SSLContext.getInstance("TLS") by default behaves differently on IBM
JDK than on Oracle or OpenJDK.[1] On IBM JDK one gets sockets that
have only TLSv1 enabled, which makes HTTPS connections fail since most
servers refuse this old protocol version. On Oracle JDK/OpenJDK, one
gets sockets with all available protocol versions enabled.
Explicitly enable all available TLS protocol versions to make
HTTPS connections work also on IBM JDK.
[1] https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html#matchsslcontext_tls
Bug: 558709
Change-Id: I5ffc57a78e67a6239b9dad54840a49a8ed28930a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Since [1] the gerrit project includes jgit as a submodule, and has this
warning enabled, resulting in 100s of warnings in the console.
Also enable the warning here, and fix them.
At the same time, add missing braces around adjacent and nearby one-line
blocks.
[1] https://gerrit-review.googlesource.com/c/gerrit/+/227897
Change-Id: I81df3fc7ed6eedf6874ce1a3bedfa727a1897e4c
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
Add a credentials provider that forwards to the java.net.Authenticator.
Needed to support proxies requiring authentication.
Bug: 549832
Change-Id: I181ee27a6c9f1b3fa402ce58affdd5ff3f7c96c9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Factor out the test parameterization to use both connection factories
into a common super class and use it in more tests.
This made HttpClientTests.testV2HttpSubsequentResponse() fail for
Apache HTTP. The test used the pattern
- create POST connection
- setDoOutput(true)
- connect()
- write output stream
- get & read input stream
This pattern is never used in JGit, which actually calls connect() only
in one case in LFS, and that's on a HEAD request.
The above pattern works on JDK, but fails on Apache HTTP because with
Apache HTTP a connect() actually executes the full request including
writing the entity. To work with Apache HTTP, the pattern would need
to be
- create POST connection
- setDoOutput(true)
- write output stream
- connect()
- get & read input stream
which is fine for both. JDK connects implicitly in getOutputStream()
and treats the later explicit connect() as a no-op, and Apache works
because the entity is written when connect() is called.
Because JDK connects implicitly on getOutputStream(), the following
pattern also works with JDK:
- create POST connection
- setDoOutput(true)
- write output stream
- get & read input stream
Support this with Apache HTTP too: let getInputStream() execute
the request if it wasn't executed already.
Remove explicit connect() calls from test code, since JGit doesn't do
those either.
Change-Id: Ica038c00a7b8edcc01d5660d18e961146305b87f
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Matthias Sohn
Thomas Wolf
David Pursehouse