On 10/3/2018 2:29 AM, Mark Thomas wrote:
On 02/10/18 20:40, Igal Sapir wrote:
On 02/10/18 06:58, Igal Sapir wrote:
When trying to run the unit test cases with `ant clean test` on the
current
trunk [1] I am getting two (per connector) failures:
org.apache.tomcat.util.net.openssl.ciphers.TestCipher FAILED [2]
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser
FAILED [3]
<snip/>
These tests are all particularly sensitive to the versions of OpenSSL,
Java and the implementation of Java used.
Generally, those tests are there to ensure that the code that translates
between JSSE cipher definitions and OpenSSL definitions is correct.
If you see a failure it may indicate that:
- the test has a bug
- you are running with an older version of OpenSSL that behaves
differently from the latest version (we try and keep pace with the
latest)
- OpenSSL has changed behaviour and we need to update our translation
code to align with it (unusual)
- OpenSSL has changed behaviour and we need to update our tests to align
with it (most frequent).
Thank you both for the detailed explanation. I suspected that I should
had added the OpenSSL version to the OP. On that Fedora machine I have
OpenSSL 1.1.0i-fips 14 Aug 2018
I tried the same tests on a Windows 10 machine. Below are some
discrepancies/peculiarities that I've noticed (I'd be happy to improve
the test cases if possible):
I noticed some errors on Gump overnight so this morning I have build
OpenSSL 1.0.2, 1.1.0, 1.1.1 and master locally and tested them against
8.5.x and 9.0.x. I found a couple of bugs:
- The ARIA ciphers were not handled correctly so testing against OpenSSL
1.1.0 was always going to fail. This has been fixed.
- 8.5.x was missing some code that ensured the OpenSSL libraries as well
as the binary was on the path. This meant 8.5.x tests were either
going to fail or use a locally installed OpenSSL version. This has
also been fixed.
On the Linux box I have OpenSSL installed and on the PATH. On Windows I
used version OpenSSL 1.1.1 11 Sep 2018 and specified it via the
`test.openssl.path` property. I checked the value of
`test.openssl.exists` and it showed the expected `true`. Both Windows
and Fedora generated an output file for
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java [1]. Both,
however, reported "Found OpenSSL version 0x0" which I find strange?
That does seem odd. I suspect either the wrong OpenSSL version or no
OpenSSL version was found.
Gump was also showing "version 0x0" [1].
System.load() [2] was throwing an error that an absolute path is
expected, but that error was ignored at [3] so we didn't see it. I
added a warning to the log in r1842849 [4].
Igal
[1]
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-nio/gump_file/TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO.txt.html
[2]
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/Library.java?revision=1834660&view=markup&pathrev=1842849#l42
[3]
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?view=markup&pathrev=1842748#l91
[4] http://svn.apache.org/viewvc?rev=1842849&view=rev
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
