Am 2020-12-01 um 13:09 schrieb Mark Thomas:
On 01/12/2020 11:05, Graham Leggett wrote:
Hi all,
I object to the deprecation of the tomcat-native/APR connector.
Most specifically, I am -1 on the following:
https://marc.info/?l=tomcat-dev&m=160681846808019&w=2
Looking at past discussion on this, the justification has been:
"It is inherently less stable. If we get the NIO code wrong, you might
see a NullPointerException. If we get the APR code wrong you might see a
JVM crash.”
Both a NullPointerException and a crash result in the same outcome - a non
working server.
No it isn't. The difference is a single failed request compared to the
entire server failing.
Tomcat-native has releases in the
https://archive.apache.org/dist/tomcat/tomcat-connectors/native/ going back 15
years to 2005, a claim of a lack of stability needs to be quantifiable.
See the long list of bugs raised against Tomcat and the Tomcat Native
Connector that reported a JVM crash. The reports have slowly been
getting less frequent over the years and are at a much lower level now
than they were but the risk remains.
I also object to the removal of OpenSSL code, for the same reason.
It isn't being removed. The APR/Native library will be retained along
with OpenSSL support for the NIO and NIO2.
I expect the scope of the APR/Native library for Tomcat 10.1.x onwards
will be reduced to just those native methods required to interact with
OpenSSL which may mean removal of the APR dependency. If we can use
OpenSSL without any native code of our own (e.g. via project Panama or
similar) then better still.
We are in the middle of a global pandemic. Our users do not have the resources
to suddenly divert to reengineering what is to them a perfectly working system,
to replace what exists with something else that just works differently.
Upgrading to Tomcat 10 already requires significant re-engineering work
due to the java package change for all the specification APIs.
Switching an HTTP or AJP connector from APR/Native to NIO or NIO2 with
OpenSSL requires a change of three/four characters in one configuration
file. We have deliberately made it very easy to switch between connectors.
No-one is being forced to upgrade. Tomcat 8.5.x and 9.0.x will continue
to support the APR/Native connector for AJP and HTTP. Based on the
typical 10 year support lifetime of a major Tomcat release users have at
least five to six years before they would be forced to migrate away from
using an APR/Native HTTP or AJP connector.
I'll note that Tomcat supports at least 3 major versions in parallel
with each major version being supported for ~10 years. That is a very
generous support offering.
Mark, while I always appreciate your professional answers, I do agree
with Graham from a different opinion:
As most of you have noticed I worked to some extend on libtcnative
because it simply works for me and just has failed only once many many
years go. I tried to remove some light APR dependencies for many OSes.
Now, we all know pre-10 Tomcat versions won't go away soon we will
continue support libtcnative for those versions anyway.
With or without the deprecation, we can always say if APR does not work
for you, take NIO2.
A suitable roadmap for libtcnative would be:
* Tag current patch version
* Move to 1.3.0 and remove everything non-TLS/networking related out
* Move to 1.4.0 drop OpenSSL support for < 1.1.1 because it requires
thread locks from APR which aren't necessary with 1.1.1
* Likely split code between OpenSSL to Java and APR to Java with that we
could satisfy both sides.
I am now nicely acquiant with the code, I could at least remove
everything for 1.3.0 and have at least three completely different OSes
to test.
Another side note is that building on Windows is a pain, I do not and
will not install Visual Studio to compile a few hundred lines of C code.
I would highly favorize a CMake-based build which works on Windows too,
but that is a different discussion, of course.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
