Re: [servlet-dev] TCK question about integration/sec/secbasicssl/Client.

[Scott Marlow <smarlow@xxxxxxxxxx>]

Thanks Hussain for the answers regarding this test! 

Scott

On 9/29/21 11:55 PM, Hussain.NM@xxxxxxxxxxxxx wrote:

I happen to also be seeing a (EE 9.1) failure due to the "verify SSL certificate attribute" check.  Just to confirm, we should add a check of the third attribute SSL session id but still fail the test if the certificates are present?

Yes, the check needs to be added and test needs to fail if certificates are present.

There is another set of test[1][2] which has client certificate authentication enabled and passes only if certificates are present.

This new check needs to be added to secbasicssl, clientcert and clientcertanno.

The spec assertion ID is Servlet:SPEC:26.4 [3] which is mentioned in clientcert and clientcertanno but is not tested.

Thanks

Hussain

 

[1] https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/spec/security/clientcert/ServletSecTestServlet.java

[2] https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/spec/security/clientcertanno/ServletSecTestServlet.java

[3] https://github.com/eclipse-ee4j/jakartaee-tck/blob/ce7b8d1cc9b429d9d1389effb2cb3516e3af84e2/internal/docs/servlet/ServletSpecAssertions.xml#L773-L777

 

This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.