honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test: Revert pinning MockWebServer to TLSv1.2 (#34148) 

Revert "[TESTS] Pin MockWebServer to TLS1.2 (#33127)" (commit
214652d4af) and "Pin TLS1.2 in
SSLConfigurationReloaderTests" (commit
d9f5e4fd2e), which pinned the
MockWebServer used in the SSLConfigurationReloaderTests to TLSv1.2 in
order to prevent failures with JDK 11 related to ssl session
invalidation. We no longer need this pinning as the problematic code
was fixed in #34130.
This commit is contained in:
Jay Modi 2018-10-02 09:54:21 -06:00 committed by GitHub
parent 6b714c9e1e
commit 8539fb68d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
View File

@ -78,6 +78,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
/** /**
* Tests reloading a keystore that is used in the KeyManager of SSLContext * Tests reloading a keystore that is used in the KeyManager of SSLContext
*/ */
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
public void testReloadingKeyStore() throws Exception { public void testReloadingKeyStore() throws Exception {
assumeFalse("Can't run in a FIPS JVM", inFipsJvm()); assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
final Path tempDir = createTempDir(); final Path tempDir = createTempDir();
@ -191,6 +192,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
* Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the * Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
* reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer * reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
*/ */
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
public void testReloadingTrustStore() throws Exception { public void testReloadingTrustStore() throws Exception {
assumeFalse("Can't run in a FIPS JVM", inFipsJvm()); assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
Path tempDir = createTempDir(); Path tempDir = createTempDir();
@ -477,9 +479,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
try (InputStream is = Files.newInputStream(keyStorePath)) { try (InputStream is = Files.newInputStream(keyStorePath)) {
keyStore.load(is, keyStorePass.toCharArray()); keyStore.load(is, keyStorePass.toCharArray());
} }
// TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, keyStorePass.toCharArray())
// https://github.com/elastic/elasticsearch/issues/32276
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, keyStorePass.toCharArray())
.build(); .build();
MockWebServer server = new MockWebServer(sslContext, false); MockWebServer server = new MockWebServer(sslContext, false);
server.enqueue(new MockResponse().setResponseCode(200).setBody("body")); server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
@ -493,9 +493,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
keyStore.load(null, password.toCharArray()); keyStore.load(null, password.toCharArray());
keyStore.setKeyEntry("testnode_ec", PemUtils.readPrivateKey(keyPath, password::toCharArray), password.toCharArray(), keyStore.setKeyEntry("testnode_ec", PemUtils.readPrivateKey(keyPath, password::toCharArray), password.toCharArray(),
CertParsingUtils.readCertificates(Collections.singletonList(certPath))); CertParsingUtils.readCertificates(Collections.singletonList(certPath)));
// TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, password.toCharArray())
// https://github.com/elastic/elasticsearch/issues/32276
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, password.toCharArray())
.build(); .build();
MockWebServer server = new MockWebServer(sslContext, false); MockWebServer server = new MockWebServer(sslContext, false);
server.enqueue(new MockResponse().setResponseCode(200).setBody("body")); server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
@ -510,7 +508,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
try (InputStream is = Files.newInputStream(trustStorePath)) { try (InputStream is = Files.newInputStream(trustStorePath)) {
trustStore.load(is, trustStorePass.toCharArray()); trustStore.load(is, trustStorePass.toCharArray());
} }
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(trustStore, null).build(); final SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore, null).build();
return HttpClients.custom().setSSLContext(sslContext).build(); return HttpClients.custom().setSSLContext(sslContext).build();
} }
@ -527,7 +525,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase {
for (Certificate cert : CertParsingUtils.readCertificates(trustedCertificatePaths)) { for (Certificate cert : CertParsingUtils.readCertificates(trustedCertificatePaths)) {
trustStore.setCertificateEntry(cert.toString(), cert); trustStore.setCertificateEntry(cert.toString(), cert);
} }
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(trustStore, null).build(); final SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore, null).build();
return HttpClients.custom().setSSLContext(sslContext).build(); return HttpClients.custom().setSSLContext(sslContext).build();
} }