On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas <ma...@apache.org> wrote: > On 03/11/2018 16:20, Igal Sapir wrote: > > On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <ma...@apache.org> wrote: > > > >> On 02/11/2018 22:39, Igal Sapir wrote: > >> > >> <snip/> > >> > >>> I am getting the same test case failures as before, so it doesn't look > >> like > >>> a regression to me: > >>> [concat] Testsuites with failed tests: > >>> [concat] > >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1] > >>> [concat] > >>> > >> > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt > >>> [2] > >>> > >>> (details below) > >>> > >>> > >>>> The proposed 9.0.13 release is: > >>>> [ ] Broken - do not release > >>>> [X] Stable - go ahead and release as 9.0.13 > >>>> > >>>> > >>> Assuming that my assessment of the failures is correct, my non-binding > >> vote > >>> is Stable. Tested on Fedora 28 with OpenSSL 1.1.0i-fips. > >> > >> Which JDK are you using? It looks like an IBM one. It has been a while > >> since I tested things with an IBM JDK so some updates might be required. > >> > > > > I am pretty sure that I've never installed the IBM JDK on any machine. > > This one IIRC is from Oracle: > > > > $ javac -version > > javac 1.8.0_181 > > $ java -version > > java version "1.8.0_181" > > Java(TM) SE Runtime Environment (build 1.8.0_181-b13) > > Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) > > > > I will upgrade to u191 from Oracle and then test again. > > > > > >> A FIPS enabled OpenSSL might also cause some failures as it might > >> disable some ciphers. > >> > > > > I am guessing by the version name of OpenSSL that FIPS is enabled: > > > > $ openssl version > > OpenSSL 1.1.0i-fips 14 Aug 2018 > > That is very odd as the only OpenSSL branch that is FIPS certified is > 1.0.2. > > > $ uname -a > > Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018 > > x86_64 x86_64 x86_64 GNU/Linux > > > > Should I make a mental note that these are false positives or should we > > pursue it further and update the test cases to remove ciphers that should > > not be used? > > They look like false positives at this point. >
Is it possible to mark some test cases as "Warnings" rather than "Errors"? So that if they fail they will not fail the whole test? > Now is probably a good time to complete the planned expansion of unit > tests on Gump for Tomcat Native so we have coverage of all the OpenSSL > versions. > I'd be happy to help if given some guidance Best, Igal
