Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added clarifying comment to KeyStore content. 

Restored precise check when a SAN is present.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2023-12-09 17:45:09 +01:00
parent 832f19ea8b
commit f620f99c78
No known key found for this signature in database
GPG Key ID: 1677D141BCF3584D
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SniSslConnectionFactoryTest.java
View File

@ -149,20 +149,23 @@ public class SniSslConnectionFactoryTest
{
start((ssl, customizer) ->
{
// Disable the host check because this keystore has no CN and no SAN.
// Disable the host check because this keystore has no CN and a SAN only for www.example.com.
ssl.setKeyStorePath("src/test/resources/keystore_sni_nowild.p12");
customizer.setSniHostCheck(false);
});
// This request won't match any CN or SAN, so the "default" certificate will be returned.
String response = getResponse("www.acme.org", null);
assertThat(response, Matchers.containsString("X-HOST: www.acme.org"));
// The JDK implementation may return aliases in random order, so the
// "default" certificate could be any of the two present in the KeyStore.
assertThat(response, Matchers.either(Matchers.containsString("X-CERT: OU=default"))
.or(Matchers.containsString("X-CERT: OU=example")));
// This request matches a SAN in the KeyStore.
response = getResponse("www.example.com", null);
assertThat(response, Matchers.containsString("X-HOST: www.example.com"));
assertThat(response, Matchers.either(Matchers.containsString("X-CERT: OU=default"))
.or(Matchers.containsString("X-CERT: OU=example")));
assertThat(response, Matchers.containsString("X-CERT: OU=example"));
}
@Test