Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [servlet-dev] TCK question about integration/sec/secbasicssl/ test strategy vs requestAttributes.jsp check for no certificates...
  • From: <Hussain.NM@xxxxxxxxxxxxx>
  • Date: Wed, 29 Sep 2021 02:29:32 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NvV8/f2EbwB6FbuCJKrBwhIGrGjXtFkP53BUQsbMWYc=; b=chOOiR7IP7QSOuVE927uD6BZnN9lzhblpox1ranbRF96mrxlHKsCLqfS+L5BwFJbHcL6fT6rglo6+eFvQMmyBJWhUPGDzjgNqPR7C8aYSKso75yrZfyLZBWEWDBFXv/Lu0PuqJMo2RJkUi5AuzfXnh02/7/MNnG+lDYag20pF3+8KgaLUnqrQ5lqr0+fDn31E18eyHlywtcsddKmvkHYPiRUgycCYjiZOGAIarlHeeqQu5pcWe+W2zqLKocWFVqrzl3idRPdjATrqQ11Mji8gw8eCelrDkK+EAnBvGJcJQfk1tTjrH0XcXgFzWMJBEgmrokPOKMbnzoSitgXHmTCwA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=O+kSSeoS7Xnb9BuLNVdawlRL5qX7cy170GAHDTkZyX9xV9IdYptYWuKYxNrMdwkM2soUhHRwQ19vJxYTaRKqQPXzC+XdjQbXbcQj5Z1cRF1PC8AmxBLOMVkPYLwjj9PVBoDN3iu0CLsbPCgMAU1uhUOHHSKhwH9tKd+Ggy/huceHBKwJ5oINpH4XneQld4mIiYddYX2/R/qY0Gy9+9yGa06mLZ4462YNojUCCo6Td6F+cSC10vB58dD2Jbsb9W6xT6l51iGdlITt1ueYuHp9oVq/rk2OPGxq+Jsgz9/yZIbNRbfGhaVCAc9gNVoIp7BmN8s53VVCPDcqTu2AOeUqqg==
  • Delivered-to: servlet-dev@xxxxxxxxxxx
  • List-archive: <>
  • List-help: <>
  • List-subscribe: <>, <>
  • List-unsubscribe: <>, <>
  • Thread-index: AQHXtM/cc7R0QN+uFUu+/oLZxCnkYKu6Q8xQ
  • Thread-topic: [servlet-dev] TCK question about integration/sec/secbasicssl/ test strategy vs requestAttributes.jsp check for no certificates...

Reading the specification[1], the third attribute expected is SSL session id and not a SSL certificate. As per the comments in the test itself [2], there is no client certificate authentication involved in the test hence the test should fail if certificates are present.


The third attribute SSL session id was added in Servlet 3.0 [3] (section 3.10), the test has assertion text from Servlet 2.3 [4] (section 4.7) which mentions only the first two attributes.


The test strategy and test should be updated to check for SSL session id.











This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.

Back to the top