tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Gump, Tomcat Native, OpenSSL and Tomcat versions
Date Wed, 12 Sep 2018 16:22:48 GMT
On 12/09/18 15:57, Rainer Jung wrote:
> Am 12.09.2018 um 13:12 schrieb Mark Thomas:
>> Gump currently tests 7.0.x, 8.5.x and 9.0.x
>>
>> Support for OpenSSL cipher names is available in 8.5.x onwards and we
>> have various unit tests to ensure that our parsing code remains in sync
>> with OpenSSL.
>> All versions have TLS unit tests that check the APR/Native connector is
>> working as expected.
>>
>> OpenSSL currently has the following four active development branches:
>> Master (a.k.a. 1.1.2-dev)
>> 1.1.1  (LTS supported until at least 2018-09-11
>> 1.1.0  (supported until 2019-09-11)
>> 1.0.2  (LTS supported until 2019-12-31)
>>
>> Gump currently builds OpenSSL master and 1.0.2
>>
>>
>> Tomcat Native has two branches 1.2.x and 1.1.x.
>> 1.1.x will reach EOL at the end of this month.
>>
>> Gump currently builds
>> Native 1.1.x with OpenSSL 1.0.2
>> Native 1.2.x with OpenSSL 1.0.2
>> Native 1.2.x with OpenSSL master
>>
>>
>> Gump then tests
>> 9.0.x with Native 1.2.x/OpenSSL master
>> 8.5.x with Native 1.2.x/OpenSSL 1.0.2
>> 7.0.x with Native 1.2.x/OpenSSL 1.0.2
>>
>>
>> We currently are only testing 3 out of a possible 24 combinations. If we
>> ignore Native 1.1.x then that becomes 3 out of a possible 12
>> combinations.
>>
>> Do we want to change / increase / decrease the combinations we test?
>>
>> As a starting point for discussion how about:
>> - Build all current OpenSSL versions (currently 4)
>> - Build Tomcat Native 1.2.x for each OpenSSL version (i.e. 4)
>> - No Tomcat Native 1.1.x builds
>> - Test 9.0.x with all Native/OpenSSL combinations (i.e. 4)
>> - Test 8.5.x with Native/OpenSSL 1.1.1 (latest LTS)
>> - Test 7.0.x with Native/OpenSSL 1.0.2 (other LTS)
>>
>> Testing all 12 combinations (4 OpenSSL * 3 Tomcat) seems like overkill.
>>
>> Thoughts?
> 
> I like it. Broad coverage for our latest branch and some additional
> checks for the older branches.
> 
> A variation we could think about, is dropping OpenSSL master at least
> until that branch produces alpha releases for 1.1.2. Since 1.1.1 is now
> GA I think it will be the relevant newest version for quite some time.
> Probably master will not become relevant for us before EOL for 1.1.0.

It is almost easier to leave to master build in place.

I've added the additional OpenSSL builds for 1.1.0 and 1.1.1. I'll wait
and see what happens with those builds in the next Gump run first in
case I have missed something in setting them up.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message