You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by rj...@apache.org on 2015/05/27 17:49:56 UTC

svn commit: r1682064 - /tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Author: rjung
Date: Wed May 27 15:49:56 2015
New Revision: 1682064

URL: http://svn.apache.org/r1682064
Log:
Allow TestSsl unit test to succeed even when
tcnative was build with an old OpenSSL
(0.9.8 or 1.0.0) which we still support.

Modified:
    tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Modified: tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1682064&r1=1682063&r2=1682064&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Wed May 27 15:49:56 2015
@@ -38,8 +38,10 @@ import javax.servlet.http.HttpServletRes
 import org.apache.catalina.Context;
 import org.apache.catalina.authenticator.SSLAuthenticator;
 import org.apache.catalina.connector.Connector;
+import org.apache.catalina.core.AprLifecycleListener;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
+import org.apache.tomcat.jni.SSL;
 import org.apache.tomcat.util.descriptor.web.LoginConfig;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@@ -85,6 +87,14 @@ public final class TesterSupport {
         }
         tomcat.getConnector().setSecure(true);
         tomcat.getConnector().setProperty("SSLEnabled", "true");
+        // OpenSSL before 1.0.1 only supports TLSv1.1.
+        // Our default SSLProtocol setting "all" includes unsupported TLSv1.1 and 1.2
+        // and would produce an error during init.
+        // Trigger loading of the native library and choose old protocol
+        // if we use old OpenSSL.
+        if (AprLifecycleListener.isAprAvailable() && SSL.version() < 0x10001000L) {
+            tomcat.getConnector().setProperty("SSLProtocol", Constants.SSL_PROTO_TLSv1);
+        }
     }
 
     protected static KeyManager[] getUser1KeyManagers() throws Exception {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org