-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CRL verification failing due to client cert not being in chain #29582
Conversation
Signed-off-by: Micah Algard <micahalgard@gmail.com>
|
||
@Drone | ||
@PhantomJSBrowser | ||
private WebDriver phantomJS; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally we'd try to avoid introducing more PhantomJS (see #9979), but since AbstractX509AuthenticationTest
is heavily based on it there is very little we can do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All x509 tests use the phantom, so I just followed the same idea. So when the x509 tests were changed to use another thing this one will be just one more test to change. Not doing anything here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, nothing that can be done about it until the testing team gets to it :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 , FYI. There is WiP by @Aboullos from QA team for refactoring of X.509 tests to make them get rid of PhantomJS
Closes keycloak#19853 Signed-off-by: rmartinc <rmartinc@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Closes #19853
Just superseding PR #24760 to include a test with a single certificate with no CA trust anchor in the chain.