This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 22d6c50bc8 Remove OpenSSL double init test hack
22d6c50bc8 is described below
commit 22d6c50bc8a47a6e5e4ac645617e38e3a4eccec3
Author: remm <r...@apache.org>
AuthorDate: Wed Jun 26 11:52:57 2024 +0200
Remove OpenSSL double init test hack
---
.../apache/catalina/startup/TomcatBaseTest.java | 8 -----
.../tomcat/util/net/TestClientCertTls13.java | 4 ++-
test/org/apache/tomcat/util/net/TesterSupport.java | 36 ----------------------
.../tomcat/util/net/openssl/TestOpenSSLConf.java | 32 +++++++++++++------
4 files changed, 25 insertions(+), 55 deletions(-)
diff --git a/test/org/apache/catalina/startup/TomcatBaseTest.java
b/test/org/apache/catalina/startup/TomcatBaseTest.java
index 91e654abdb..a655b28cf4 100644
--- a/test/org/apache/catalina/startup/TomcatBaseTest.java
+++ b/test/org/apache/catalina/startup/TomcatBaseTest.java
@@ -64,7 +64,6 @@ import org.apache.catalina.webresources.StandardRoot;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.collections.CaseInsensitiveKeyMap;
-import org.apache.tomcat.util.net.TesterSupport;
import org.apache.tomcat.util.scan.StandardJarScanFilter;
import org.apache.tomcat.util.scan.StandardJarScanner;
@@ -74,13 +73,6 @@ import org.apache.tomcat.util.scan.StandardJarScanner;
*/
public abstract class TomcatBaseTest extends LoggingBaseTest {
- /*
- * Ensures APR Library.initialize() and Library.terminate() don't interfere
- * with the calls from the Lifecycle listener and trigger a JVM crash
- */
- @SuppressWarnings("unused")
- private static final boolean ignored = TesterSupport.OPENSSL_AVAILABLE;
-
// Used by parameterized tests. Defined here to reduce duplication.
protected static final Boolean[] booleans = new Boolean[] { Boolean.FALSE,
Boolean.TRUE };
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index dea79f1935..4ccbc594d6 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -29,9 +29,11 @@ import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameter;
import org.apache.catalina.connector.Connector;
+import org.apache.catalina.core.AprStatus;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -108,7 +110,7 @@ public class TestClientCertTls13 extends TomcatBaseTest {
TesterSupport.configureSSLImplementation(tomcat,
sslImplementationName, useOpenSSL);
if (useOpenSSL) {
- Assume.assumeTrue(TesterSupport.getOpensslVersion() >= 0x1010100f);
+ Assume.assumeTrue(AprStatus.getOpenSSLVersion() >= 0x1010100f ||
OpenSSLStatus.getVersion() >= 0x1010100f);
}
// Tests default to TLSv1.2 when client cert auth is used
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index 868d99df2d..3bbaff9c32 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -60,10 +60,6 @@ import org.apache.catalina.core.OpenSSLLifecycleListener;
import org.apache.catalina.core.StandardServer;
import org.apache.catalina.startup.TesterMapRealm;
import org.apache.catalina.startup.Tomcat;
-import org.apache.tomcat.jni.Library;
-import org.apache.tomcat.jni.LibraryNotFoundError;
-import org.apache.tomcat.jni.SSL;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@@ -90,9 +86,6 @@ public final class TesterSupport {
public static final String LOCALHOST_EC_KEY_PEM = SSL_DIR +
"localhost-ec-key.pem";
public static final String LOCALHOST_RSA_CERT_PEM = SSL_DIR +
"localhost-rsa-cert.pem";
public static final String LOCALHOST_RSA_KEY_PEM = SSL_DIR +
"localhost-rsa-key.pem";
- public static final boolean OPENSSL_AVAILABLE;
- public static final int OPENSSL_VERSION;
- public static final String OPENSSL_ERROR;
public static final boolean TLSV13_AVAILABLE;
public static final String ROLE = "testrole";
@@ -103,27 +96,6 @@ public final class TesterSupport {
static {
boolean available = false;
- int version = 0;
- String err = "";
- try {
- if (JreCompat.isJre22Available()) {
- // Try with FFM
- Class<?> openSSL =
Class.forName("org.apache.tomcat.util.openssl.openssl_h");
- version = ((Long)
openSSL.getMethod("OpenSSL_version_num").invoke(null)).intValue();
- } else {
- Library.initialize(null);
- available = true;
- version = SSL.version();
- Library.terminate();
- }
- } catch (Exception | LibraryNotFoundError |
ExceptionInInitializerError ex) {
- err = ex.getMessage();
- }
- OPENSSL_AVAILABLE = available;
