.TLS;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
@@ -238,10 +239,16 @@ public final class TesterSupport {
/* When running on Java 11, TLSv1.3 is enabled by default. The JSSE
* implementation of TLSv1.3 does not support
* certificateVerification="optional", a setting on which these tests
- * depend. Therefore, force these tests to use TLSv1.2 so that they
pass
- * when running on TLSv1.3.
+ * depend.
+ * Java 7 does not enable TLSv1.1 or TLS1.2 by default
+ *
+ * Ensure these tests pass with all JREs from Java 7 onwards.
*/
- tomcat.getConnector().setProperty("sslEnabledProtocols",
Constants.SSL_PROTO_TLSv1_2);
+ if (JreCompat.isJre8Available()) {
+ tomcat.getConnector().setProperty("sslEnabledProtocols",
Constants.SSL_PROTO_TLSv1_2);
+ } else {
+ tomcat.getConnector().setProperty("sslEnabledProtocols",
Constants.SSL_PROTO_TLSv1);
+ }
// Need a web application with a protected and unprotected URL
// No file system docBase required
Modified:
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java?rev=1849222&r1=1849221&r2=1849222&view=diff
==============================================================================
---
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
(original)
+++
tomcat/tc8.5.x/trunk/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
Tue Dec 18 20:11:13 2018
@@ -16,6 +16,7 @@
*/
package org.apache.tomcat.util.net.jsse;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
@@ -32,7 +33,11 @@ public class TesterBug50640SslImpl exten
SSLHostConfig sslHostConfig = certificate.getSSLHostConfig();
if (sslHostConfig.getProtocols().size() == 1 &&
sslHostConfig.getProtocols().contains(PROPERTY_VALUE)) {
- sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1_2);
+ if (JreCompat.isJre8Available()) {
+ sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1_2);
+ } else {
+ sslHostConfig.setProtocols(Constants.SSL_PROTO_TLSv1);
+ }
return super.getSSLUtil(certificate);
} else {
return null;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
