[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [servlet-dev] TCK question about integration/sec/secbasicssl/Client.java#test_request_attributes test strategy vs requestAttributes.jsp check for no certificates...
|
Reading
the specification[1], the third attribute expected is SSL
session id and not a SSL certificate. As per the comments
in the test itself [2], there is no client certificate
authentication involved in the test hence the test should
fail if certificates are present.
The
third attribute SSL session id was added in Servlet 3.0
[3] (section 3.10), the test has assertion text from
Servlet 2.3 [4] (section 4.7) which mentions only the
first two attributes.
The
test strategy and test should be updated to check for SSL
session id.
I happen to also be seeing a (EE 9.1) failure due to the "verify
SSL certificate attribute" check. Just to confirm, we should add
a check of the third attribute SSL session id but still fail the
test if the certificates are present?
Thanks,
Scott
This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may contain confidential and
privileged information. If you are not the intended recipient(s),
please reply to the sender and destroy all copies of the original
message. Any unauthorized review, use, disclosure, dissemination,
forwarding, printing or copying of this email, and/or any action
taken in reliance on the contents of this e-mail is strictly
prohibited and may be unlawful. Where permitted by applicable law,
this e-mail and other e-mail communications sent to and from
Cognizant e-mail addresses may be monitored.
_______________________________________________
servlet-dev mailing list
servlet-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev