You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2015/05/27 17:49:56 UTC
svn commit: r1682064 -
/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Author: rjung
Date: Wed May 27 15:49:56 2015
New Revision: 1682064
URL: http://svn.apache.org/r1682064
Log:
Allow TestSsl unit test to succeed even when
tcnative was build with an old OpenSSL
(0.9.8 or 1.0.0) which we still support.
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1682064&r1=1682063&r2=1682064&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Wed May 27 15:49:56 2015
@@ -38,8 +38,10 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.Context;
import org.apache.catalina.authenticator.SSLAuthenticator;
import org.apache.catalina.connector.Connector;
+import org.apache.catalina.core.AprLifecycleListener;
import org.apache.catalina.startup.TesterMapRealm;
import org.apache.catalina.startup.Tomcat;
+import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@@ -85,6 +87,14 @@ public final class TesterSupport {
}
tomcat.getConnector().setSecure(true);
tomcat.getConnector().setProperty("SSLEnabled", "true");
+ // OpenSSL before 1.0.1 only supports TLSv1.1.
+ // Our default SSLProtocol setting "all" includes unsupported TLSv1.1 and 1.2
+ // and would produce an error during init.
+ // Trigger loading of the native library and choose old protocol
+ // if we use old OpenSSL.
+ if (AprLifecycleListener.isAprAvailable() && SSL.version() < 0x10001000L) {
+ tomcat.getConnector().setProperty("SSLProtocol", Constants.SSL_PROTO_TLSv1);
+ }
}
protected static KeyManager[] getUser1KeyManagers() throws Exception {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org