+ Windows TLS behaviors between
OpenJDK 8 and OpendJDK 11
and even between TLS versions
make the test unreliable.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Migrate from @DisabledOnOs(WINDOWS) to assumptions on capabilities instead.
+ Fix other outstanding windows testing issues.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Updating tests to ensure that output is xml verified
+ Updating output to use `<hr>` element properly.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #6473 - Improve alias checking in PathResource.
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Reduce multiple canonicalPath calls with single alias check in PathResource
Revert to decoding and the normalizing URLs so that subsequent canonicalPath calls are noops.
Co-authored-by: Lachlan Roberts <lachlan@webtide.com>
- Merge from PR #6457.
- Also brought some other ComplianceModes back to disable ambiguous empty segments, and ambiguous encodings.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
+ Assumption based on existence of
possible DNS Hijacking
+ Alternate logic for client side
protocol and cipher suite mismatch
behavior on server side based
on client side protocol existence
of TLSv1.3
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Updated the logic in SslContextFactory.Server.sniSelect(...) to check if there is
any certificate that matches, and if so return a null alias in the hope to be called
again and pick the right alias for the SNI.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Fix#6227 Async timeout dispatch race
Only allow the thread calling onTimeout to call dispatch and complete once timeout has expired.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Added or expanded the scope of catch blocks to properly handle exceptions thrown by `HttpInput.Interceptor`.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Fixes#6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
Moved recording of bytes to fillRequestBuffer(),
so they are accounted also for async reads.
Added test case.
Fixed test that was too strictly comparing HttpConnection.bytesIn,
that now report a correct, but larger value.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Now matching certificates are sorted, non-wildcard first, so that a more specific alias is returned.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Joakim Erdfelt
Ludovic Orban
Simone Bordet
Greg Wilkins
Lachlan
Jan Bartel
olivier lamy
Jesse McConnell