[8u] TLSv1.3 RFR: 8251478: Backport TLSv1.3 regression tests to JDK8u

Martin Balao mbalao at redhat.com
Thu Aug 27 20:53:23 UTC 2020


Hi,

On 8/27/20 5:33 PM, Alexey Bakhtin wrote:
> You are right. Thank you.
> test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java test can be enabled now. Fixed by removing @ignore annotation.
> 
> New Webrev : http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8251478/webrev.v4/
> 

Step 15 - 8251478 has a set of changes required for tests from JDK
11.0.7 to pass in 8u and jtreg '@modules' tags removed (which are N/A
for 8u).

 * test/javax/net/ssl/FixingJavadocs/ComURLNulls.java (modified)
  * Ok. 8074531 is not in 8u. This change reverts to the previous test
getServerCertificateChain use and removes the modules jtreg header.
 * test/javax/net/ssl/FixingJavadocs/SSLSessionNulls.java (modified)
  * Ok
 * test/javax/net/ssl/SSLSession/RenegotiateTLS13.java (modified)
  * Ok
 * test/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java (modified)
  * Ok
 * test/javax/net/ssl/SSLSocket/InputStreamClosure.java (modified)
  * Ok
 * test/javax/net/ssl/SSLSocket/OutputStreamClosure.java (modified)
  * Ok
 * test/javax/net/ssl/SSLSocket/Tls13PacketSize.java (modified)
  * Ok
 * test/javax/net/ssl/Stapling/HttpsUrlConnClient.java (modified)
  * Ok
 * test/javax/net/ssl/Stapling/SSLEngineWithStapling.java (modified)
  * Ok
 * test/javax/net/ssl/Stapling/SSLSocketWithStapling.java (modified)
  * Ok
 * test/javax/net/ssl/Stapling/StapleEnableProps.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSClientPropertyTest.java (modified)
  * Ok, TLSv1.3 is disabled by default for clients
 * test/javax/net/ssl/TLS/TLSDataExchangeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSEnginesClosureTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSHandshakeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSMFLNTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSNotEnabledRC4Test.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSRehandshakeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TestJSSEClientProtocol.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TestJSSENoCommonProtocols.java (modified)
  * Ok
 * test/javax/net/ssl/TLS/TestJSSEServerProtocol.java (modified)
  * Ok
 * test/javax/net/ssl/TLSCommon/Protocol.java (modified)
  * Ok
 * test/javax/net/ssl/TLSCommon/RehandshakeWithCipherChangeTest.java
(modified)
  * Ok
 * test/javax/net/ssl/TLSCommon/RehandshakeWithDataExTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSCommon/SSLEngineTestCase.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSDataExchangeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSEnginesClosureTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSHandshakeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSMFLNTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSRehandshakeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java
(modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/ExportableBlockCipher.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/ExportableStreamCipher.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSDataExchangeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSEnginesClosureTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSHandshakeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSMFLNTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSRehandshakeTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java
(modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java (modified)
  * Ok
 * test/javax/net/ssl/TLSv12/TLSEnginesClosureTest.java (modified)
  * Ok
 * test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java (modified)
  * Ok
 * test/javax/net/ssl/ciphersuites/ECCurvesconstraints.java (modified)
  * Ok
 * test/javax/net/ssl/interop/ClientHelloBufferUnderflowException.java
(modified)
  * Ok
 * test/javax/net/ssl/interop/ClientHelloChromeInterOp.java (modified)
  * Ok
 * test/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java (modified)
  * Ok
 * test/javax/net/ssl/templates/SSLContextTemplate.java (modified)
  * Ok, only default methods allowed in 8u interface
 * test/javax/net/ssl/templates/SSLSocketTemplate.java (modified)
  * Ok
 * test/sun/net/www/protocol/https/HttpsClient/ProxyAuthTest.java (modified)
  * Ok
 * test/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java
(modified)
  * Ok
 * test/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java
(modified)
  * Ok, same as before in 8u
 * test/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java
(modified)
  * Ok
 * test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java (modified)
  * Ok
 * test/sun/security/ssl/CertPathRestrictions/TLSRestrictions.java
(modified)
  * Ok
 * test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java (modified)
  * Ok
 * test/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java (modified)
  * Ok
 *
test/sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java
(modified)
  * Ok, TLSv1.3 is not by default enabled for clients
 * test/sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java
(modified)
  * Ok, TLSv1.3 is not by default enabled for clients
 * test/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java (modified)
  * Ok
 * test/sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java (modified)
  * Ok
 * test/sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java (modified)
  * Ok
 * test/sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java (modified)
  * Ok
 * test/sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java (modified)
  * Ok
 *
test/sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java
(modified)
  * Ok
 * test/sun/security/ssl/Stapling/StatusResponseManager.java (deleted)
  * Ok, in 8u we build the JAR with a script
 * test/sun/security/ssl/Stapling/StatusResponseManager.sh (new)
  * Ok, in 8u we build the JAR with a script
 * test/sun/security/ssl/X509TrustManagerImpl/ClientServer.java (modified)
  * Ok
 * test/sun/security/ssl/X509TrustManagerImpl/Symantec/Distrust.java
(modified)
  * Ok
 * test/sun/security/ssl/internal/TestRun.java (deleted)
  * Ok, in 8u we build the JAR with a script
 * test/sun/security/ssl/internal/TestRun.sh (new)
  * Ok, in 8u we build the JAR with a script
 *
test/sun/security/provider/certpath/Extensions/OCSPNonceExtensionTests.java
(modified)
  * Ok
 * test/sun/security/provider/certpath/ResponderId/ResponderIdTests.java
(modified)
  * Ok

