(tomcat) branch 10.1.x updated: Remove OpenSSL double init test hack

remm Wed, 26 Jun 2024 02:54:51 -0700

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/10.1.x by this push:
     new 22d6c50bc8 Remove OpenSSL double init test hack
22d6c50bc8 is described below

commit 22d6c50bc8a47a6e5e4ac645617e38e3a4eccec3
Author: remm <[email protected]>
AuthorDate: Wed Jun 26 11:52:57 2024 +0200

    Remove OpenSSL double init test hack
---
 .../apache/catalina/startup/TomcatBaseTest.java    |  8 -----
 .../tomcat/util/net/TestClientCertTls13.java       |  4 ++-
 test/org/apache/tomcat/util/net/TesterSupport.java | 36 ----------------------
 .../tomcat/util/net/openssl/TestOpenSSLConf.java   | 32 +++++++++++++------
 4 files changed, 25 insertions(+), 55 deletions(-)

diff --git a/test/org/apache/catalina/startup/TomcatBaseTest.java 
b/test/org/apache/catalina/startup/TomcatBaseTest.java
index 91e654abdb..a655b28cf4 100644
--- a/test/org/apache/catalina/startup/TomcatBaseTest.java
+++ b/test/org/apache/catalina/startup/TomcatBaseTest.java
@@ -64,7 +64,6 @@ import org.apache.catalina.webresources.StandardRoot;
 import org.apache.coyote.http11.Http11NioProtocol;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.collections.CaseInsensitiveKeyMap;
-import org.apache.tomcat.util.net.TesterSupport;
 import org.apache.tomcat.util.scan.StandardJarScanFilter;
 import org.apache.tomcat.util.scan.StandardJarScanner;
 
@@ -74,13 +73,6 @@ import org.apache.tomcat.util.scan.StandardJarScanner;
  */
 public abstract class TomcatBaseTest extends LoggingBaseTest {
 
-    /*
-     * Ensures APR Library.initialize() and Library.terminate() don't interfere
-     * with the calls from the Lifecycle listener and trigger a JVM crash
-     */
-    @SuppressWarnings("unused")
-    private static final boolean ignored = TesterSupport.OPENSSL_AVAILABLE;
-
     // Used by parameterized tests. Defined here to reduce duplication.
     protected static final Boolean[] booleans = new Boolean[] { Boolean.FALSE, 
Boolean.TRUE };
 
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java 
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index dea79f1935..4ccbc594d6 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -29,9 +29,11 @@ import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameter;
 
 import org.apache.catalina.connector.Connector;
+import org.apache.catalina.core.AprStatus;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
 import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
 
 /**
  * The keys and certificates used in this file are all available in svn and 
were
@@ -108,7 +110,7 @@ public class TestClientCertTls13 extends TomcatBaseTest {
         TesterSupport.configureSSLImplementation(tomcat, 
sslImplementationName, useOpenSSL);
 
         if (useOpenSSL) {
-            Assume.assumeTrue(TesterSupport.getOpensslVersion() >= 0x1010100f);
+            Assume.assumeTrue(AprStatus.getOpenSSLVersion() >= 0x1010100f || 
OpenSSLStatus.getVersion() >= 0x1010100f);
         }
 
         // Tests default to TLSv1.2 when client cert auth is used
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java 
b/test/org/apache/tomcat/util/net/TesterSupport.java
index 868d99df2d..3bbaff9c32 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -60,10 +60,6 @@ import org.apache.catalina.core.OpenSSLLifecycleListener;
 import org.apache.catalina.core.StandardServer;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
-import org.apache.tomcat.jni.Library;
-import org.apache.tomcat.jni.LibraryNotFoundError;
-import org.apache.tomcat.jni.SSL;
-import org.apache.tomcat.util.compat.JreCompat;
 import org.apache.tomcat.util.descriptor.web.LoginConfig;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
@@ -90,9 +86,6 @@ public final class TesterSupport {
     public static final String LOCALHOST_EC_KEY_PEM = SSL_DIR + 
"localhost-ec-key.pem";
     public static final String LOCALHOST_RSA_CERT_PEM = SSL_DIR + 
"localhost-rsa-cert.pem";
     public static final String LOCALHOST_RSA_KEY_PEM = SSL_DIR + 
"localhost-rsa-key.pem";
-    public static final boolean OPENSSL_AVAILABLE;
-    public static final int OPENSSL_VERSION;
-    public static final String OPENSSL_ERROR;
     public static final boolean TLSV13_AVAILABLE;
 
     public static final String ROLE = "testrole";
@@ -103,27 +96,6 @@ public final class TesterSupport {
 
     static {
         boolean available = false;
-        int version = 0;
-        String err = "";
-        try {
-            if (JreCompat.isJre22Available()) {
-                // Try with FFM
-                Class<?> openSSL = 
Class.forName("org.apache.tomcat.util.openssl.openssl_h");
-                version = ((Long) 
openSSL.getMethod("OpenSSL_version_num").invoke(null)).intValue();
-            } else {
-                Library.initialize(null);
-                available = true;
-                version = SSL.version();
-                Library.terminate();
-            }
-        } catch (Exception | LibraryNotFoundError | 
ExceptionInInitializerError ex) {
-            err = ex.getMessage();
-        }
-        OPENSSL_AVAILABLE = available;
-        OPENSSL_VERSION = version;
-        OPENSSL_ERROR = err;
-
-        available = false;
         try {
             SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_3);
             available = true;
@@ -132,14 +104,6 @@ public final class TesterSupport {
         TLSV13_AVAILABLE = available;
     }
 
