You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/02/18 18:38:46 UTC
cxf git commit: Fixing test failure with Jetty 9
Repository: cxf
Updated Branches:
refs/heads/master 33083c068 -> 504b42708
Fixing test failure with Jetty 9
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/504b4270
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/504b4270
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/504b4270
Branch: refs/heads/master
Commit: 504b427081cfc2213ce0a5c050b16af67ca7ff46
Parents: 33083c0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 18 17:38:18 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 18 17:38:18 2015 +0000
----------------------------------------------------------------------
.../http_jetty/JettyHTTPServerEngine.java | 26 ++++++++++++++------
.../cxf/systest/https/ssl3/sslv3-server.xml | 2 +-
2 files changed, 20 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/504b4270/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 9f793de..34458a7 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -674,16 +674,28 @@ public class JettyHTTPServerEngine implements ServerEngine {
String proto = tlsServerParameters.getSecureSocketProtocol() == null
? "TLS" : tlsServerParameters.getSecureSocketProtocol();
- // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3
- if (!"SSLv3".equals(proto) && tlsServerParameters.getExcludeProtocols().isEmpty()) {
+ // Jetty 9 excludes SSLv3 by default. So if we want it then we need to
+ // remove it from the default excluded protocols
+ if ("SSLv3".equals(proto)) {
+ List<String> excludedProtocols = new ArrayList<String>();
+ for (String excludedProtocol : scf.getExcludeProtocols()) {
+ if (!("SSLv3".equals(excludedProtocol) || "SSLv2Hello".equals(excludedProtocol))) {
+ excludedProtocols.add(excludedProtocol);
+ }
+ }
+ String[] revisedProtocols = new String[excludedProtocols.size()];
+ excludedProtocols.toArray(revisedProtocols);
+ scf.setExcludeProtocols(revisedProtocols);
+ } else if (tlsServerParameters.getExcludeProtocols().isEmpty()) {
+ // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3
scf.addExcludeProtocols("SSLv3");
scf.addExcludeProtocols("SSLv2Hello");
- } else {
- for (String p : tlsServerParameters.getExcludeProtocols()) {
- scf.addExcludeProtocols(p);
- }
}
-
+
+ for (String p : tlsServerParameters.getExcludeProtocols()) {
+ scf.addExcludeProtocols(p);
+ }
+
SSLContext context = tlsServerParameters.getJsseProvider() == null
? SSLContext.getInstance(proto)
: SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());
http://git-wip-us.apache.org/repos/asf/cxf/blob/504b4270/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
index e9f8f36..2ea4028 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml
@@ -71,7 +71,7 @@
<httpj:engine-factory id="disallow-tls-via-configuration">
<httpj:engine port="${testutil.ports.SSLv3Server.3}">
- <httpj:tlsServerParameters>
+ <httpj:tlsServerParameters secureSocketProtocol="SSLv3">
<sec:keyManagers keyPassword="password">
<sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/>
</sec:keyManagers>