-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 9/12/18 7:12 AM, Mark Thomas wrote: > All, > > Gump currently tests 7.0.x, 8.5.x and 9.0.x > > Support for OpenSSL cipher names is available in 8.5.x onwards and > we have various unit tests to ensure that our parsing code remains > in sync with OpenSSL. All versions have TLS unit tests that check > the APR/Native connector is working as expected. > > OpenSSL currently has the following four active development > branches: Master (a.k.a. 1.1.2-dev) 1.1.1 (LTS supported until at > least 2018-09-11 1.1.0 (supported until 2019-09-11) 1.0.2 (LTS > supported until 2019-12-31) > > Gump currently builds OpenSSL master and 1.0.2 > > > Tomcat Native has two branches 1.2.x and 1.1.x. 1.1.x will reach > EOL at the end of this month. > > Gump currently builds Native 1.1.x with OpenSSL 1.0.2 Native 1.2.x > with OpenSSL 1.0.2 Native 1.2.x with OpenSSL master > > > Gump then tests 9.0.x with Native 1.2.x/OpenSSL master 8.5.x with > Native 1.2.x/OpenSSL 1.0.2 7.0.x with Native 1.2.x/OpenSSL 1.0.2 > > > We currently are only testing 3 out of a possible 24 combinations. > If we ignore Native 1.1.x then that becomes 3 out of a possible 12 > combinations. > > Do we want to change / increase / decrease the combinations we > test? > > As a starting point for discussion how about: - Build all current > OpenSSL versions (currently 4) - Build Tomcat Native 1.2.x for each > OpenSSL version (i.e. 4) - No Tomcat Native 1.1.x builds - Test > 9.0.x with all Native/OpenSSL combinations (i.e. 4) - Test 8.5.x > with Native/OpenSSL 1.1.1 (latest LTS) - Test 7.0.x with > Native/OpenSSL 1.0.2 (other LTS) > > Testing all 12 combinations (4 OpenSSL * 3 Tomcat) seems like > overkill. I would propose building+testing against both 1.0.2 (LTS) and 1.1.1 (LTS) but leaving 1.1.0 and master out of the automated builds. Certainly, both 1.1.0 and master should be testable, but I don't think automated testing should be necessary. Ideally, Tomcat itself should not need testing with tcnative *at all*. The testing of tcnative *itself* should be able to determine whether various combinations of tcnative+OpenSSL x.y.z will work together. A smoke-test that tcnative continues to work with both the APR and NIO/NIO2 connectors should be sufficient in most cases. This may not be possible given our current set of unit tests for tcnative. (I'm always irritated whenever every. Single. Unit. Test. must be run against all connector types even when the connector-type should have zero impact on the test.) - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluZPesACgkQHPApP6U8 pFiLnxAAlY3m7YcCE8zDxbfvFDBx6uXcixroQSSukdJL84upPXeVrclf+3U29qR9 SaMh5aNtoQUT1A63PToBySGvojnHYf0t27pYwU0dF1B96fI/tlLX1P7Ka9DPsUu9 pQ09FNzjnQUNhkB0f3Azj2FClK8ikmjLZEOhZJ/5tDh8ejd1un3m2ySQzhNAszZp Mck+ECzx0k1fHd3DAsC42p1/DsNN9V8Hw34PlQ+thO1YSvtWsO6hP/rfE72hxRIY NCAK1DU2qjEV3Tr5kn554+OXYdNMWnD4M144sqNDp8WD3A860wnvNHaBWdaKHn6J KlEnPYxr1UKneXEYtv1F7r2NUAOc8OCsWn+NdOJCY36No/IednWAbnN/5IZaQrcT rseQfxbq0X+tkQQqcuLFKZw+hlVdTC5Qy8RhQATSZBb8f4jddHX2BCib1sOmDivv R+C5YR3JNNE1GISWOOu0Xsl8Q0DbMNWJhdn9ur1XxQPbcuLx7Jfnesgjo1vCayKv Cw9b00Hs4tVm6VmmMfjLSg5nBNvgdZbUnoaR34ukwBvFuinErChrSuMXf7farvA3 LhT13qHfEdzKfp2IytCsugLdLrlth8BjnA/IYSQDNuHwVdazx0k9V+YrCEErd98V gNd3Jae9yHFHIuMMHk2yAlLF7CAU34+iIOIfACJ4rVlXXO4g73U= =G4R5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
