[jira] [Commented] (SOLR-8970) SSLTestConfig behaves really stupid if keystore can't be found

Mon, 11 Apr 2016 17:39:05 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-8970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15236338#comment-15236338
 ] 

Hoss Man commented on SOLR-8970:
--------------------------------

SSLTestConfig already sanity checks whether TEST_KEYSTORE exists...
{code}
  public static File TEST_KEYSTORE = ExternalPaths.SERVER_HOME == null ? null
      : new File(ExternalPaths.SERVER_HOME, "../etc/test/solrtest.keystore");  
  private static String TEST_KEYSTORE_PATH = TEST_KEYSTORE != null
      && TEST_KEYSTORE.exists() ? TEST_KEYSTORE.getAbsolutePath() : null;
{code}

We should...

* change how TEST_KEYSTORE_PATH is initialized so that people using 
SolrTestCaseJ4/SSLTestConfig can set a sysprop when running tests to change 
which path to use when looking for the file
* change SSLTestConfig's constructors so that if {{clientAuth==true}} but 
{{TEST_KEYSTORE_PATH==null}} (either because the TEST_KEYSTORE file does not 
exist and no sysprop was used to override it) then we fail fast with a useful 
error telling people to either:
** set the test sysprop
** ensure the expected file is in TEST_KEYSTORE
** add {{@SupressSSL}} to their tests.

> SSLTestConfig behaves really stupid if keystore can't be found
> --------------------------------------------------------------
>
>                 Key: SOLR-8970
>                 URL: https://issues.apache.org/jira/browse/SOLR-8970
>             Project: Solr
>          Issue Type: Bug
>            Reporter: Hoss Man
>
> The SSLTestConfig constructor lets the call (notable SolrTestCaseJ4) tell it 
> wether clientAuth should be used (note SolrTestCaseJ4 calls this boolean 
> "trySslClientAuth") but it has a hardcoded assumption that the keystore file 
> it can use (for both the keystore and the truststore) will exist at a fixed 
> path in the solr install.
> when this works, it works fine - but if end users subclass/reuse 
> SolrTestCaseJ4 in their own projects, they may do so in a way that prevents 
> the SSLTestConfig keystore assumptions from being true, and yet they won't 
> get any sort of clear error.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to