On Thu, Jan 15, 2026 at 2:13 PM Dimitris Soumis <[email protected]> wrote: > > On Thu, Jan 15, 2026 at 1:26 AM Rémy Maucherat <[email protected]> wrote: >> >> On Wed, Jan 14, 2026 at 9:03 PM Mark Thomas <[email protected]> wrote: >> > >> > All, >> > >> > I wanted to provide a progress update as I expected to be in a position >> > to start tagging the January release by now and I'm not. >> > >> > Most of the release preparation is done: >> > - dependencies have been reviewed and updated where necessary >> > - i18n sync with POEditor is complete >> > - open bugs have been resolved >> > - there are a couple of PRs I hoped to merge this time around that will >> > have to wait until Feb but there are for enhancements rather than bugs >> > - The Tomcat Native updates are complete >> > - The TLS 1.3 configuration updates are complete >> > >> > The OCSP protocol updates are where the delay is. >> > >> > I think everything is working for 10.1.x, 11.0.x and 12.0.x although I >> > do want to complete my usual run of the test suites on Windows, Linux >> > and MacOS before tagging and they might expose a bug or two. >> > >> > The challenge at the moment is 9.0.x and APR. The TestOscpEnabled test >> > case is seeing a LOT of failures and I don't understand why at this >> > point. It is getting late here so I probably need to start fresh >> > tomorrow. Most of the issues seem to be around the client verifying the >> > server certificate which is really odd since that code should be the >> > same regardless of Connector. >> > >> > I'm expecting the CI builds for 9.0.x to continue to fail for now but >> > hopefully 11.0.x will continue to pass and 10.1.x will start passing on >> > the next run. >> > >> > I've seen quite a Native few crashes over that last few days. Nothing >> > obviously repeatable at this point but as the test failures get fixed we >> > might start to see a pattern. We'll see. >> > >> > Hopefully, there will some progress tomorrow and we'll be in a position >> > to start tagging. >> > >> > If anyone does have some time available to look at the failing OCSP >> > tests with 9.0.x and APR that would be great but please don't feel you >> > have to. >> >> I'll look at it once I finish with my various FFM compat issues ... >> >> Rémy >> >> > Mark >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [email protected] >> > For additional commands, e-mail: [email protected] >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > I think there are two issues here. > Firstly, removing the truststore file when useOpenSSLTrust is enabled. > Secondly, when the server cert is invalid, the certificate should point to > the revoked one instead of the default CA_CERT_PEM in TesterSupport.initSsl.
Yes, I'm also seeing the tests are simply different (APR right now always uses a truststrore, which is not always the case for NIO/OpenSSL, and so on). Also the certificate verification callback is invoked more often with different results, but that may come from that setup difference. Rémy > I am attaching a draft patch, fixing those issues and resulting in all tests > passing. > The patch breaks something, as I see > TestOcspTimeout.testTimeoutWithoutSoftFail fails. I will look into it later. > > Dimitris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
