3 files changed, 67 insertions, 0 deletions

diff --git a/java/test/IceSSL/certs/makecerts.py b/java/test/IceSSL/certs/makecerts.py
index c99ed267bc1..3aea85737c8 100755
--- a/java/test/IceSSL/certs/makecerts.py
+++ b/java/test/IceSSL/certs/makecerts.py
@@ -108,6 +108,17 @@ for x in certs:
         os.system("java -classpath ../../../../certs ImportKey " + p12  + " cert " + cacert + ".der " + ks + " password")
         os.remove(p12)
         print "Created " + ks
+        
+p12 = "cacert2.pfx"
+ks = "s_cacert2.jks"
+if force or not os.path.exists(ks):
+    cert = os.path.join(cppcerts, "cacert2.pem")
+    key = os.path.join(cppcerts, "cakey2.pem")
+    os.system("openssl pkcs12 -in " + cert + " -inkey " + key + " -export -out " + p12 + \
+              " -name cert -passout pass:password -certfile " + cert)
+    os.system("java -classpath ../../../../certs ImportKey " + p12  + " cert cacert2.der " + ks + " password")
+    os.remove(p12)
+    print "Created " + ks
 
 #
 # Create a keystore that contains both RSA and DSS certificates.
diff --git a/java/test/IceSSL/certs/s_cacert2.jks b/java/test/IceSSL/certs/s_cacert2.jks
new file mode 100644
index 00000000000..7d55050b1a5
--- /dev/null
+++ b/java/test/IceSSL/certs/s_cacert2.jks
diff --git a/java/test/IceSSL/configuration/AllTests.java b/java/test/IceSSL/configuration/AllTests.java
index fbc290db790..64ecac628ff 100644
--- a/java/test/IceSSL/configuration/AllTests.java
+++ b/java/test/IceSSL/configuration/AllTests.java
@@ -281,6 +281,62 @@ public class AllTests
             }
             fact.destroyServer(server);
             comm.destroy();
+            
+            //
+            // This should succeed because the self signed certificate used by the server is
+            // trusted.
+            //
+            initData = createClientProps(defaultProperties, defaultDir, defaultHost);
+            initData.properties.setProperty("IceSSL.VerifyPeer", "1");
+            initData.properties.setProperty("IceSSL.Truststore", "cacert2.jks");
+            comm = Ice.Util.initialize(args, initData);
+            fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
+            test(fact != null);
+            d = createServerProps(defaultProperties, defaultDir, defaultHost);
+            d.put("IceSSL.Keystore", "s_cacert2.jks");
+            d.put("IceSSL.Password", "password");
+            d.put("IceSSL.VerifyPeer", "0");
+            server = fact.createServer(d);
+            try
+            {
+                server.ice_ping();
+            }
+            catch(Ice.LocalException ex)
+            {
+                test(false);
+            }
+            fact.destroyServer(server);
+            comm.destroy();
+            
+            //
+            // This should fail because the self signed certificate used by the server is not
+            // trusted.
+            //
+            initData = createClientProps(defaultProperties, defaultDir, defaultHost);
+            initData.properties.setProperty("IceSSL.VerifyPeer", "1");
+            comm = Ice.Util.initialize(args, initData);
+            fact = ServerFactoryPrxHelper.checkedCast(comm.stringToProxy(factoryRef));
+            test(fact != null);
+            d = createServerProps(defaultProperties, defaultDir, defaultHost);
+            d.put("IceSSL.Keystore", "s_cacert2.jks");
+            d.put("IceSSL.Password", "password");
+            d.put("IceSSL.VerifyPeer", "0");
+            server = fact.createServer(d);
+            try
+            {
+                server.ice_ping();
+                test(false);
+            }
+            catch(Ice.SecurityException ex)
+            {
+                // Expected.
+            }
+            catch(Ice.LocalException ex)
+            {
+                test(false);
+            }
+            fact.destroyServer(server);
+            comm.destroy();
 
             //
             // Test IceSSL.VerifyPeer=1. Client has a certificate.