-    public static boolean isOpensslAvailable() {
-        return OPENSSL_AVAILABLE;
-    }
-
-    public static int getOpensslVersion() {
-        return OPENSSL_VERSION;
-    }
-
     public static boolean isTlsv13Available() {
         return TLSV13_AVAILABLE;
     }
diff --git a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java 
b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
index f614b0d18c..3a8145ff0d 100644
--- a/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
+++ b/test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java
@@ -34,8 +34,12 @@ import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.junit.runners.Parameterized.Parameter;
 
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.core.AprLifecycleListener;
+import org.apache.catalina.core.AprStatus;
 import org.apache.catalina.core.OpenSSLLifecycleListener;
 import org.apache.catalina.core.StandardServer;
 import org.apache.catalina.startup.Tomcat;
@@ -70,34 +74,37 @@ public class TestOpenSSLConf extends TomcatBaseTest {
     // Test behavior needs to adjust for OpenSSL 1.1.1-pre3 and above
     private static final int OPENSSL_TLS13_SUPPORT_MIN_VERSION = 0x10101003;
 
-    private static int OPENSSL_VERSION = TesterSupport.getOpensslVersion();
-
     private static boolean hasTLS13() {
-        return OPENSSL_VERSION >= OPENSSL_TLS13_SUPPORT_MIN_VERSION;
+        return AprStatus.getOpenSSLVersion() >= 
OPENSSL_TLS13_SUPPORT_MIN_VERSION
+                || OpenSSLStatus.getVersion() >= 
OPENSSL_TLS13_SUPPORT_MIN_VERSION;
     }
 
-    private SSLHostConfig initOpenSSLConfCmd(String... commands) throws 
Exception {
-        Assert.assertNotNull(commands);
-        Assert.assertTrue("Invalid length", commands.length % 2 == 0);
-
+    private void initOpenSSL() throws Exception {
         Tomcat tomcat = getTomcatInstance();
-        Connector connector = tomcat.getConnector();
 
         TesterSupport.initSsl(tomcat);
 
         
Assert.assertTrue(tomcat.getConnector().setProperty("sslImplementationName", 
sslImplementationName));
 
+        LifecycleListener listener = null;
         if 
(OpenSSLImplementation.class.getName().equals(sslImplementationName)) {
-            AprLifecycleListener listener = new AprLifecycleListener();
+            listener = new AprLifecycleListener();
             Assume.assumeTrue(AprLifecycleListener.isAprAvailable());
             StandardServer server = (StandardServer) tomcat.getServer();
             server.addLifecycleListener(listener);
         } else if 
("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation".equals(sslImplementationName))
 {
-            OpenSSLLifecycleListener listener = new OpenSSLLifecycleListener();
+            listener = new OpenSSLLifecycleListener();
             Assume.assumeTrue(OpenSSLLifecycleListener.isAvailable());
             StandardServer server = (StandardServer) tomcat.getServer();
             server.addLifecycleListener(listener);
         }
+        // Initialize only the listener as the OpenSSL version is not 
available before
+        listener.lifecycleEvent(new LifecycleEvent(tomcat.getServer(), 
Lifecycle.BEFORE_INIT_EVENT, null));
+    }
+
+    private SSLHostConfig initOpenSSLConfCmd(String... commands) throws 
Exception {
+        Assert.assertNotNull(commands);
+        Assert.assertTrue("Invalid length", commands.length % 2 == 0);
 
         OpenSSLConf conf = new OpenSSLConf();
         for (int i = 0; i < commands.length;) {
@@ -107,6 +114,9 @@ public class TestOpenSSLConf extends TomcatBaseTest {
             conf.addCmd(cmd);
         }
 
+        Tomcat tomcat = getTomcatInstance();
+        Connector connector = tomcat.getConnector();
+
         SSLHostConfig[] sslHostConfigs = 
connector.getProtocolHandler().findSslHostConfigs();
         Assert.assertEquals("Wrong SSLHostConfigCount", 1, 
sslHostConfigs.length);
         sslHostConfigs[0].setOpenSslConf(conf);
@@ -120,6 +130,7 @@ public class TestOpenSSLConf extends TomcatBaseTest {
 
     @Test
     public void testOpenSSLConfCmdCipher() throws Exception {
+        initOpenSSL();
         SSLHostConfig sslHostConfig;
         if (hasTLS13()) {
             // Ensure TLSv1.3 ciphers aren't returned
@@ -148,6 +159,7 @@ public class TestOpenSSLConf extends TomcatBaseTest {
 
     @Test
     public void testOpenSSLConfCmdProtocol() throws Exception {
+        initOpenSSL();
         Set<String> disabledProtocols = new 
HashSet<>(Arrays.asList(DISABLED_PROTOCOLS));
         StringBuilder sb = new StringBuilder();
         for (String protocol : DISABLED_PROTOCOLS) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tomcat) branch 10.1.x updated: Remove OpenSSL double init test hack

Reply via email to