Re: [VOTE] Release Apache Tomcat 8.5.30
Hi Emmanuel, Am 12.04.2018 um 07:59 schrieb Emmanuel Bourg: Le 12/04/2018 à 07:08, Rainer Jung a écrit : These errors are strange and not expected. With which version of tcnative was this tested, and which version of OpenSSL does that tcnative use? That was tcnative 1.2.16 with OpenSSL 1.1.0h thanks for the info and sorry for coming back to this so late. I could not reproduce the problem with these versions. Are you aware of any special build flags which were used for your OpenSSL 1.1.0h? Concentrating on the second test failure: > Testcase: testOpenSSLConfCmdProtocol took 0.008 sec > FAILED > Protocol TLSv1 is not allowed > junit.framework.AssertionFailedError: Protocol TLSv1 is not allowed > at org.apache.tomcat.util.net.openssl.TestOpenSSLConf.testOpenSSLConfCmdProtocol(TestOpenSSLConf.java:105) > ... I really do not understand How TLSv1 could be enabled if OpenSSLConf works at all. Are there any errors in the logs? You could also run the test with log level for package org.apache.tomcat.util.net.openssl increased to debug. You might already know, but a convenient way of running a single test is by configuring in build.properties: test.name=**/TestOpenSSLConf.java Thanks and regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
Le 12/04/2018 à 07:08, Rainer Jung a écrit : > These errors are strange and not expected. With which version of > tcnative was this tested, and which version of OpenSSL does that > tcnative use? That was tcnative 1.2.16 with OpenSSL 1.1.0h - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
Am 07.04.2018 um 01:17 schrieb Emmanuel Bourg: Tested on Debian sid with OpenJDK 9. I got a couple of test failures in TestOpenSSLConf but that doesn't seem critical: Testcase: testOpenSSLConfCmdCipher took 0.481 sec FAILED Wrong HostConfig ciphers Expected: is ["AES256-SHA256"] but: was ["TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_$ junit.framework.AssertionFailedError: Wrong HostConfig ciphers Expected: is ["AES256-SHA256"] but: was ["TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_$ at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20) at org.apache.tomcat.util.net.openssl.TestOpenSSLConf.testOpenSSLConfCmdCipher(TestOpenSSLConf.java:85) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Testcase: testOpenSSLConfCmdProtocol took 0.008 sec FAILED Protocol TLSv1 is not allowed junit.framework.AssertionFailedError: Protocol TLSv1 is not allowed at org.apache.tomcat.util.net.openssl.TestOpenSSLConf.testOpenSSLConfCmdProtocol(TestOpenSSLConf.java:105) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) These errors are strange and not expected. With which version of tcnative was this tested, and which version of OpenSSL does that tcnative use? Thanks and regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
Le 03/04/2018 à 22:36, Mark Thomas a écrit : > The proposed 8.5.30 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.30 Tested on Debian sid with OpenJDK 9. I got a couple of test failures in TestOpenSSLConf but that doesn't seem critical: Testcase: testOpenSSLConfCmdCipher took 0.481 sec FAILED Wrong HostConfig ciphers Expected: is ["AES256-SHA256"] but: was ["TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_$ junit.framework.AssertionFailedError: Wrong HostConfig ciphers Expected: is ["AES256-SHA256"] but: was ["TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_$ at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20) at org.apache.tomcat.util.net.openssl.TestOpenSSLConf.testOpenSSLConfCmdCipher(TestOpenSSLConf.java:85) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Testcase: testOpenSSLConfCmdProtocol took 0.008 sec FAILED Protocol TLSv1 is not allowed junit.framework.AssertionFailedError: Protocol TLSv1 is not allowed at org.apache.tomcat.util.net.openssl.TestOpenSSLConf.testOpenSSLConfCmdProtocol(TestOpenSSLConf.java:105) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Emmanuel Bourg - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
Mark, On 4/3/18 4:36 PM, Mark Thomas wrote: > The proposed Apache Tomcat 8.5.30 release is now available for voting. > > The major changes compared to the 8.5.29 release are: > > - Add support for the maxDays attribute to the AccessLogValve and > ExtendedAccessLogValve. This allows the maximum number of days for > which rotated access logs should be retained before deletion to be > defined. > > - Avoid infinite recursion, when trying to validate a session while > loading it with PersistentManager. > > - Correct two protocol errors with HTTP/2 PUSH_PROMISE frames. > > - The OpenSSL engine SSL session will now ignore invalid accesses. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.30/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1177/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_30/ > > The proposed 8.5.30 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.30 Works without any problems with a mundane application in a development environment. Details: * Environment * Java (build): java version "1.8.0_151" Java(TM) SE Runtime Environment (build 1.8.0_151-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode) * Java (test): java version "1.8.0_151" Java(TM) SE Runtime Environment (build 1.8.0_151-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode) * OS: Linux 2.6.32-312-ec2 x86_64 * cc: cc (Debian 4.7.2-5) 4.7.2 * make: GNU Make 3.81 * OpenSSL: OpenSSL 1.0.2k 26 Jan 2017 * APR: 1.4.6 * * !! Invalid MD5 signature for apache-tomcat-8.5.30.zip * Valid GPG signature for apache-tomcat-8.5.30.zip * !! Invalid MD5 signature for apache-tomcat-8.5.30.tar.gz * Valid GPG signature for apache-tomcat-8.5.30.tar.gz * !! Invalid MD5 signature for apache-tomcat-8.5.30.exe * Valid GPG signature for apache-tomcat-8.5.30.exe * !! Invalid MD5 signature for apache-tomcat-8.5.30-src.zip * Valid GPG signature for apache-tomcat-8.5.30-src.zip * !! Invalid MD5 signature for apache-tomcat-8.5.30-src.tar.gz * Valid GPG signature for apache-tomcat-8.5.30-src.tar.gz No problem: MD5 signatures are no longer used. I've updated my script to check SHA-1 and SHA-512 signatures for the future. * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED These tests are expected to fail in this environment: * Tests that failed: * org.apache.catalina.session.TestStandardSessionIntegration.APR.txt * org.apache.catalina.session.TestStandardSessionIntegration.NIO.txt * org.apache.catalina.session.TestStandardSessionIntegration.NIO2.