Re: [VOTE] Release Apache Tomcat 7.0.71

Konstantin Kolinko Fri, 09 Sep 2016 14:37:35 -0700

2016-09-07 14:00 GMT+03:00 Violeta Georgieva <violet...@apache.org>:
> The proposed Apache Tomcat 7.0.71 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.71/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1094/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_71/
>


> The proposed 7.0.71 release is:
> [X] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.71 Stable


1. Good news:
============

All tests with various java versions (6u45, 7u80, 8u102)  x all
connectors (bio, nio, apr) - OK   Tested with 32-bit JDKs on Windows.
I am ignoring the following failures with 6u45 -
TEST-org.apache.catalina.startup.TestHostConfigAutomaticDeployment.NIO.txt
TEST-org.apache.catalina.startup.TestHostConfigAutomaticDeployment.BIO.txt
TEST-org.apache.catalina.startup.TestHostConfigAutomaticDeployment.APR.txt
TEST-org.apache.tomcat.util.net.TestSsl.APR.txt

TestHostConfigAutomaticDeployment with Java 6u45:
It is known issue with Java 6u45 on Windows caused Java locking jar
(war) files that cannot be renamed. Fixed in Java 7.

TestSsl with Java 6u45:
[[[
Testcase: testSimpleSsl took 4,239 sec
    Caused an ERROR
java.lang.RuntimeException: Could not generate DH keypair
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not
generate DH keypair
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708)
    at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691)
    at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222)
    at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
    at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
    at 
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:651)
    at 
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:625)
    at 
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:619)
    at 
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:608)
    at 
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:602)
    at org.apache.tomcat.util.net.TestSsl.testSimpleSsl(TestSsl.java:62)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
    at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:114)
    at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559)
    at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
    at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
    at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
Caused by: java.security.InvalidAlgorithmParameterException: Prime
size must be multiple of 64, and can only range from 512 to 1024
(inclusive)
    at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..)
    at 
java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)
    at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:107)
]]]

I do not remember seeing it earlier, but as this error is at client
side of a test connection and as the test successfully runs with Java
7 and later I am not very concerned.

The following documentation update in Tomcat 8 explains this "Prime
size must be multiple of 64" issue (see the text added to
ssl-howto.xml).  Maybe add this text to Tomcat 7 documentation as
well?
http://svn.apache.org/viewvc?view=revision&revision=1681703

2. Bad news:
=========

Smoke testing fails:

Running with SecurityManager enabled is broken. Jasper fails to
initialize and none of JSP pages work.

I filed the details into Bugzilla:
https://bz.apache.org/bugzilla/show_bug.cgi?id=60101

I think this is a showstopper. That said, this build is usable when
SecurityManager is not enabled.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.71

Reply via email to