You are viewing a plain text version of this content. The canonical link for it is here.

Posted to gitbox@activemq.apache.org by "brusdev (via GitHub)" <gi...@apache.org> on 2023/04/27 15:54:01 UTC

[GitHub] [activemq-artemis] brusdev commented on a diff in pull request #4441: ARTEMIS-4245 Expose web SNI settings

brusdev commented on code in PR #4441:
URL: https://github.com/apache/activemq-artemis/pull/4441#discussion_r1179376675


##########
artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java:
##########
@@ -215,11 +221,11 @@ public void testComponentStopStartBehavior() throws Exception {
       Assert.assertFalse(webServerComponent.isStarted());
    }
 
-   @Test
-   public void simpleSecureServer() throws Exception {
+   private WebServerComponent startSimpleSecureServer(String keyStorePath, String keyStorePassword, Boolean sniHostCheck) throws Exception {
       BindingDTO bindingDTO = new BindingDTO();
       bindingDTO.uri = "https://localhost:0";
       bindingDTO.keyStorePath = "./src/test/resources/server.keystore";
+      bindingDTO.setSniHostCheck(sniHostCheck);

Review Comment:
   If the test doesn't set bindingDTO.sniHostCheck the WebServerComponent behaviour depends on org.eclipse.jetty.server.SecureRequestCustomizer._sniHostCheck default value and it already changed from 9.x to 10.x



##########
artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java:
##########
@@ -283,6 +298,40 @@ public void simpleSecureServer() throws Exception {
       Assert.assertFalse(webServerComponent.isStarted());
    }
 
+
+   @Test
+   public void testSimpleSecureServerWithSniHostCheckEnabled() throws Exception {
+      testSimpleSecureServerWithSniHostCheck(true);
+   }
+
+   @Test
+   public void testSimpleSecureServerWithSniHostCheckDisabled() throws Exception {
+      testSimpleSecureServerWithSniHostCheck(false);
+   }

Review Comment:
   Maybe we should enable sniHostCheck by default because org.eclipse.jetty.server.SecureRequestCustomizer._sniHostCheck default value already changed from 9.x to 10.x



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org