Re-enable running openssl (shared) tests on CI (#11197)
Motivation: It turned out we didnt run the openssl tests on the CI when we used the non-static version of netty-tcnative. Modifications: - Upgrade netty-tcnative to fix segfault when using shared openssl - Adjust tests to only run session cache tests when openssl supports it - Fix some more tests to only depend on KeyManager if the underlying openssl version supports it Result: Run all openssl test on the CI even when shared library is used
This commit is contained in:
parent
48e2c0d5cd
commit
216cd38ff2
4
.github/workflows/ci-pr.yml
vendored
4
.github/workflows/ci-pr.yml
vendored
@ -70,8 +70,10 @@ jobs:
|
||||
|
||||
# Compile native code and the modules it depend on and run NativeLoadingTest. This is enough to ensure
|
||||
# we can load the native module on aarch64
|
||||
#
|
||||
# Use tcnative.classifier that is empty as we don't support using the shared lib version on ubuntu.
|
||||
run: |
|
||||
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-arm64 mvn -pl testsuite-native -am clean package -DskipTests=true -Dcheckstyle.skip=true -DskipNativeTestsuite=false
|
||||
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-arm64 mvn -pl testsuite-native -am clean package -DskipTests=true -Dcheckstyle.skip=true -DskipNativeTestsuite=false -Dtcnative.classifier=
|
||||
|
||||
build-pr:
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -384,6 +384,10 @@ public final class OpenSsl {
|
||||
}
|
||||
}
|
||||
|
||||
static boolean isSessionCacheSupported() {
|
||||
return version() >= 0x10100000L;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a self-signed {@link X509Certificate} for {@code netty.io}.
|
||||
*/
|
||||
|
@ -82,6 +82,10 @@ public class CloseNotifyTest {
|
||||
public void eventsOrder() throws Exception {
|
||||
assumeTrue("OpenSSL is not available", provider != SslProvider.OPENSSL || OpenSsl.isAvailable());
|
||||
|
||||
if (PROTOCOL_TLS_V1_3.equals(protocol)) {
|
||||
// Ensure we support TLSv1.3
|
||||
assumeTrue(SslProvider.isTlsv13Supported(provider));
|
||||
}
|
||||
BlockingQueue<Object> clientEventQueue = new LinkedBlockingQueue<Object>();
|
||||
BlockingQueue<Object> serverEventQueue = new LinkedBlockingQueue<Object>();
|
||||
|
||||
|
@ -151,11 +151,40 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
|
||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||
// we need to provide a cert.
|
||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void invalidateSessionsAndAssert(SSLSessionContext context) {
|
||||
// Not supported by conscrypt
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCache() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCache();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheTimeout() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheTimeout();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheSize() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheSize();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||
|
@ -157,6 +157,35 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
|
||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||
// we need to provide a cert.
|
||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCache() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCache();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheTimeout() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheTimeout();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheSize() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheSize();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||
|
@ -143,6 +143,27 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
|
||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCache() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCache();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheTimeout() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheTimeout();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheSize() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheSize();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void invalidateSessionsAndAssert(SSLSessionContext context) {
|
||||
// Not supported by conscrypt
|
||||
|
@ -1381,6 +1381,14 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||
// we need to provide a cert.
|
||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SslProvider sslClientProvider() {
|
||||
return SslProvider.OPENSSL;
|
||||
@ -1425,14 +1433,29 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
return context;
|
||||
}
|
||||
|
||||
@Test
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCache() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCache();
|
||||
assertSessionContext(clientSslCtx);
|
||||
assertSessionContext(serverSslCtx);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheTimeout() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheTimeout();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheSize() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheSize();
|
||||
}
|
||||
|
||||
private static void assertSessionContext(SslContext context) {
|
||||
if (context == null) {
|
||||
return;
|
||||
|
@ -142,6 +142,35 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
|
||||
super.testSessionLocalWhenNonMutualWithKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
|
||||
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
|
||||
// we need to provide a cert.
|
||||
assumeTrue(OpenSsl.supportsKeyManagerFactory());
|
||||
super.testSessionLocalWhenNonMutualWithoutKeyManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCache() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCache();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheTimeout() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheTimeout();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSessionCacheSize() throws Exception {
|
||||
assumeTrue(OpenSsl.isSessionCacheSupported());
|
||||
super.testSessionCacheSize();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SSLEngine wrapEngine(SSLEngine engine) {
|
||||
return Java8SslTestUtils.wrapSSLEngineForTesting(engine);
|
||||
|
@ -526,6 +526,7 @@ public abstract class SSLEngineTest {
|
||||
@Test(expected = SSLHandshakeException.class)
|
||||
public void testIncompatibleCiphers() throws Exception {
|
||||
assumeTrue(SslProvider.isTlsv13Supported(sslClientProvider()));
|
||||
assumeTrue(SslProvider.isTlsv13Supported(sslServerProvider()));
|
||||
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
// Select a mandatory cipher from the TLSv1.2 RFC https://www.ietf.org/rfc/rfc5246.txt so handshakes won't fail
|
||||
|
@ -18,6 +18,7 @@ package io.netty.handler.ssl;
|
||||
import io.netty.buffer.UnpooledByteBufAllocator;
|
||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||
import io.netty.util.CharsetUtil;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Assume;
|
||||
import org.junit.Test;
|
||||
|
||||
@ -102,6 +103,7 @@ public class SslContextBuilderTest {
|
||||
@Test
|
||||
public void testContextFromManagersOpenssl() throws Exception {
|
||||
Assume.assumeTrue(OpenSsl.isAvailable());
|
||||
Assume.assumeTrue(OpenSsl.useKeyManagerFactory());
|
||||
testContextFromManagers(SslProvider.OPENSSL);
|
||||
}
|
||||
|
||||
|
16
pom.xml
16
pom.xml
@ -68,20 +68,6 @@
|
||||
</developers>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>not_x86_64</id>
|
||||
<activation>
|
||||
<os>
|
||||
<arch>!x86_64</arch>
|
||||
</os>
|
||||
</activation>
|
||||
<properties>
|
||||
<!-- Use no classifier as we only support x86_64 atm-->
|
||||
<tcnative.classifier />
|
||||
<skipShadingTestsuite>true</skipShadingTestsuite>
|
||||
</properties>
|
||||
</profile>
|
||||
|
||||
<!-- Detect if we use GraalVM and if so enable the native image testsuite -->
|
||||
<profile>
|
||||
<id>graal</id>
|
||||
@ -381,7 +367,7 @@
|
||||
<!-- keep in sync with PlatformDependent#ALLOWED_LINUX_OS_CLASSIFIERS -->
|
||||
<os.detection.classifierWithLikes>fedora,suse,arch</os.detection.classifierWithLikes>
|
||||
<tcnative.artifactId>netty-tcnative</tcnative.artifactId>
|
||||
<tcnative.version>2.0.38.Final</tcnative.version>
|
||||
<tcnative.version>2.0.39.Final</tcnative.version>
|
||||
<tcnative.classifier>${os.detected.classifier}</tcnative.classifier>
|
||||
<conscrypt.groupId>org.conscrypt</conscrypt.groupId>
|
||||
<conscrypt.artifactId>conscrypt-openjdk-uber</conscrypt.artifactId>
|
||||
|
Loading…
Reference in New Issue
Block a user