You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by da...@apache.org on 2019/06/19 09:44:52 UTC
[lucene-solr] branch branch_8x updated: SOLR-12988: Skip running
tests with SSL on Java 11 to 11.0.2
This is an automated email from the ASF dual-hosted git repository.
datcm pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 64e3cc1 SOLR-12988: Skip running tests with SSL on Java 11 to 11.0.2
64e3cc1 is described below
commit 64e3cc1789bfd69c2f11caeec6c2c268239f409e
Author: Cao Manh Dat <da...@apache.org>
AuthorDate: Wed Jun 19 10:43:17 2019 +0100
SOLR-12988: Skip running tests with SSL on Java 11 to 11.0.2
---
solr/CHANGES.txt | 2 --
.../solr/cloud/TestMiniSolrCloudClusterSSL.java | 3 ++
.../apache/solr/cloud/TestSSLRandomization.java | 3 ++
.../solr/client/solrj/impl/HttpClientUtil.java | 34 ++--------------------
.../solr/client/solrj/impl/HttpClientUtilTest.java | 11 -------
.../java/org/apache/solr/util/SSLTestConfig.java | 19 ++++++++----
6 files changed, 22 insertions(+), 50 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 5d71efbd..628c589 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -126,8 +126,6 @@ Bug Fixes
CloudSolrClient to be triggered on liveNode changes. Also add Predicate<DocCollection> equivilents
for callers that don't care about liveNodes. (hossman)
-* SOLR-12988: Avoid using TLSv1.3 for HttpClient (Cao Manh Dat)
-
Other Changes
----------------------
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java b/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
index b659a1f..946f3d1 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java
@@ -85,6 +85,9 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
@Before
public void before() {
+ assumeFalse("SOLR-12988: TLSv1.3 in Java 11.0.2 or lower versions does not working correctly with HttpClient",
+ Constants.JRE_IS_MINIMUM_JAVA11 && Runtime.version().compareTo(Runtime.Version.parse("11.0.3")) < 0);
+
// undo the randomization of our super class
log.info("NOTE: This Test ignores the randomized SSL & clientAuth settings selected by base class");
HttpClientUtil.resetHttpClientBuilder(); // also resets SchemaRegistryProvider
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestSSLRandomization.java b/solr/core/src/test/org/apache/solr/cloud/TestSSLRandomization.java
index e846f73..773ddac 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestSSLRandomization.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestSSLRandomization.java
@@ -19,6 +19,7 @@ package org.apache.solr.cloud;
import java.lang.invoke.MethodHandles;
import java.util.Arrays;
+import org.apache.lucene.util.Constants;
import org.apache.solr.SolrTestCaseJ4;
import org.apache.solr.util.SSLTestConfig;
import org.apache.solr.util.RandomizeSSL;
@@ -43,6 +44,8 @@ public class TestSSLRandomization extends SolrCloudTestCase {
@BeforeClass
public static void createMiniSolrCloudCluster() throws Exception {
+ assumeFalse("SOLR-12988: TLSv1.3 in Java 11.0.2 or lower versions does not working correctly with HttpClient",
+ Constants.JRE_IS_MINIMUM_JAVA11 && Runtime.version().compareTo(Runtime.Version.parse("11.0.3")) < 0);
configureCluster(TestMiniSolrCloudClusterSSL.NUM_SERVERS).configure();
}
diff --git a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
index 7781fd3..d415f21 100644
--- a/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
+++ b/solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpClientUtil.java
@@ -19,8 +19,6 @@ package org.apache.solr.client.solrj.impl;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
-import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CopyOnWriteArrayList;
@@ -60,7 +58,6 @@ import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.protocol.HttpRequestExecutor;
import org.apache.http.ssl.SSLContexts;
-import org.apache.http.util.TextUtils;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.apache.solr.common.params.SolrParams;
import org.apache.solr.common.util.ObjectReleaseTracker;
@@ -77,8 +74,7 @@ import org.slf4j.LoggerFactory;
public class HttpClientUtil {
private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- public static final String[] SUPPORTED_SSL_PROTOCOLS = {"TLSv1.2", "TLSv1.1", "TLSv1", "DTLSv1.2", "DTLSv1.0"};
+
public static final int DEFAULT_CONNECT_TIMEOUT = 60000;
public static final int DEFAULT_SO_TIMEOUT = 600000;
public static final int DEFAULT_MAXCONNECTIONSPERHOST = 100000;
@@ -236,9 +232,7 @@ public class HttpClientUtil {
boolean sslCheckPeerName = toBooleanDefaultIfNull(
toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), true);
if (sslCheckPeerName) {
- String[] cipherSuites = split(System.getProperty("https.cipherSuites"));
- sslConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.createSystemDefault(),
- getSupportedSSLProtocols(), cipherSuites, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
+ sslConnectionSocketFactory = SSLConnectionSocketFactory.getSystemSocketFactory();
} else {
sslConnectionSocketFactory = new SSLConnectionSocketFactory(SSLContexts.createSystemDefault(),
NoopHostnameVerifier.INSTANCE);
@@ -249,30 +243,6 @@ public class HttpClientUtil {
return builder.build();
}
}
-
- static String[] getSupportedSSLProtocols() {
- String[] protocols = split(System.getProperty("https.protocols"));
- if (protocols == null) {
- return SUPPORTED_SSL_PROTOCOLS;
- }
- List<String> list = new ArrayList<>(Arrays.asList(protocols));
- list.remove("TLSv1.3");
- if (protocols.length == list.size())
- return protocols;
-
- if (list.isEmpty()) {
- throw new IllegalArgumentException("TLSv1.3 is not supported yet!");
- }
-
- return list.toArray(new String[0]);
- }
-
- private static String[] split(final String s) {
- if (TextUtils.isBlank(s)) {
- return null;
- }
- return s.split(" *, *");
- }
/**
* Creates new http client by using the provided configuration.