In addition to the static analysis, I ran the tests of the following
categories (SSL-related):

 * sun/security/ssl
 * javax/net/ssl
 * sun/net/www/protocol/https
 * sun/security/pkcs11
 * sun/security/provider/certpath
 * com/sun/net/ssl

Per-category analysis of tests:

 * sun/security/ssl
  * Test results: passed: 94; failed: 1; error: 3
  * Failures/errors:
   * sun/security/ssl/SSLSocketImpl/ClientTimeout.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * sun/security/ssl/SSLSocketImpl/NonAutoClose.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * sun/security/ssl/SSLSocketImpl/SetClientMode.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java
    * Ok, failed in Webrev.02 but passed in Webrev.03

 * javax/net/ssl
  * Test results: passed: 120; failed: 1; error: 9
  * Failures/errors:
   * javax/net/ssl/compatibility/Compatibility.java
    * Fails in 11.0.7 so this is not a regression - not available in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLEngine/Basics.java
    * Fails in 11.0.7 and in jdk8u272-b01 (old SunJSSE engine) so this
is not a regression
   * javax/net/ssl/SSLEngine/CheckStatus.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLEngine/ConnectionTest.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLEngine/EngineCloseOnAlert.java
    * Fails in 11.0.7 so this is not a regression - not available in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java
    * Fails in 11.0.7 so this is not a regression - not available in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLEngine/IllegalRecordVersion.java
    * Fails in 11.0.7 so this is not a regression - passing in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLEngine/TestAllSuites.java
    * Fails in 11.0.7 so this is not a regression - not available in
jdk8u272-b01 (old SunJSSE engine)
   * javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java
    * Fails in 11.0.7 so this is not a regression - not available in
jdk8u272-b01 (old SunJSSE engine)

 * sun/net/www/protocol/https
  * Test results: passed: 27; error: 1
  * Failures/errors:
   * sun/net/www/protocol/https/HttpsURLConnection/CloseKeepAliveCached.java
    * Fails in 11.0.7 and in jdk8u272-b01 (old SunJSSE engine) so this
is not a regression

 * sun/security/pkcs11
  * Test results: passed: 65; failed: 5; error: 1
  * Failures/errors:
   * sun/security/pkcs11/ec/TestKeyFactory.java
    * Fails in 11.0.7 and in jdk8u272-b01 (old SunJSSE engine) so this
is not a regression
   * sun/security/pkcs11/fips/ClientJSSEServerJSSE.java
    * Ok, 'ignore' label removed in Webrev.04 and test passes as in 11.0.7
   * sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
    * Fails in 11.0.7 and in jdk8u272-b01 (old SunJSSE engine) so this
is not a regression
   * sun/security/pkcs11/Secmod/GetPrivateKey.java
    * Failed in my initial batch run and passed when run standalone.
Does not seem to be a TLS issue anyways. Ok.
   * sun/security/pkcs11/Secmod/JksSetPrivateKey.java
    * Failed in my initial batch run and passed when run standalone.
Does not seem to be a TLS issue anyways. Ok.
   * sun/security/pkcs11/tls/TestKeyMaterial.java
    * Fails in 11.0.7 and in jdk8u272-b01 (old SunJSSE engine) so this
is not a regression

 * sun/security/provider/certpath
  * Test results: passed: 11

 * com/sun/net/ssl
  * Test results: passed: 2

I ran all SSL-related tests and observed no regressions.

The following comments are part of this review: [1] [2] [3].

With that said, Webrev.04 looks good to me.

Thanks,
Martin.-

--
[1] -
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012523.html
[2] -
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012550.html
[3] -
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012565.html



More information about the jdk8u-dev mailing list