You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/02/18 18:38:46 UTC

cxf git commit: Fixing test failure with Jetty 9

Repository: cxf
Updated Branches:
  refs/heads/master 33083c068 -> 504b42708


Fixing test failure with Jetty 9


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/504b4270
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/504b4270
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/504b4270

Branch: refs/heads/master
Commit: 504b427081cfc2213ce0a5c050b16af67ca7ff46
Parents: 33083c0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 18 17:38:18 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 18 17:38:18 2015 +0000

----------------------------------------------------------------------
 .../http_jetty/JettyHTTPServerEngine.java       | 26 ++++++++++++++------
 .../cxf/systest/https/ssl3/sslv3-server.xml     |  2 +-
 2 files changed, 20 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/504b4270/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 9f793de..34458a7 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -674,16 +674,28 @@ public class JettyHTTPServerEngine implements ServerEngine {
         String proto = tlsServerParameters.getSecureSocketProtocol() == null
             ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
         
-        // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3
-        if (!"SSLv3".equals(proto) && tlsServerParameters.getExcludeProtocols().isEmpty()) {
+        // Jetty 9 excludes SSLv3 by default. So if we want it then we need to 
+        // remove it from the default excluded protocols
+        if ("SSLv3".equals(proto)) {
+            List<String> excludedProtocols = new ArrayList<String>();
+            for (String excludedProtocol : scf.getExcludeProtocols()) {
+                if (!("SSLv3".equals(excludedProtocol) || "SSLv2Hello".equals(excludedProtocol))) {
+                    excludedProtocols.add(excludedProtocol);
+                }
+            }
+            String[] revisedProtocols = new String[excludedProtocols.size()];
+            excludedProtocols.toArray(revisedProtocols);
+            scf.setExcludeProtocols(revisedProtocols);
+        } else if (tlsServerParameters.getExcludeProtocols().isEmpty()) {
+            // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3
             scf.addExcludeProtocols("SSLv3");
             scf.addExcludeProtocols("SSLv2Hello");
-        } else {
-            for (String p : tlsServerParameters.getExcludeProtocols()) {
-                scf.addExcludeProtocols(p);
-            }
         }
- 
+        
+        for (String p : tlsServerParameters.getExcludeProtocols()) {
+            scf.addExcludeProtocols(p);
+        }
+        
         SSLContext context = tlsServerParameters.getJsseProvider() == null
             ? SSLContext.getInstance(proto)
                 : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());

http://git-wip-us.apache.org/repos/asf/cxf/blob/504b4270/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
index e9f8f36..2ea4028 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
@@ -71,7 +71,7 @@
     
     <httpj:engine-factory id="disallow-tls-via-configuration">
         <httpj:engine port="${testutil.ports.SSLv3Server.3}">
-            <httpj:tlsServerParameters>
+            <httpj:tlsServerParameters secureSocketProtocol="SSLv3">
                 <sec:keyManagers keyPassword="password">
                     <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/>
                 </sec:keyManagers>