[ https://issues.apache.org/jira/browse/THRIFT-4084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15873497#comment-15873497 ]
ASF GitHub Bot commented on THRIFT-4084: ---------------------------------------- Github user nsuke commented on a diff in the pull request: https://github.com/apache/thrift/pull/1197#discussion_r101909371 --- Diff: test/tests.json --- @@ -606,5 +606,23 @@ "compact" ], "workdir": "rs/bin" + }, + { + "name": "secure", + "client": { + "command": [ + "test_secure.bash" + ] + }, + "transports": [ + "buffered" + ], + "sockets": [ + "ip-ssl" + ], + "protocols": [ + "binary" + ], + "workdir": "secure" --- End diff -- Simply moving the same JSON entry (with relative file path adjustment) might get this included to `make crossfeature`. In that case, known_failure file is also in `features/known_...`. Otherwise we can leave it as is and plan to relocate later. I guess I'll need to put some information to `test/README.md` or create `test/features/README.md` > Improve SSL security in thrift by adding a make cross client that checks to > make sure SSLv3 protocol cannot be negotiated > ------------------------------------------------------------------------------------------------------------------------- > > Key: THRIFT-4084 > URL: https://issues.apache.org/jira/browse/THRIFT-4084 > Project: Thrift > Issue Type: Improvement > Components: Test Suite > Affects Versions: 0.10.0 > Environment: Ubuntu Dockerfile > Reporter: James E. King, III > Assignee: James E. King, III > Labels: cross-validation, security, ssl, tls > > Following code review discussions in THRIFT-3369, and seeing THRIFT-3165 in > the backlog, I want to add a make cross "language" which isn't a language at > all, but a test that checks to see if it is possible to negotiate at various > SSL/TLS protocol versions. This would be a client-only test, likely just a > bash script that leverages the openssl client and command line options to > connect to a test server and see if it handshakes and negotiates protocol > successfully. > Without THRIFT-3165 implemented, it will ensure: > * Can handshake using the universal SSLv23 context, however cannot negotiate > SSLv3 > * Can negotiate TLSv1.0, TLSv1.1, and TLSv1.2 > With THRIFT-3165 it needs to change to ensure: > * Can handshake using TLSv1.2 but not any other version > The solution I came up with was to add a new client called "secure" to make > crosstest. test_secure is a simple bash script that checks the appropriate > rules above (the ones without THRIFT-3165, since it is not done), and I added > "secure" to the list of cross test "languages" in the top level configure > script. -- This message was sent by Atlassian JIRA (v6.3.15#6346)