Test: Revert pinning MockWebServer to TLSv1.2 (#34148)
Revert "[TESTS] Pin MockWebServer to TLS1.2 (#33127)" (commit214652d4af
) and "Pin TLS1.2 in SSLConfigurationReloaderTests" (commitd9f5e4fd2e
), which pinned the MockWebServer used in the SSLConfigurationReloaderTests to TLSv1.2 in order to prevent failures with JDK 11 related to ssl session invalidation. We no longer need this pinning as the problematic code was fixed in #34130.
This commit is contained in:
parent
6b714c9e1e
commit
8539fb68d9
|
@ -78,6 +78,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
|
|||
/**
|
||||
* Tests reloading a keystore that is used in the KeyManager of SSLContext
|
||||
*/
|
||||
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
|
||||
public void testReloadingKeyStore() throws Exception {
|
||||
assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
|
||||
final Path tempDir = createTempDir();
|
||||
|
@ -191,6 +192,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
|
|||
* Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
|
||||
* reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
|
||||
*/
|
||||
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
|
||||
public void testReloadingTrustStore() throws Exception {
|
||||
assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
|
||||
Path tempDir = createTempDir();
|
||||
|
@ -477,9 +479,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
|
|||
try (InputStream is = Files.newInputStream(keyStorePath)) {
|
||||
keyStore.load(is, keyStorePass.toCharArray());
|
||||
}
|
||||
// TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
|
||||
// https://github.com/elastic/elasticsearch/issues/32276
|
||||
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, keyStorePass.toCharArray())
|
||||
final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, keyStorePass.toCharArray())
|
||||
.build();
|
||||
MockWebServer server = new MockWebServer(sslContext, false);
|
||||
server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
|
||||
|
@ -493,9 +493,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
|
|||
keyStore.load(null, password.toCharArray());
|
||||
keyStore.setKeyEntry("testnode_ec", PemUtils.readPrivateKey(keyPath, password::toCharArray), password.toCharArray(),
|
||||
CertParsingUtils.readCertificates(Collections.singletonList(certPath)));
|
||||
// TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
|
||||
// https://github.com/elastic/elasticsearch/issues/32276
|
||||
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, password.toCharArray())
|
||||
final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, password.toCharArray())
|
||||
.build();
|
||||
MockWebServer server = new MockWebServer(sslContext, false);
|
||||
server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
|
||||
|
@ -510,7 +508,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
|
|||
try (InputStream is = Files.newInputStream(trustStorePath)) {
|
||||
trustStore.load(is, trustStorePass.toCharArray());
|
||||
}
|
||||
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(trustStore, null).build();
|
||||
final SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore, null).build();
|
||||
return HttpClients.custom().setSSLContext(sslContext).build();
|
||||
}
|
||||
|
||||
|
@ -527,7 +525,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
|
|||
for (Certificate cert : CertParsingUtils.readCertificates(trustedCertificatePaths)) {
|
||||
trustStore.setCertificateEntry(cert.toString(), cert);
|
||||
}
|
||||
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(trustStore, null).build();
|
||||
final SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore, null).build();
|
||||
return HttpClients.custom().setSSLContext(sslContext).build();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue