|Re: [servlet-dev] TCK question about integration/sec/secbasicssl/Client.java#test_request_attributes test strategy vs requestAttributes.jsp check for no certificates...|
Reading the specification, the third attribute expected is SSL session id and not a SSL certificate. As per the comments in the test itself , there is no client certificate authentication involved in the test hence the test should fail if certificates are present.
The third attribute SSL session id was added in Servlet 3.0  (section 3.10), the test has assertion text from Servlet 2.3  (section 4.7) which mentions only the first two attributes.
The test strategy and test should be updated to check for SSL session id.
I happen to also be seeing a (EE 9.1) failure due to the "verify
SSL certificate attribute" check. Just to confirm, we should add
a check of the third attribute SSL session id but still fail the
test if the certificates are present?
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
_______________________________________________ servlet-dev mailing list servlet-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev
Back to the top