tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1066766 - in /tomcat/trunk/test/org/apache/tomcat/util/net: TestSsl.java TesterSupport.java
Date Thu, 03 Feb 2011 09:20:34 GMT
Author: markt
Date: Thu Feb  3 09:20:34 2011
New Revision: 1066766

URL: http://svn.apache.org/viewvc?rev=1066766&view=rev
Log:
Hmm. Can't see a way (without changing the connector code) to test SSL renegotiation failure
if the JVM supports RFC5746. Need to think about this some more. In the meantime, get the
tests working.

Modified:
    tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
    tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1066766&r1=1066765&r2=1066766&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Thu Feb  3 09:20:34 2011
@@ -69,6 +69,13 @@ public class TestSsl extends TomcatBaseT
     boolean handshakeDone = false;
     
     public void testRenegotiateFail() throws Exception {
+        
+        // If RFC5746 is supported, renegotiation will always will (and will
+        // always be secure)
+        if (TesterSupport.RFC_5746_SUPPORTED) {
+            return;
+        }
+
         Tomcat tomcat = getTomcatInstance();
 
         File appDir = new File(getBuildDirectory(), "webapps/examples");
@@ -200,8 +207,10 @@ public class TestSsl extends TomcatBaseT
 
     @Override
     public void setUp() throws Exception {
-        // Make sure SSL renegotiation is not disabled in the JVM
-        System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+        if (!TesterSupport.RFC_5746_SUPPORTED) {
+            // Make sure SSL renegotiation is not disabled in the JVM
+            System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
+        }
         super.setUp();
     }
 }

Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1066766&r1=1066765&r2=1066766&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Thu Feb  3 09:20:34 2011
@@ -17,14 +17,44 @@
 package org.apache.tomcat.util.net;
 
 import java.io.File;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
 import org.apache.catalina.startup.Tomcat;
 
 public final class TesterSupport {
+    
+    protected static final boolean RFC_5746_SUPPORTED;
+
+    static {
+        boolean result = false;
+        SSLContext context;
+        try {
+            context = SSLContext.getInstance("TLS");
+            context.init(null, null, new SecureRandom());
+            SSLServerSocketFactory ssf = context.getServerSocketFactory();
+            String ciphers[] = ssf.getSupportedCipherSuites();
+            for (String cipher : ciphers) {
+                if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
+                    result = true;
+                    break;
+                }
+            }
+        } catch (NoSuchAlgorithmException e) {
+            // Assume no RFC 5746 support
+        } catch (KeyManagementException e) {
+            // Assume no RFC 5746 support
+        }
+        RFC_5746_SUPPORTED = result;
+    }
+
     protected static final TrustManager[] TRUST_ALL_CERTS = new TrustManager[] { 
         new X509TrustManager() { 
             @Override
@@ -65,4 +95,5 @@ public final class TesterSupport {
         tomcat.getConnector().setSecure(true);            
         tomcat.getConnector().setProperty("SSLEnabled", "true");
     }
+    
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message