Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UNDERTOW-2112 Client Cert Renegotiation is not supported by JDK14 and newer. #1353

Merged
merged 1 commit into from Aug 11, 2022
Merged

UNDERTOW-2112 Client Cert Renegotiation is not supported by JDK14 and newer. #1353

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 9 additions & 0 deletions core/src/test/java/io/undertow/server/security/ClientCertRenegotiationTestCase.java
View file
Open in desktop
Expand Up @@ -34,6 +34,7 @@
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
Expand Down Expand Up @@ -67,6 +68,8 @@ protected List<AuthenticationMechanism> getTestMechanisms() {

@BeforeClass
public static void startSSL() throws Exception {
Assume.assumeTrue("UNDERTOW-2112 New version TLSv1.3 and JDK14 and newer versions are breaking this feature",
getJavaSpecificationVersion() < 14);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe TLSv1.3 was backported to jdk8 a, it may instead be preferable to explicitly specify TLSv1.2 for the server in this test, which should work across java versions

Copy link
Contributor

@rmartinc rmartinc Aug 1, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@carterkozak TLSV1.2 is already used in the test but it fails with JDK-17. The problem is that JDK-14+ added a new ticket extension that makes the force_renegotiation fail in TLSv1.2. Mainly all new versions (TLS spec or JDK impl) are making force_renegotiation fail. See UNDERTOW-2112 for more information. The test should be assumed to avoid it in jdk-14+.

DefaultServer.startSSLServer(OptionMap.create(SSL_CLIENT_AUTH_MODE, NOT_REQUESTED));
clientSSLContext = DefaultServer.getClientSSLContext();
}
Expand Down Expand Up @@ -149,4 +152,10 @@ public void testClientCertSuccessWithLargePostBody() throws Exception {
HttpClientUtils.readResponse(result);
assertSingleNotificationType(EventType.AUTHENTICATED);
}

private static int getJavaSpecificationVersion() {
String versionString = System.getProperty("java.specification.version");
versionString = versionString.startsWith("1.") ? versionString.substring(2) : versionString;
return Integer.parseInt(versionString);
}
}