You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/03/01 16:57:27 UTC
[tomcat] branch 7.0.x updated: Fix
https://bz.apache.org/bugzilla/show_bug.cgi?id=63194
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 14ddc76 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63194
14ddc76 is described below
commit 14ddc769bb949a269a628dd7b0dac0085d7bf46f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Mar 1 16:29:39 2019 +0000
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63194
Correct failing test when run with APR and Java 11
- Ensure Tomcat Native library is loaded
- Configure connector to require client certificates because
Java's T:S 1.3 client doesn't support post-handshake auth
- Configure a trust store when testing APR/Native
Partial fix for failing test when run with APR and Java 11
---
.../tomcat/util/net/TestClientCertTls13.java | 3 ++
test/org/apache/tomcat/util/net/TesterSupport.java | 7 ++++
test/org/apache/tomcat/util/net/ca-cert.pem | 38 ++++++++++++++++++++++
webapps/docs/changelog.xml | 9 +++++
4 files changed, 57 insertions(+)
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 69004a0..09267b2 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -75,7 +75,10 @@ public class TestClientCertTls13 extends TomcatBaseTest {
// Need to override some of the previous settings
tomcat.getConnector().setProperty("sslEnabledProtocols", Constants.SSL_PROTO_TLSv1_3);
// And add force authentication to occur on the initial handshake
+ // JSSE
tomcat.getConnector().setProperty("clientAuth", "true");
+ // OpenSSL
+ tomcat.getConnector().setProperty("SSLVerifyClient", "require");
// Force client to use TLS 1.3
TesterSupport.configureClientSsl("TLSv1.3");
}
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java b/test/org/apache/tomcat/util/net/TesterSupport.java
index 15bd416..bf271a5 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -70,6 +70,7 @@ public final class TesterSupport {
public static final String LOCALHOST_KEYPASS_JKS = RESOURCE_PATH + "localhost-copy1.jks";
public static final String JKS_PASS = "changeit";
public static final String JKS_KEY_PASS = "tomcatpass";
+ public static final String CA_CERT_PEM = RESOURCE_PATH + CA_ALIAS + "-cert.pem";
public static final String LOCALHOST_CERT_PEM = RESOURCE_PATH + "localhost-cert.pem";
public static final String LOCALHOST_KEY_PEM = RESOURCE_PATH + "localhost-key.pem";
@@ -137,6 +138,10 @@ public final class TesterSupport {
File sslCertificateKeyFile = toFile(sslCertificateKeyUrl);
tomcat.getConnector().setAttribute("SSLCertificateKeyFile",
sslCertificateKeyFile.getAbsolutePath());
+
+ java.net.URL caUrl = cl.getResource(TesterSupport.CA_CERT_PEM);
+ File caFile = toFile(caUrl);
+ tomcat.getConnector().setAttribute("SSLCACertificateFile", caFile.getAbsolutePath());
}
tomcat.getConnector().setSecure(true);
tomcat.getConnector().setProperty("SSLEnabled", "true");
@@ -411,6 +416,8 @@ public final class TesterSupport {
}
if (connector.getProtocolHandlerClassName().contains("Apr")) {
+ // Ensure Tomcat Native library is loaded
+ AprLifecycleListener.isAprAvailable();
// APR connector so OpenSSL is used for TLS.
