[tomcat8] 06/10: Backported a fix disabling the broken SSLv3 tests
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Wed Nov 23 19:54:12 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch jessie
in repository tomcat8.
commit 3d2ac2adc9d28ded88be533f2bea6e7ecc768944
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Wed Nov 23 16:21:45 2016 +0100
Backported a fix disabling the broken SSLv3 tests
---
debian/changelog | 1 +
debian/patches/disable-sslv3-tests.patch | 105 +++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 107 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 673ed96..afaf089 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,7 @@ tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
server. Enable SSL to be configured for the registry as well as the server.
* Backported a fix for a test failure in Test*NonLoginAndBasicAuthenticator
with recent JREs
+ * Backported a fix disabling the broken SSLv3 tests
* Refreshed the expired SSL certificates used by the tests
-- Emmanuel Bourg <ebourg at apache.org> Tue, 22 Nov 2016 23:21:56 +0100
diff --git a/debian/patches/disable-sslv3-tests.patch b/debian/patches/disable-sslv3-tests.patch
new file mode 100644
index 0000000..596f1ca
--- /dev/null
+++ b/debian/patches/disable-sslv3-tests.patch
@@ -0,0 +1,105 @@
+Description: Remove forcing use of SSLv3 in unit tests
+Origin: backport, https://svn.apache.org/r1632523
+--- a/test/org/apache/tomcat/util/net/TesterSupport.java
++++ b/test/org/apache/tomcat/util/net/TesterSupport.java
+@@ -20,17 +20,12 @@
+ import java.io.FileInputStream;
+ import java.io.IOException;
+ import java.io.InputStream;
+-import java.net.InetAddress;
+-import java.net.Socket;
+-import java.net.UnknownHostException;
+ import java.security.KeyStore;
+ import java.security.cert.X509Certificate;
+
+ import javax.net.ssl.KeyManager;
+ import javax.net.ssl.KeyManagerFactory;
+ import javax.net.ssl.SSLContext;
+-import javax.net.ssl.SSLSocket;
+-import javax.net.ssl.SSLSocketFactory;
+ import javax.net.ssl.TrustManager;
+ import javax.net.ssl.TrustManagerFactory;
+ import javax.net.ssl.X509TrustManager;
+@@ -109,12 +104,11 @@
+
+ protected static void configureClientSsl() {
+ try {
+- SSLContext sc = SSLContext.getInstance("SSL");
++ SSLContext sc = SSLContext.getInstance("TLS");
+ sc.init(TesterSupport.getUser1KeyManagers(),
+ TesterSupport.getTrustManagers(),
+ null);
+- javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
+- new TesterSSLSocketFactory(sc.getSocketFactory()));
++ javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+@@ -243,67 +237,4 @@
+ // NOOP - Trust everything
+ }
+ }
+-
+- private static class TesterSSLSocketFactory
+- extends SSLSocketFactory {
+-
+- private SSLSocketFactory factory;
+-
+- public TesterSSLSocketFactory(SSLSocketFactory factory) {
+- this.factory = factory;
+- }
+-
+- @Override
+- public String[] getDefaultCipherSuites() {
+- return factory.getDefaultCipherSuites();
+- }
+-
+- @Override
+- public String[] getSupportedCipherSuites() {
+- return factory.getSupportedCipherSuites();
+- }
+-
+- @Override
+- public Socket createSocket(Socket socket, String s, int i, boolean flag)
+- throws IOException {
+- SSLSocket result =
+- (SSLSocket) factory.createSocket(socket, s, i, flag);
+- result.setEnabledProtocols(new String[] { "SSLv3" } );
+- return result;
+- }
+-
+- @Override
+- public Socket createSocket(String s, int i) throws IOException,
+- UnknownHostException {
+- SSLSocket result = (SSLSocket) factory.createSocket(s, i);
+- result.setEnabledProtocols(new String[] { "SSLv3" } );
+- return result;
+- }
+-
+- @Override
+- public Socket createSocket(String s, int i, InetAddress inetaddress,
+- int j) throws IOException, UnknownHostException {
+- SSLSocket result =
+- (SSLSocket) factory.createSocket(s, i, inetaddress, j);
+- result.setEnabledProtocols(new String[] { "SSLv3" } );
+- return result;
+- }
+-
+- @Override
+- public Socket createSocket(InetAddress inetaddress, int i)
+- throws IOException {
+- SSLSocket result = (SSLSocket) factory.createSocket(inetaddress, i);
+- result.setEnabledProtocols(new String[] { "SSLv3" } );
+- return result;
+- }
+-
+- @Override
+- public Socket createSocket(InetAddress inetaddress, int i,
+- InetAddress inetaddress1, int j) throws IOException {
+- SSLSocket result = (SSLSocket) factory.createSocket(
+- inetaddress, i, inetaddress1, j);
+- result.setEnabledProtocols(new String[] { "SSLv3" } );
+- return result;
+- }
+- }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 51ea4ad..86b1e58 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,6 +13,7 @@
0019-add-distribution-to-error-page.patch
#0020-disable-java8-support-with-jdtcompiler.patch
fix-TestNonLoginAndBasicAuthenticator.patch
+disable-sslv3-tests.patch
CVE-2014-7810.patch
CVE-2015-5174.patch
CVE-2015-5345.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list