[tomcat8] 06/10: Backported a fix disabling the broken SSLv3 tests

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Wed Nov 23 19:54:12 UTC 2016


This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch jessie
in repository tomcat8.

commit 3d2ac2adc9d28ded88be533f2bea6e7ecc768944
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Wed Nov 23 16:21:45 2016 +0100

    Backported a fix disabling the broken SSLv3 tests
---
 debian/changelog                         |   1 +
 debian/patches/disable-sslv3-tests.patch | 105 +++++++++++++++++++++++++++++++
 debian/patches/series                    |   1 +
 3 files changed, 107 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 673ed96..afaf089 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,7 @@ tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
     server. Enable SSL to be configured for the registry as well as the server.
   * Backported a fix for a test failure in Test*NonLoginAndBasicAuthenticator
     with recent JREs
+  * Backported a fix disabling the broken SSLv3 tests
   * Refreshed the expired SSL certificates used by the tests
 
  -- Emmanuel Bourg <ebourg at apache.org>  Tue, 22 Nov 2016 23:21:56 +0100
diff --git a/debian/patches/disable-sslv3-tests.patch b/debian/patches/disable-sslv3-tests.patch
new file mode 100644
index 0000000..596f1ca
--- /dev/null
+++ b/debian/patches/disable-sslv3-tests.patch
@@ -0,0 +1,105 @@
+Description: Remove forcing use of SSLv3 in unit tests
+Origin: backport, https://svn.apache.org/r1632523
+--- a/test/org/apache/tomcat/util/net/TesterSupport.java
++++ b/test/org/apache/tomcat/util/net/TesterSupport.java
+@@ -20,17 +20,12 @@
+ import java.io.FileInputStream;
+ import java.io.IOException;
+ import java.io.InputStream;
+-import java.net.InetAddress;
+-import java.net.Socket;
+-import java.net.UnknownHostException;
+ import java.security.KeyStore;
+ import java.security.cert.X509Certificate;
+ 
+ import javax.net.ssl.KeyManager;
+ import javax.net.ssl.KeyManagerFactory;
+ import javax.net.ssl.SSLContext;
+-import javax.net.ssl.SSLSocket;
+-import javax.net.ssl.SSLSocketFactory;
+ import javax.net.ssl.TrustManager;
+ import javax.net.ssl.TrustManagerFactory;
+ import javax.net.ssl.X509TrustManager;
+@@ -109,12 +104,11 @@
+ 
+     protected static void configureClientSsl() {
+         try {
+-            SSLContext sc = SSLContext.getInstance("SSL");
++            SSLContext sc = SSLContext.getInstance("TLS");
+             sc.init(TesterSupport.getUser1KeyManagers(),
+                     TesterSupport.getTrustManagers(),
+                     null);
+-            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
+-                    new TesterSSLSocketFactory(sc.getSocketFactory()));
++            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+         } catch (Exception e) {
+             e.printStackTrace();
+         }
+@@ -243,67 +237,4 @@
+             // NOOP - Trust everything
+         }
+     }
+-
+-    private static class TesterSSLSocketFactory
+-            extends SSLSocketFactory {
+-
+-        private SSLSocketFactory factory;
+-
+-        public TesterSSLSocketFactory(SSLSocketFactory factory) {
+-            this.factory = factory;
+-        }
+-
+-        @Override
+-        public String[] getDefaultCipherSuites() {
+-            return factory.getDefaultCipherSuites();
+-        }
+-
+-        @Override
+-        public String[] getSupportedCipherSuites() {
+-            return factory.getSupportedCipherSuites();
+-        }
+-
+-        @Override
+-        public Socket createSocket(Socket socket, String s, int i, boolean flag)
+-                throws IOException {
+-            SSLSocket result =
+-                (SSLSocket) factory.createSocket(socket, s, i, flag);
+-            result.setEnabledProtocols(new String[] { "SSLv3" } );
+-            return result;
+-        }
+-
+-        @Override
+-        public Socket createSocket(String s, int i) throws IOException,
+-                UnknownHostException {
+-            SSLSocket result = (SSLSocket) factory.createSocket(s, i);
+-            result.setEnabledProtocols(new String[] { "SSLv3" } );
+-            return result;
+-        }
+-
+-        @Override
+-        public Socket createSocket(String s, int i, InetAddress inetaddress,
+-                int j) throws IOException, UnknownHostException {
+-            SSLSocket result =
+-                (SSLSocket) factory.createSocket(s, i, inetaddress, j);
+-            result.setEnabledProtocols(new String[] { "SSLv3" } );
+-            return result;
+-        }
+-
+-        @Override
+-        public Socket createSocket(InetAddress inetaddress, int i)
+-                throws IOException {
+-            SSLSocket result = (SSLSocket) factory.createSocket(inetaddress, i);
+-            result.setEnabledProtocols(new String[] { "SSLv3" } );
+-            return result;
+-        }
+-
+-        @Override
+-        public Socket createSocket(InetAddress inetaddress, int i,
+-                InetAddress inetaddress1, int j) throws IOException {
+-            SSLSocket result = (SSLSocket) factory.createSocket(
+-                    inetaddress, i, inetaddress1, j);
+-            result.setEnabledProtocols(new String[] { "SSLv3" } );
+-            return result;
+-        }
+-    }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 51ea4ad..86b1e58 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,6 +13,7 @@
 0019-add-distribution-to-error-page.patch
 #0020-disable-java8-support-with-jdtcompiler.patch
 fix-TestNonLoginAndBasicAuthenticator.patch
+disable-sslv3-tests.patch
 CVE-2014-7810.patch
 CVE-2015-5174.patch
 CVE-2015-5345.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git



More information about the pkg-java-commits mailing list