Closed nmburgan closed 2 years ago
This is failing because Travis is using an OpenJDK8 version that is too old. We need at least version 262, I think.
I couldn't find how to update Travis' openjdk8 build. What did you find?
something like this: https://stackoverflow.com/questions/29636754/can-you-specify-minor-jdk-version-for-travis-ci/30143945
I tried updating the dist
in the Travis config (see https://github.com/puppetlabs/clj-http-client/pull/88), but bionic apparently uses an even older Java 8 build and focal apparently refuses to install Java 8 in the first place. 🙃
I think that's failing because something small changed in a java update and now this macro isn't quite right: https://github.com/puppetlabs/clj-http-client/blob/main/test/puppetlabs/http/client/sync_ssl_test.clj#L128-L143
(PE-33177) Update ClientOptions default SSL protocols
This updates the DEFAULT_SSL_PROTOCOLS variable to TLSv1.2 and TLSv1.3, to be in line with the desired defaults used in Puppet and PE.
(PE-33177) Update exception handling in sync_ssl_test for clojure sync client
The clojure sync client now throws a ConnectionClosedException, rather than an SSLException, when a connection can't be established due to no valid protocols. This happens in the latest Java 11 versions, but older Java 11 versions (e.g. 11.0.2 used by Travis) still throws an SSLHandshakeException. This commit changes java-unsupported-protocol-exception? to be able to handle both of these cases.
Note that there still seems to be cases where ConnectionClosedException is picked up by the HttpClientException block (using the Java sync client) and some cases where it isn't (Clojure sync client).
(PE-33177) Update CHANGELOG and bump project version
Creating a new major since this removes TLSv1 and TLSv1.1 from the defaults.
(PE-33177) Update Travis to use more recent builds for java 8 and 11
The versions of Java Travis has pre-installed are pretty old. The sync_ssl_test is looking for particular exceptions that have changed since these old versions. This changes the instructions for Travis to install OpenJDK from the Ubuntu repos, which are more up to date (though still not latest).
This also modifies the jobs to run in parallel, rather than sequentially, since they don't depend on each other. This wil save some time.