diff --git a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
index b5c5e3b..381e202 100644
--- a/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
+++ b/solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
@@ -67,17 +67,6 @@ public class HttpClientUtilTest extends SolrTestCase {
assertSSLHostnameVerifier(NoopHostnameVerifier.class, HttpClientUtil.getSchemaRegisteryProvider());
}
- public void testSSLConfig() {
- assertArrayEquals(HttpClientUtil.SUPPORTED_SSL_PROTOCOLS, HttpClientUtil.getSupportedSSLProtocols());
- System.setProperty("https.protocols", "TLSv1.1,TLSv1.2");
- assertArrayEquals(new String[]{"TLSv1.1","TLSv1.2"}, HttpClientUtil.getSupportedSSLProtocols());
- System.setProperty("https.protocols", "TLSv1.1,TLSv1.2,TLSv1.3");
- assertArrayEquals(new String[]{"TLSv1.1","TLSv1.2"}, HttpClientUtil.getSupportedSSLProtocols());
- System.setProperty("https.protocols", "TLSv1.3");
- expectThrows(IllegalArgumentException.class, HttpClientUtil::getSupportedSSLProtocols);
- System.clearProperty("https.protocols");
- }
-
private void assertSSLHostnameVerifier(Class<? extends HostnameVerifier> expected,
SchemaRegistryProvider provider) {
ConnectionSocketFactory socketFactory = provider.getSchemaRegistry().lookup("https");
diff --git a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
index 1f7b3d0..3539995 100644
--- a/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
+++ b/solr/test-framework/src/java/org/apache/solr/util/SSLTestConfig.java
@@ -16,7 +16,7 @@
*/
package org.apache.solr.util;
-import javax.net.ssl.SSLContext;
+import java.lang.invoke.MethodHandles;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -26,6 +26,8 @@ import java.security.SecureRandomSpi;
import java.security.UnrecoverableKeyException;
import java.util.Random;
+import javax.net.ssl.SSLContext;
+
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
@@ -35,12 +37,15 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
+import org.apache.lucene.util.Constants;
import org.apache.solr.client.solrj.embedded.SSLConfig;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.client.solrj.impl.HttpClientUtil.SchemaRegistryProvider;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* An SSLConfig that provides {@link SSLConfig} and {@link SchemaRegistryProvider} for both clients and servers
@@ -48,7 +53,7 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
* Solr test-framework classes
*/
public class SSLTestConfig {
-
+ private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private static final String TEST_KEYSTORE_BOGUSHOST_RESOURCE = "SSLTestConfig.hostname-and-ip-missmatch.keystore";
private static final String TEST_KEYSTORE_LOCALHOST_RESOURCE = "SSLTestConfig.testing.keystore";
private static final String TEST_PASSWORD = "secret";
@@ -99,6 +104,12 @@ public class SSLTestConfig {
* @see HttpClientUtil#SYS_PROP_CHECK_PEER_NAME
*/
public SSLTestConfig(boolean useSSL, boolean clientAuth, boolean checkPeerName) {
+ if (useSSL) {
+ if (Constants.JRE_IS_MINIMUM_JAVA11 && Runtime.version().compareTo(Runtime.Version.parse("11.0.3")) < 0) {
+ log.warn("SOLR-12988: TLSv1.3 in Java 11.0.2 or lower versions does not working correctly with HttpClient, disabling SSL for tests");
+ useSSL = false;
+ }
+ }
this.useSsl = useSSL;
this.clientAuth = clientAuth;
this.checkPeerName = checkPeerName;
@@ -253,9 +264,7 @@ public class SSLTestConfig {
if (checkPeerName == false) {
sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
} else {
- sslConnectionFactory = new SSLConnectionSocketFactory(sslContext,
- HttpClientUtil.SUPPORTED_SSL_PROTOCOLS,
- null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
+ sslConnectionFactory = new SSLConnectionSocketFactory(sslContext);
}
} catch (KeyManagementException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
throw new IllegalStateException("Unable to setup https scheme for HTTPClient to test SSL.", e);