- OPENSSL_VERSION = version;
- OPENSSL_ERROR = err;
-
- available = false;
try {
SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3);
available = true;
@@ -132,14 +104,6 @@ public final class TesterSupport {
TLSV13_AVAILABLE = available;
}
- public static boolean isOpensslAvailable() {
- return OPENSSL_AVAILABLE;
- }
-
- public static int getOpensslVersion() {
- return OPENSSL_VERSION;
- }
-
public static boolean isTlsv13Available() {
return TLSV13_AVAILABLE;
}
diff --git a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
index f614b0d18c..3a8145ff0d 100644
--- a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
+++ b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
@@ -34,8 +34,12 @@ import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameter;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.AprLifecycleListener;
+import org.apache.catalina.core.AprStatus;
import org.apache.catalina.core.OpenSSLLifecycleListener;
import org.apache.catalina.core.StandardServer;
import org.apache.catalina.startup.Tomcat;
@@ -70,34 +74,37 @@ public class TestOpenSSLConf extends TomcatBaseTest {
// Test behavior needs to adjust for OpenSSL 1.1.1-pre3 and above
private static final int OPENSSL_TLS13_SUPPORT_MIN_VERSION = 0x10101003;
- private static int OPENSSL_VERSION = TesterSupport.getOpensslVersion();
-
private static boolean hasTLS13() {
- return OPENSSL_VERSION >= OPENSSL_TLS13_SUPPORT_MIN_VERSION;
+ return AprStatus.getOpenSSLVersion() >=
OPENSSL_TLS13_SUPPORT_MIN_VERSION
+ || OpenSSLStatus.getVersion() >=
OPENSSL_TLS13_SUPPORT_MIN_VERSION;
}
- private SSLHostConfig initOpenSSLConfCmd(String... commands) throws
Exception {
- Assert.assertNotNull(commands);
- Assert.assertTrue("Invalid length", commands.length % 2 == 0);
-
+ private void initOpenSSL() throws Exception {
Tomcat tomcat = getTomcatInstance();
- Connector connector = tomcat.getConnector();
TesterSupport.initSsl(tomcat);
Assert.assertTrue(tomcat.getConnector().setProperty("sslImplementationName",
sslImplementationName));
+ LifecycleListener listener = null;
if
(OpenSSLImplementation.class.getName().equals(sslImplementationName)) {
- AprLifecycleListener listener = new AprLifecycleListener();
+ listener = new AprLifecycleListener();
Assume.assumeTrue(AprLifecycleListener.isAprAvailable());
StandardServer server = (StandardServer) tomcat.getServer();
server.addLifecycleListener(listener);
} else if
("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation".equals(sslImplementationName))
{
- OpenSSLLifecycleListener listener = new OpenSSLLifecycleListener();
+ listener = new OpenSSLLifecycleListener();
Assume.assumeTrue(OpenSSLLifecycleListener.isAvailable());
StandardServer server = (StandardServer) tomcat.getServer();
server.addLifecycleListener(listener);
}
+ // Initialize only the listener as the OpenSSL version is not
available before
+ listener.lifecycleEvent(new LifecycleEvent(tomcat.getServer(),
Lifecycle.BEFORE_INIT_EVENT, null));
+ }
+
+ private SSLHostConfig initOpenSSLConfCmd(String... commands) throws
Exception {
+ Assert.assertNotNull(commands);
+ Assert.assertTrue("Invalid length", commands.length % 2 == 0);
OpenSSLConf conf = new OpenSSLConf();
for (int i = 0; i < commands.length;) {
@@ -107,6 +114,9 @@ public class TestOpenSSLConf extends TomcatBaseTest {
conf.addCmd(cmd);
}
+ Tomcat tomcat = getTomcatInstance();
+ Connector connector = tomcat.getConnector();
+
SSLHostConfig[] sslHostConfigs =
connector.getProtocolHandler().findSslHostConfigs();
Assert.assertEquals("Wrong SSLHostConfigCount", 1,
sslHostConfigs.length);
sslHostConfigs[0].setOpenSslConf(conf);
@@ -120,6 +130,7 @@ public class TestOpenSSLConf extends TomcatBaseTest {
@Test
public void testOpenSSLConfCmdCipher() throws Exception {
+ initOpenSSL();
SSLHostConfig sslHostConfig;
if (hasTLS13()) {
// Ensure TLSv1.3 ciphers aren't returned
@@ -148,6 +159,7 @@ public class TestOpenSSLConf extends TomcatBaseTest {
@Test
public void testOpenSSLConfCmdProtocol() throws Exception {
+ initOpenSSL();
Set<String> disabledProtocols = new
HashSet<>(Arrays.asList(DISABLED_PROTOCOLS));
StringBuilder sb = new StringBuilder();
for (String protocol : DISABLED_PROTOCOLS) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
