Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [servlet-dev] TCK question about integration/sec/secbasicssl/ test strategy vs requestAttributes.jsp check for no certificates...

On 9/28/21 10:29 PM, Hussain.NM@xxxxxxxxxxxxx wrote:

Reading the specification[1], the third attribute expected is SSL session id and not a SSL certificate. As per the comments in the test itself [2], there is no client certificate authentication involved in the test hence the test should fail if certificates are present.


The third attribute SSL session id was added in Servlet 3.0 [3] (section 3.10), the test has assertion text from Servlet 2.3 [4] (section 4.7) which mentions only the first two attributes.


The test strategy and test should be updated to check for SSL session id.

I happen to also be seeing a (EE 9.1) failure due to the "verify SSL certificate attribute" check.  Just to confirm, we should add a check of the third attribute SSL session id but still fail the test if the certificates are present?


This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
servlet-dev mailing list
To unsubscribe from this list, visit

Back to the top