Details
Improvement
Major
Description
We should provide some examples of running Solr+Jetty with SSL enabled, and have some basic tests using jetty over SSL
Issue Links
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
revised patch...
- fixes nocommit by randomizing when we use SSL (50%)
- only randomize SSL if none of the ssl related properties have already been explicitly set
- improve cleanup of properties that get set when randomizing ssl
- if the random logic decides to use ssl, then 50% of the time randomly require client auth
The client auth changes make this patch dependent on the changes in SOLR-4451 (using SystemDefaultHttpClient so solrj's httpclient pays attention to the javax.* props)
there is still a TODO about promoting the SSL randomization code up into SolrJettyTestBase, but i think it would be best to commit as is and let it soak for a few days and see if anyone notices problems running tests before randomizing SSL across all jetty related tests.
minor improvement based on something that haunted me in my dreams: don't silently ignore the choice to ignore ssl if the keystore doesn't exist – instead fail the test.
Committed revision 1445971.
current state commited to trunk. my plan is to let this soak for a few days, make sure there no weird problems show up from using/setting these javax.* sys properties on any systems i don't have personal access to.
assuming all goes well, i'll refactor the SSL randomization up to SolrJettyTestBase and merge back to 4x.
[trunk commit] Chris M. Hostetter
http://svn.apache.org/viewvc?view=revision&revision=1445971
SOLR-4394: Tests and example configs demonstrating SSL with both server and client certs
Phase #2: promotes SSL randomization logic up to SolrJettyTestBase so all (non-distributed) jetty tests now randomly use SSL.
i think this is solid, and ready to commit & backport to 4x
phase#2 patch committed to trunk: r1447885
CHANGES.txt updated on trunk to reflect 4x backmerge: r1447952
merge r1445971 + r1447885 + r1447952 to 4x: r1447956
[branch_4x commit] Chris M. Hostetter
http://svn.apache.org/viewvc?view=revision&revision=1447956
SOLR-4394: Tests and example configs demonstrating SSL with both server and client certs (merge r1445971 + r1447885 + r1447952)
[trunk commit] Chris M. Hostetter
http://svn.apache.org/viewvc?view=revision&revision=1447952
SOLR-4394: move CHANGES entry in prep for backporting
[trunk commit] Chris M. Hostetter
http://svn.apache.org/viewvc?view=revision&revision=1447885
SOLR-4394: phase 2, promoted SSL randomization logic up to SolrJettyTestBase
Hi Hoss Man,
Since the commit in the branch 4x, I have some trouble to run my unit tests which extends the SolrJettyTestBase.
The TEST_KEYSTORE variable initialization is crashing with an NPE in the loop:
static String determineSourceHome() { // ugly, ugly hack to determine the example home without depending on the CWD // this is needed for example/multicore tests which reside outside the classpath File file; try { file = new File("solr/conf"); if (!file.exists()) { file = new File(Thread.currentThread().getContextClassLoader().getResource("solr/conf").toURI()); } } catch (Exception e) { // If there is no "solr/conf" in the classpath, fall back to searching from the current directory. file = new File("."); } File base = file.getAbsoluteFile(); while (!new File(base, "solr/CHANGES.txt").exists()) { base = base.getParentFile(); } return new File(base, "solr/").getAbsolutePath(); }
Could you please create a public function getKeyStore that I could bypass like the getSolrHome function ?
Closed after release.
Patch with the basics. After applying this patch you need to run the following commends to generate the keystore...
(The keystore file can be committed in SVN, but as a binary file it can't be part of hte patch)
There is still a nocommit to randomize if/when we use SSL, and also some TODOs – in particular arround whether we ant to consider promoting the SSL test logic up to SolrJettyTestBase so it's (randomly) used in more tests, but i wanted to put this out there as a starting point for discussion. (and because i'm going offline for a week on vacation and i don't wnat to lose track of what i was doing)
If/when we get basics like this committed, we can then move towards some SSL related cloud tests for
SOLR-3854