Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix SSLContext pinning to TLSV1.2 in reload tests #38341

Merged
merged 1 commit into from
Feb 4, 2019
Merged

Fix SSLContext pinning to TLSV1.2 in reload tests #38341

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions ...in/core/src/test/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloaderTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ public void testReloadingKeyStore() throws Exception {
final Settings settings = Settings.builder()
.put("path.home", createTempDir())
.put("xpack.security.transport.ssl.keystore.path", keystorePath)
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.setSecureSettings(secureSettings)
.build();
final Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
Expand Down Expand Up @@ -149,6 +150,7 @@ public void testPEMKeyConfigReloading() throws Exception {
.put("xpack.security.transport.ssl.key", keyPath)
.put("xpack.security.transport.ssl.certificate", certPath)
.putList("xpack.security.transport.ssl.certificate_authorities", certPath.toString())
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.setSecureSettings(secureSettings)
.build();
final Environment env = randomBoolean() ? null :
Expand Down Expand Up @@ -193,7 +195,6 @@ public void testPEMKeyConfigReloading() throws Exception {
* Tests the reloading of SSLContext when the trust store is modified. The same store is used as a TrustStore (for the
* reloadable SSLContext used in the HTTPClient) and as a KeyStore for the MockWebServer
*/
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/38247")
public void testReloadingTrustStore() throws Exception {
assumeFalse("Can't run in a FIPS JVM", inFipsJvm());
Path tempDir = createTempDir();
Expand All @@ -206,6 +207,7 @@ public void testReloadingTrustStore() throws Exception {
secureSettings.setString("xpack.security.transport.ssl.truststore.secure_password", "testnode");
Settings settings = Settings.builder()
.put("xpack.security.transport.ssl.truststore.path", trustStorePath)
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.put("path.home", createTempDir())
.setSecureSettings(secureSettings)
.build();
Expand Down Expand Up @@ -241,10 +243,10 @@ public void testReloadingTrustStore() throws Exception {
validateSSLConfigurationIsReloaded(settings, env, trustMaterialPreChecks, modifier, trustMaterialPostChecks);
}
}

/**
* Test the reloading of SSLContext whose trust config is backed by PEM certificate files.
*/
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/38247")
public void testReloadingPEMTrustConfig() throws Exception {
Path tempDir = createTempDir();
Path serverCertPath = tempDir.resolve("testnode.crt");
Expand All @@ -257,6 +259,7 @@ public void testReloadingPEMTrustConfig() throws Exception {
Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode_updated.crt"), updatedCert);
Settings settings = Settings.builder()
.putList("xpack.security.transport.ssl.certificate_authorities", serverCertPath.toString())
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.put("path.home", createTempDir())
.build();
Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
Expand Down Expand Up @@ -305,6 +308,7 @@ public void testReloadingKeyStoreException() throws Exception {
secureSettings.setString("xpack.security.transport.ssl.keystore.secure_password", "testnode");
Settings settings = Settings.builder()
.put("xpack.security.transport.ssl.keystore.path", keystorePath)
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.setSecureSettings(secureSettings)
.put("path.home", createTempDir())
.build();
Expand Down Expand Up @@ -346,6 +350,7 @@ public void testReloadingPEMKeyConfigException() throws Exception {
.put("xpack.security.transport.ssl.key", keyPath)
.put("xpack.security.transport.ssl.certificate", certPath)
.putList("xpack.security.transport.ssl.certificate_authorities", certPath.toString(), clientCertPath.toString())
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.put("path.home", createTempDir())
.setSecureSettings(secureSettings)
.build();
Expand Down Expand Up @@ -381,6 +386,7 @@ public void testTrustStoreReloadException() throws Exception {
secureSettings.setString("xpack.security.transport.ssl.truststore.secure_password", "testnode");
Settings settings = Settings.builder()
.put("xpack.security.transport.ssl.truststore.path", trustStorePath)
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.put("path.home", createTempDir())
.setSecureSettings(secureSettings)
.build();
Expand Down Expand Up @@ -414,6 +420,7 @@ public void testPEMTrustReloadException() throws Exception {
Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
Settings settings = Settings.builder()
.putList("xpack.security.transport.ssl.certificate_authorities", clientCertPath.toString())
.put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2")
.put("path.home", createTempDir())
.build();
Environment env = randomBoolean() ? null : TestEnvironment.newEnvironment(settings);
Expand Down