From: markt Date: Thu, 3 Feb 2011 09:20:34 +0000 (+0000) Subject: Hmm. Can't see a way (without changing the connector code) to test SSL renegotiation... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=2ffb423370ed1dabe4896e3f85490c7dab0d1dde;p=tomcat7.0 Hmm. Can't see a way (without changing the connector code) to test SSL renegotiation failure if the JVM supports RFC5746. Need to think about this some more. In the meantime, get the tests working. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1066766 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/test/org/apache/tomcat/util/net/TestSsl.java b/test/org/apache/tomcat/util/net/TestSsl.java index 22ab73938..cbec9e5a0 100644 --- a/test/org/apache/tomcat/util/net/TestSsl.java +++ b/test/org/apache/tomcat/util/net/TestSsl.java @@ -69,6 +69,13 @@ public class TestSsl extends TomcatBaseTest { boolean handshakeDone = false; public void testRenegotiateFail() throws Exception { + + // If RFC5746 is supported, renegotiation will always will (and will + // always be secure) + if (TesterSupport.RFC_5746_SUPPORTED) { + return; + } + Tomcat tomcat = getTomcatInstance(); File appDir = new File(getBuildDirectory(), "webapps/examples"); @@ -200,8 +207,10 @@ public class TestSsl extends TomcatBaseTest { @Override public void setUp() throws Exception { - // Make sure SSL renegotiation is not disabled in the JVM - System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); + if (!TesterSupport.RFC_5746_SUPPORTED) { + // Make sure SSL renegotiation is not disabled in the JVM + System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true"); + } super.setUp(); } } diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java b/test/org/apache/tomcat/util/net/TesterSupport.java index 60682957a..7a7987e77 100644 --- a/test/org/apache/tomcat/util/net/TesterSupport.java +++ b/test/org/apache/tomcat/util/net/TesterSupport.java @@ -17,14 +17,44 @@ package org.apache.tomcat.util.net; import java.io.File; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.cert.X509Certificate; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.apache.catalina.startup.Tomcat; public final class TesterSupport { + + protected static final boolean RFC_5746_SUPPORTED; + + static { + boolean result = false; + SSLContext context; + try { + context = SSLContext.getInstance("TLS"); + context.init(null, null, new SecureRandom()); + SSLServerSocketFactory ssf = context.getServerSocketFactory(); + String ciphers[] = ssf.getSupportedCipherSuites(); + for (String cipher : ciphers) { + if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) { + result = true; + break; + } + } + } catch (NoSuchAlgorithmException e) { + // Assume no RFC 5746 support + } catch (KeyManagementException e) { + // Assume no RFC 5746 support + } + RFC_5746_SUPPORTED = result; + } + protected static final TrustManager[] TRUST_ALL_CERTS = new TrustManager[] { new X509TrustManager() { @Override @@ -65,4 +95,5 @@ public final class TesterSupport { tomcat.getConnector().setSecure(true); tomcat.getConnector().setProperty("SSLEnabled", "true"); } + }