Fixed SSL server_name extension value#1040
Conversation
quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
Outdated
Show resolved
Hide resolved
|
@the-thing thank you for the PR. |
|
The problem is that for certain test cases you can't use "localhost", because JVM will not populate it and you will not able to make certain assertions. The tests will run on any environment, but the assumption assumeLocalhostAliasAvailable() will skip the test if the condition is not met - so no failures. To be sure it runs on all the environments without skipping there would have to be some maven script that adds a custom host, which supports different operating systems and has sudo rights. This might be a problem. This is probably one of the few examples where conditional tests make sense. Also maybe there is some custom Java SSL implementation that allows you mocking behaviors, but I wouldn't even go that way. |
|
I can't think of anything that is cleaner to what I did, but if you have a suggestion I will rewrite it. As a last resort we could completely remove tests requiring this extra domain and replace it with a unit test for initiator ssl filter, but a lot of value in end to end test will be lost. |
|
Would this work: https://stackoverflow.com/a/74250879/4962355 ? |
the-thing
force-pushed
the
sni-proxy
branch
from
8a96dc1 to
d562fd6
Compare
chrjohn
changed the title
server_name extension value
|
It works. Seems like caching DNS is easier than I thought. Thanks. |
Cool, thanks for letting me know. |
the-thing
force-pushed
the
sni-proxy
branch
2 times, most recently
from
9d774f8 to
d5a3c19
Compare
the-thing
force-pushed
the
sni-proxy
branch
from
d5a3c19 to
33176b6
Compare
|
@the-thing , there are failures on Windows with JDK 11 and 21 in this test: Do you think this is related to your latest changes? Although the test was not changed AFAICT (the diff is not really helpful). |
|
Not sure yet. Checking on another branch. If so, then only related to this DNS cache. |
Maybe it does help to |
|
Doing install / uninstall, before and after every test. Lets see. https://github.com/the-thing/quickfixj/actions/runs/17855159273 |
|
@the-thing thank you for your work on this, much appreciated 👍 |
|
Yes. Looks solid now. Thanks. |
|
Any comments? |
Hi there - I'll give it a try in our environment and let you know asap... Thanks for all the efforts so far! |
|
Hello @the-thing, successfully tested the patch and works as expected - thanks a lot for the efforts. We have back ported the fix to the current release version for testing. May I kindly ask whether you also plan to back port and release a 2.3.3 version? |
|
Thanks for checking. I wasn't planning to. It might be hard to cherry pick this for 2.3.3 due to MINA differences and most likely it will require to be applied manually again. You can always try to test the nightly build after this change is merged. |
|
@the-thing the 2.2.x MINA changes were part of the QFJ 2.3.2 release, so it should be possible to cherry-pick this without problems. I can do it if you want. |
|
I have provided a backport for 2.3.x in #1049. It would be great, if this change could be part of future 2.3.x releases. |
4 participants
Fixes #1036
Two new properties added
UseSNIandSNIHostName. WhenUseSNI=Ythen eitherSNIHostNamewill be used orSocketConnectHost/SocketConnectHost<n>. WhenUseSNI=Nthe JVM will decide what to set which most likely beSocketConnectHost. Will work for proxies as well.There is only one
SNIHostNameproperty even for multiple connect hosts, but it the future it might be required to add support forSNIHostName<n>similar toSocketConnectHost<n>. Lets see if there is a need in there future.