Skip to content

[TESTS] Pin MockWebServer to TLS1.2 #33127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Aug 30, 2018
Merged

[TESTS] Pin MockWebServer to TLS1.2 #33127

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c727aa7
Pin MockWebServer to TLS1.2
jkakavas Aug 24, 2018
2f8f638
Merge remote-tracking branch 'origin/master' into test-tls12-graceful…
jkakavas Aug 27, 2018
32649e8
Fix protocol identifier string
jkakavas Aug 29, 2018
0180279
Merge remote-tracking branch 'origin/master' into test-tls12-graceful…
jkakavas Aug 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions ...in/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,6 @@ public void cleanup() throws Exception {
/**
* Tests reloading a keystore that is used in the KeyManager of SSLContext
*/
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
public void testReloadingKeyStore() throws Exception {
assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
final Path tempDir = createTempDir();
Expand Down Expand Up @@ -192,7 +191,6 @@ public void testPEMKeyConfigReloading() throws Exception {
* Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
* reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
*/
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32124")
public void testReloadingTrustStore() throws Exception {
assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
Path tempDir = createTempDir();
Expand Down Expand Up @@ -479,7 +477,9 @@ private static MockWebServer getSslServer(Path keyStorePath, String keyStorePass
try (InputStream is = Files.newInputStream(keyStorePath)) {
keyStore.load(is, keyStorePass.toCharArray());
}
final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, keyStorePass.toCharArray())
// TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
// https://github.com/elastic/elasticsearch/issues/32276
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, keyStorePass.toCharArray())
.build();
MockWebServer server = new MockWebServer(sslContext, false);
server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
Expand All @@ -493,7 +493,9 @@ private static MockWebServer getSslServer(Path keyPath, Path certPath, String pa
keyStore.load(null, password.toCharArray());
keyStore.setKeyEntry("testnode_ec", PemUtils.readPrivateKey(keyPath, password::toCharArray), password.toCharArray(),
CertParsingUtils.readCertificates(Collections.singletonList(certPath)));
final SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, password.toCharArray())
// TODO Revisit TLS1.2 pinning when TLS1.3 is fully supported
// https://github.com/elastic/elasticsearch/issues/32276
final SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadKeyMaterial(keyStore, password.toCharArray())
.build();
MockWebServer server = new MockWebServer(sslContext, false);
server.enqueue(new MockResponse().setResponseCode(200).setBody("body"));
Expand Down