|Re: [servlet-dev] TCK question about integration/sec/secbasicssl/Client.java#test_request_attributes test strategy vs requestAttributes.jsp check for no certificates...|
Reading the specification, the third attribute expected is SSL session id and not a SSL certificate. As per the comments in the test itself , there is no client certificate authentication involved in the test hence the test should fail if certificates are present.
The third attribute SSL session id was added in Servlet 3.0  (section 3.10), the test has assertion text from Servlet 2.3  (section 4.7) which mentions only the first two attributes.
The test strategy and test should be updated to check for SSL session id.
Back to the top