if (SSL.version() >= 0x1010100f) {
return Constants.SSL_PROTO_TLSv1_3;
diff --git a/test/org/apache/tomcat/util/net/ca-cert.pem b/test/org/apache/tomcat/util/net/ca-cert.pem
new file mode 100644
index 0000000..e4b216e
--- /dev/null
+++ b/test/org/apache/tomcat/util/net/ca-cert.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGpzCCBI+gAwIBAgIJAL51xu6EZW62MA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCTUExEjAQBgNVBAcTCVdha2VmaWVsZDEnMCUGA1UE
+ChMeVGhlIEFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMRowGAYDVQQLExFBcGFj
+aGUgVG9tY2F0IFBNQzEeMBwGA1UEAxMVQXBhY2hlIFRvbWNhdCBUZXN0IENBMB4X
+DTE3MDgwODEwMzYzNloXDTI3MDgwNjEwMzYzNlowgZMxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJNQTESMBAGA1UEBxMJV2FrZWZpZWxkMScwJQYDVQQKEx5UaGUgQXBh
+Y2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xGjAYBgNVBAsTEUFwYWNoZSBUb21jYXQg
+UE1DMR4wHAYDVQQDExVBcGFjaGUgVG9tY2F0IFRlc3QgQ0EwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCuokXuzdQ8HToRVcL07AdxHW9WmaMpcPWb/vyQ
+dcuha+JXJ9Wu+d7fpxppeuxnjDmDCZNo0kimI7nYIEDMd3WVen75aoMZnQ7+vN/G
+ZQXxzSPz2vzTZyEETAqs7DsGwO5CK2y5sWKl57+QCz/N+xM7EwOyNkmt+7xI1eQ+
+z2sUNLRMK7abom8nm/wVftGAXIiribmTqukoxjr8dpEDg77VCy9eqe6kcil6Fvnr
+mYrJqmrwzGldUlw4jqHl1IJnJ5z281vzzQ0U5ULeiuBpDGXcOHoaH8zYxilBVpPu
+RDRBOcX17e5NouZtDTFemkJq5ns3PDt+WjJvuYNSELLBbnP+S1V6mt+MU9PsF6Td
+lVZZxxFD9hPYqAzymwJGzTKbE8juZruQswL4iftyELmLPjIsetVtXifsUNay6CfD
+r5sN6r+KLrhJWUqhii2mH1jx4cLmlf308TOc80TldvvI9cfrb596954cEE+7dlaU
+vnRbBAeVNHNHl5e68fvwpKgtvQhtg1rZ2w1foSkAyyNRkYrUZKe4ztUx9E2w9qIm
+3OkZyMcPTKYkBVahR6K1bCo69uaUrxY4NaYlPfKdJmGfio/J2WGdqLq9na4iHRyY
+pb5zKvYmH9cNpmn5V42yhmX7tjMJzUyWw8KxXpE/qEVB2wl11wNguEL8CaZy+3u0
+iaCqbQIDAQABo4H7MIH4MB0GA1UdDgQWBBQA8phNISwAPECbhPTeKvAm7jIOnzCB
+yAYDVR0jBIHAMIG9gBQA8phNISwAPECbhPTeKvAm7jIOn6GBmaSBljCBkzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAk1BMRIwEAYDVQQHEwlXYWtlZmllbGQxJzAlBgNV
+BAoTHlRoZSBBcGFjaGUgU29mdHdhcmUgRm91bmRhdGlvbjEaMBgGA1UECxMRQXBh
+Y2hlIFRvbWNhdCBQTUMxHjAcBgNVBAMTFUFwYWNoZSBUb21jYXQgVGVzdCBDQYIJ
+AL51xu6EZW62MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAJx4rzn
+rtrcic/F0keS2BSazERFmRlSOlHUsREk+6fq35h7ktnijBHsPXyLEPa5w9x5qJZf
+a2zFGiiiHqRBiX1E8JhKR6jjcX3D3VODfLomXWInHgEDcwNNcnvspG0RUX2jUh7m
+p1i1c32r1s51P0AEB4zmT6KZ7gAZThqwtkpf6FQXmKdVXQFbf8EP0+6HFpHhV4lc
+Ee4tDGJnc8X59Yzhu2rg8tF8OmNwcccTXthCH4I/4wymbw6YLg/B/V7AXH1/lui3
+B15MKabYgZOU3TeOmQ9sqFPztekEKe+sE3Mvdf90Fh4EBZCENWULGUJE9uVJuT8S
+2WVGOMmIkDlMP0t8Wnb3gMwUzhGyWp2FjzixVg8vS85ZE5wX4kGPD6nx+cAPDKrd
+j3TCdr0VHoxVoGkzvijDjf6+aNhHp87VYSOZDQh1ToNgDFHum362iXt7n+ppu3u4
+LDG3c1ztmUjgGrki+bQvnVyeYSprNWO1houo7xvZ61gWtzo1jwvcOwU0NxWtQMAg
+NLZeketZSAL2834Xhkj1tjP2HT5HffkYbg6QRWKPYk/vBUKU40VilDCXf2ieOR9A
+UtbcjjB5dRbR0CTnbwu33XeuhqobhaaAbp9gGt71WnOZpKIrkvVG3Z+YLpotRiYd
+cl3dVVqvg/CTCpwd/VOOAmW1ynLpflLR8rH/
+-----END CERTIFICATE-----
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6a76bbc..8eea83a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -59,6 +59,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 7.0.94 (violetagg)">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ <bug>63194</bug>: Fix failing unit test so TLS1.3 client authentication
+ tests work correctly when using Java 11 onwards and the APR/Native
+ connector. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 7.0.93 (violetagg)" rtext="released 2019-02-21">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org