Skip to content

GitLab

Switch branch/tag
Find file BlameHistoryPermalink
  • Brian Carlstrom's avatar
    Use JSSE cipher suite names and restore JSSE SSLSessionContext semantics · 9acacc36
    Brian Carlstrom authored 
    Summary:
- Switch to using JSSE cipher suite names
- SSLSessionContext implementation cleanup
- Updated tests

Details:

Switch to using JSSE cipher suite names
- We maintain backward compatability for enabling cipher suites using
  OpenSSL names for old code that did so without checking for the
  presence of the names in the supported list.
- We now have a well defined list of the supported cipher suites which
  are sorted in priority order as specified in JSSE documentation so
  that callers doing:
     s.setEnabledCipherSuites(s.getSupportedCipherSuites())
  will get something reasonable.
- We now have a default cipher suite list that is chose to match RI
  behavior and priority, not based on OpenSSLs default and priorities.

    Details:
    - Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL
      mapping between naming conventions. STANDARD_TO_OPENSSL is a
      LinkedHashMap so enumerating it gives the proper order for
      SUPPORTED_CIPHER_SUITES.
    - SSL_get_ciphers and SSL_set_cipher_list are removed, we now use
      our own SSL_set_cipher_lists (defined seperately in
      external/openssl/patches/jsse.patch) to set the set and order of
      cipher suites. SSL_CTX_get_ciphers is also removed because we no
      longer rely on the OpenSSL for the default cipher suites
      behavior.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    Add cipherSuite and protocol field caches for native values,
    mapping the cipherSuite to a JSSE name from the OpenSSL name
    returned by SSL_SESSION_cipher.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    Fixed a long standing bug where we reused sessions found in the
    client host/port cache even if the old protocol and cipher suite
    where no longer compatible with what was specified by
    setEnabledCipherSuites and setProtocols.  Also fixed a recently
    introduced bug where lastAccessedTime was being set on a cached
    session even if it was not reused, found by fixed the above.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

Move most of SSLSessionContext implementation from subclasses to
AbstractSessionContext. This was primarily to align the
implementations of how different sessions id for the same host and
port were handled for RI compatability. client subclasses now focuses
on handling its host/port based cache and both deal with their own
persistent cache details.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

Tests

   Added some variants of assertSSLSessionContextSize to simplify tests code.
   Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of
   test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed
   test_SSLSessionContext_setSessionCacheSize_basic to
   test_SSLSessionContext_setSessionCacheSize_noConnect to match name
   of _oneConnect. _dynamic was cleaned up a bit as getting it working
   was the only goal of this change list. Fixed to filter
   SSL_RSA_EXPORT_ ciphers since our test certificate key length is
   too long for those. Lower test requirement to 3 unique cipher suites.

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

   Added checks that cipher suites and protocols have standard names.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

   Removing known failures related to cipher suite naming. Fixed bug
   of using assertNotNull instead of assertTrue. Added extra
   size/length check which would have found the
   assertNotNull/assertTrue issue.

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

   Fixing test the explicitly worked around broken cipher suite naming.

	luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java

   Updated standard cipher suites to RI 6 list, which also now
   specifies ordering, which we now align with.

	support/src/test/java/javax/net/ssl/StandardNames.java

Unrelated

   Remove more now obsolete jars from the test classpath

	run-core-tests

Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f
    9acacc36
run-core-tests 1.38 KB