You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/08/01 21:35:49 UTC
svn commit: r1615209 - in /tomcat/trunk:
java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Author: markt
Date: Fri Aug 1 19:35:49 2014
New Revision: 1615209
URL: http://svn.apache.org/r1615209
Log:
Fix COMPLEMENTOFDEFAULT alias
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java?rev=1615209&r1=1615208&r2=1615209&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java Fri Aug 1 19:35:49 2014
@@ -457,8 +457,10 @@ public class OpenSSLCipherConfigurationP
initialized = true;
// Despite what the OpenSSL docs say, DEFAULT also excludes SSLv2
addListAlias(DEFAULT, parse("ALL:!eNULL:!aNULL:!SSLv2"));
- LinkedHashSet<Cipher> complementOfDefault = new LinkedHashSet<>(all);
- complementOfDefault.removeAll(aliases.get(DEFAULT));
+ // COMPLEMENTOFDEFAULT is also not exactly as defined by the docs
+ Set<Cipher> complementOfDefault = filterByKeyExchange(all, new HashSet<>(Arrays.asList(KeyExchange.EDH,KeyExchange.EECDH)));
+ complementOfDefault = filterByAuthentication(complementOfDefault, Collections.singleton(Authentication.aNULL));
+ complementOfDefault.removeAll(aliases.get(eNULL));
addListAlias(COMPLEMENTOFDEFAULT, complementOfDefault);
}
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615209&r1=1615208&r2=1615209&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java Fri Aug 1 19:35:49 2014
@@ -38,9 +38,7 @@ public class TestOpenSSLCipherConfigurat
}
- // TODO
@Test
- @Ignore("Currently fails - needs investigation")
public void testCOMPLEMENTOFDEFAULT() throws Exception {
testSpecification("COMPLEMENTOFDEFAULT");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org