On 03/11/2018 16:54, Igal Sapir wrote: > On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas <ma...@apache.org> wrote: >> On 03/11/2018 16:20, Igal Sapir wrote: >>> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <ma...@apache.org> wrote: >>>> On 02/11/2018 22:39, Igal Sapir wrote:
<snip/> >>> Should I make a mental note that these are false positives or should we >>> pursue it further and update the test cases to remove ciphers that should >>> not be used? >> >> They look like false positives at this point. >> > > Is it possible to mark some test cases as "Warnings" rather than "Errors"? > So that if they fail they will not fail the whole test? Not that I am aware of. >> Now is probably a good time to complete the planned expansion of unit >> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL >> versions. > > I'd be happy to help if given some guidance (Note: Gump seems to be having issues performing 'svn up' at the moment. Check any failures carefully in case this is the cause.) The plan was as follows: - Build all current OpenSSL versions (currently 4) - Build Tomcat Native 1.2.x for each OpenSSL version (i.e. 4) - No Tomcat Native 1.1.x builds - Test 9.0.x with all Native/OpenSSL combinations (i.e. 4) - Test 8.5.x with Native/OpenSSL 1.1.1 (latest LTS) - Test 7.0.x with Native/OpenSSL 1.0.2 (other LTS) The OpenSSL build and Tomcat Native builds with each OpenSSL version have already been configured. The Tomcat Native 1.1.x build has been disabled. The 8.5.x and 7.0.x are configured as desired. So it is just 9.0.x that needs completing. It should, largely, be a copy/paste exercise: The Gump metadata is here: http://svn.apache.org/repos/asf/gump/metadata/project/ All ASF committers have write access. There is one file for each major Tomcat version. Each <project .../> block represents one Tomcat build or one test run. If you look in tomcat-trunk.xml you will see <project name="tomcat-trunk-test-apr"> This runs the unit tests with the APR connector. It is configured with: <property name="test.openssl.path" project="openssl-make-install" id="openssl" reference="outputpath"/> <property name="test.apr.loc" project="tomcat-native-trunk-make-install" reference="home"/> which means it uses Tomcat Native build with OpenSSL master (or just OpenSSL master when using OpenSSL directly) for the tests. Currently we have: Tomcat 9.0.x testing APR/native with OpenSSL master This needs to be exapnded to: Tomcat 9.0.x testing APR/native with - OpenSSL master - OpenSSL 1.1.1 - OpenSSL 1.1.0 - OpenSSL 1.0.2 We also have NIO tests running with JSSE. It would be prudent to add 4 more test runs for each of the OpenSSL versions with NIO as well. Essentially, you edit the metadata file and then wait until the next test run (they run at 0000, 0600, 1200 and 1800 UTC) and see if it worked. Repeat until all the test runs are passing. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
