Attached is the jmeter test plan that I used to validate the correctness of the fix
** Attachment added: "Test-Plan.jmx" https://bugs.launchpad.net/ubuntu/focal/+source/tomcat9/+bug/1903851/+attachment/5634589/+files/Test-Plan.jmx -- You received this bug notification because you are a member of SE SRU ("STS") Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1903851 Title: Tomcat9: multipart upload fails over https Status in tomcat9 package in Ubuntu: Invalid Status in tomcat9 source package in Focal: Fix Committed Bug description: [ Impact ] * Tomcat version 9.0.31 has a bug that prevents multipart uploads over encrypted connections. This happens with the NIO SSL Connector, which is the one that gets auto-selected in a default configuration * This patch reverts a change that was made between 9.0.30 and 9.0.31 that causes the multipart upload to fail when using a TLS connection. [ Test Plan ] * Deploy focal * Deploy tomcat9 and use the default configuration * Enable HTTPS for tomcat9. A self-signed certificate is sufficient * Create a keystore: keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat9/keystore * Enable the HTTPS listener in the tomcat9 configuration file /etc/tomcat9/server.xml * Add the following XML snippet at the bottom of the the XML block '<Service name="Catalina">'. Ensure that you specify the same password as when you created the keystore above <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="/etc/tomcat9/keystore" keystorePass="*******" /> * Deploy the attached WAR (JerseyDemos.war) file which is a simple test application that exhibits the regression. This is done by placing the WAR file in the following directory: /var/lib/tomcat9/webapps/ * In a browser on a separate machine, navigate to the application: https://<focal instance>/JerseyDemos/fileUpload.html * Attempt to upload the attached file: qg8dbNp.png [ Where problems could occur ] * This patch only addresses the server reading from the encrypted connection. There is the potential that the server writing to this same connection may trigger a similar issue if the client tries a multipart download. However, that use case is less common and the code for that is a seperate codepath entirely. [ Other Info ] * This change only applies to focal as releases after focal have a newer version of tomcat9 that includes this patch already. * Patch source: https://github.com/apache/tomcat/commit/6e60713c75141bc00f03f08f759df993a6416c71 * Contained in upstream tag: 9.0.32 [ Original Bug Description ] Tomcat version 9.0.31 has a bug that prevents multipart uploads over encrypted connections. This happens with the NIO SSL Connector, which is the one that gets auto-selected on my system. FAIL - Deploy Upload Failed, Exception: [org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing of multipart/form-data request failed. java.net.SocketTimeoutException] https://bz.apache.org/bugzilla/show_bug.cgi?id=64195 https://bz.apache.org/bugzilla/show_bug.cgi?id=64202 The bug is not present in the next Tomcat upstream release, but it seems the correction has not been ported back to Ubuntu 20.04.1 LTS in the tomcat9 package, version 9.0.31-1ubuntu0.1. On a side note, the bug seems to be present also on the current tomcat9 package, version 9.0.31-1~deb10u2 for Debian 10. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1903851/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : [email protected] Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
