You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/10/10 08:02:33 UTC
svn commit: r1843404 -
/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Author: markt
Date: Wed Oct 10 08:02:33 2018
New Revision: 1843404
URL: http://svn.apache.org/viewvc?rev=1843404&view=rev
Log:
Fix CLIENT-CERT test failures when JSSE TLSv1.3 is available.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1843404&r1=1843403&r2=1843404&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Wed Oct 10 08:02:33 2018
@@ -228,6 +228,14 @@ public final class TesterSupport {
protected static void configureClientCertContext(Tomcat tomcat) {
TesterSupport.initSsl(tomcat);
+ /* When running on Java 11, TLSv1.3 is enabled by default. The JSSE
+ * implementation of TLSv1.3 does not support
+ * certificateVerification="optional", a setting on which these tests
+ * depend. Therefore, force these tests to use TLSv1.2 so that they pass
+ * when running on TLSv1.3.
+ */
+ tomcat.getConnector().setProperty("sslEnabledProtocols", "TLSv1.2");
+
// Need a web application with a protected and unprotected URL
// No file system docBase required
Context ctx = tomcat.addContext("", null);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org