Hi Robbie, Thanks for reporting the issue with failing test PreemptiveAuthenticationTest#clientAuthUnrecognisedCert on JDK 11 when TLS 1.3 is used. I missed this problem on both master and 7.1.x branches due to using Oracle JDKs in my tests. The issue manifests only with OpenJDK 11 and above. The test is passing with Oracle JDK 11.
I briefly debugged the problem and came to conclusion that OpenJDK has some sort of race condition in implementation of TLS 1.3 which results in SslException (in response to SocketException) being thrown instead of SslHandshakeException (after closing the socket on server side, the client part misses to detect that and tries to flush the output stream). I fixed the failing test and modified Travis config to build project with OpenJDK11 on master and 7.1.x branches. The Travis is currently building broker successfully on master and 7.1.x branches using openjdk8 and openjdk11. The Apache Jenkins instances are very slow and their environment is unstable. The builds are failing too often due to various environmental issues. Thus, I would like to avoid adding another job for 7.1.x and Java11, as Java8 is a primary JDK for 7.1 and corresponding Jenkins job already exists. I agree, that the reported issue is not a show-stopper. Kind Regards, Alex On Wed, 9 Oct 2019 at 11:03, Robbie Gemmell <[email protected]> wrote: > +1 > > I checked things out like so: > - Verified the signature + checksum files. > - Used mvn apache-rat:check to verify headers in the source archive. > - Checked for LICENCE + NOTICE files present in the archives. > - Started a broker from the binary archive, created queue using the > console. > - Ran the Qpid JMS 0.46.0 HelloWorld example against the broker. > - Ran build+tests with "mvn clean verify -DskipITs=false" on JDK8, no > issues. > > I also ran build+tests on JDK11, and I saw a test failure in HTTP > management systest > PreemptiveAuthenticationTest#clientAuthUnrecognisedCert. The test is > allowing for an SSLHandshakeException or SocketException to occur when > it fails to connect (as is expected), but here I see a base > SSLException caused by a SocketException, so it escapes the catch. > Trying 7.1.4 doesnt show the same, so I expect the newly enabled use > of TLS 1.3 on JDK 11 would be the difference as it can alter the > behaviour/timing slightly. Since you must explicitly opt in to run > these tests and the vote is a few days old rather than just started, > I'm not going to suggest this is a reason to respin at this stage, but > it should be fixed for the next one. > > Aside, I'm not seeing CI jobs covering 7.1.x for JDK11, only master > (on Jenkins, though not running this test), though the branches are > obviously pretty similar given their relation/usage. I'd suggest > expanding the Travis config on master+7.1.x to cover 11 as well. > > Robbie > > On Sun, 6 Oct 2019 at 11:54, Oleksandr Rudyy <[email protected]> wrote: > > > > Hi folks, > > > > I built release artefacts for Qpid Broker-J version 7.1.5 RC1. > > Please, give them a test out and vote accordingly. > > > > The source and binary archives can be found at: > > https://dist.apache.org/repos/dist/dev/qpid/broker-j/7.1.5-rc1/ > > > > The maven artifacts are also staged at: > > https://repository.apache.org/content/repositories/orgapacheqpid-1184 > > > > The new version brings a number of improvements and bug fixes. > > You can find the full list of JIRAs included into the release here: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310520&version=12345734 > > > > Kind Regards, > > Alex > > > > P.S. For testing of maven broker staging repo artefacts, please add into > to > > your project pom the staging repo as below: > > > > <repositories> > > <repository> > > <id>staging</id> > > <url> > > https://repository.apache.org/content/repositories/orgapacheqpid-1184 > </url> > > </repository> > > </repositories> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
