tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igal Sapir <i...@lucee.org>
Subject Re: [VOTE] Release Apache Tomcat 9.0.13
Date Sat, 03 Nov 2018 16:54:05 GMT
On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas <markt@apache.org> wrote:

> On 03/11/2018 16:20, Igal Sapir wrote:
> > On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <markt@apache.org> wrote:
> >
> >> On 02/11/2018 22:39, Igal Sapir wrote:
> >>
> >> <snip/>
> >>
> >>> I am getting the same test case failures as before, so it doesn't look
> >> like
> >>> a regression to me:
> >>>    [concat] Testsuites with failed tests:
> >>>    [concat]
> >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
> >>>    [concat]
> >>>
> >>
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> >>> [2]
> >>>
> >>> (details below)
> >>>
> >>>
> >>>> The proposed 9.0.13 release is:
> >>>> [ ] Broken - do not release
> >>>> [X] Stable - go ahead and release as 9.0.13
> >>>>
> >>>>
> >>> Assuming that my assessment of the failures is correct, my non-binding
> >> vote
> >>> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
> >>
> >> Which JDK are you using? It looks like an IBM one. It has been a while
> >> since I tested things with an IBM JDK so some updates might be required.
> >>
> >
> > I am pretty sure that I've never installed the IBM JDK on any machine.
> > This one IIRC is from Oracle:
> >
> > $ javac -version
> > javac 1.8.0_181
> > $ java -version
> > java version "1.8.0_181"
> > Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
> > Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
> >
> > I will upgrade to u191 from Oracle and then test again.
> >
> >
> >> A FIPS enabled OpenSSL might also cause some failures as it might
> >> disable some ciphers.
> >>
> >
> > I am guessing by the version name of OpenSSL that FIPS is enabled:
> >
> > $ openssl version
> > OpenSSL 1.1.0i-fips  14 Aug 2018
>
> That is very odd as the only OpenSSL branch that is FIPS certified is
> 1.0.2.
>
> > $ uname -a
> > Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
> > x86_64 x86_64 x86_64 GNU/Linux
> >
> > Should I make a mental note that these are false positives or should we
> > pursue it further and update the test cases to remove ciphers that should
> > not be used?
>
> They look like false positives at this point.
>

Is it possible to mark some test cases as "Warnings" rather than "Errors"?
So that if they fail they will not fail the whole test?


> Now is probably a good time to complete the planned expansion of unit
> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
> versions.
>

I'd be happy to help if given some guidance

Best,

Igal

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message