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.APR.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO.txt * org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO2.txt * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.APR.txt * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.NIO.txt * org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.NIO2.txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.APR.txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO.txt * org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO2.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator.APR.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator.NIO.txt * org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator.NIO2.txt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.APR.txt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO.txt * org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO2.txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.APR.txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.NIO.txt * org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.NIO2.txt * org.apache.tomcat.util.net.openssl.TestOpenSSLConf.APR.txt * org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt * org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt * org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO2.txt * org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt * org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt * org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO2.txt -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
On 03/04/18 21:36, Mark Thomas wrote: > The proposed 8.5.30 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.30 Unit tests pass (allowing for expected OpenSSL failures due to version mis-match) for NIO, NIO2 and APR/native (1.2.16) on Linux, OSX and Windows. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
Am 3. April 2018 22:36:45 MESZ schrieb Mark Thomas: >The proposed Apache Tomcat 8.5.30 release is now available for voting. > >The major changes compared to the 8.5.29 release are: > >- Add support for the maxDays attribute to the AccessLogValve and > ExtendedAccessLogValve. This allows the maximum number of days for > which rotated access logs should be retained before deletion to be > defined. > >- Avoid infinite recursion, when trying to validate a session while > loading it with PersistentManager. > >- Correct two protocol errors with HTTP/2 PUSH_PROMISE frames. > >- The OpenSSL engine SSL session will now ignore invalid accesses. > >Along with lots of other bug fixes and improvements. > > >It can be obtained from: >https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.30/ >The Maven staging repo is: >https://repository.apache.org/content/repositories/orgapachetomcat-1177/ >The svn tag is: >http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_30/ > >The proposed 8.5.30 release is: >[ ] Broken - do not release >[x] Stable - go ahead and release as 8.5.30 Regards, Felix > >- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
2018-04-03 23:36 GMT+03:00 Mark Thomas: > > The proposed Apache Tomcat 8.5.30 release is now available for voting. > > The major changes compared to the 8.5.29 release are: > > - Add support for the maxDays attribute to the AccessLogValve and > ExtendedAccessLogValve. This allows the maximum number of days for > which rotated access logs should be retained before deletion to be > defined. > > - Avoid infinite recursion, when trying to validate a session while > loading it with PersistentManager. > > - Correct two protocol errors with HTTP/2 PUSH_PROMISE frames. > > - The OpenSSL engine SSL session will now ignore invalid accesses. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.30/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1177/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_30/ > > The proposed 8.5.30 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.30 +1 Regards, Violeta
Re: [VOTE] Release Apache Tomcat 8.5.30
Hi, The proposed 8.5.30 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 8.5.30 Unit test: ok Examples: ok Tested running on Java 10: ok On Wed, Apr 4, 2018 at 4:36 AM, Mark Thomaswrote: > The proposed Apache Tomcat 8.5.30 release is now available for voting. > > The major changes compared to the 8.5.29 release are: > > - Add support for the maxDays attribute to the AccessLogValve and > ExtendedAccessLogValve. This allows the maximum number of days for > which rotated access logs should be retained before deletion to be > defined. > > - Avoid infinite recursion, when trying to validate a session while > loading it with PersistentManager. > > - Correct two protocol errors with HTTP/2 PUSH_PROMISE frames. > > - The OpenSSL engine SSL session will now ignore invalid accesses. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.30/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1177/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_30/ > > The proposed 8.5.30 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 8.5.30 > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -- Best Regards! Huxing - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.30
On Tue, Apr 3, 2018 at 10:36 PM, Mark Thomaswrote: > The proposed Apache Tomcat 8.5.30 release is now available for voting. > > The major changes compared to the 8.5.29 release are: > > - Add support for the maxDays attribute to the AccessLogValve and > ExtendedAccessLogValve. This allows the maximum number of days for > which rotated access logs should be retained before deletion to be > defined. > > - Avoid infinite recursion, when trying to validate a session while > loading it with PersistentManager. > > - Correct two protocol errors with HTTP/2 PUSH_PROMISE frames. > > - The OpenSSL engine SSL session will now ignore invalid accesses. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.30/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1177/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_30/ > > The proposed 8.5.30 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.30 > > Rémy