On 12/08/2021 12:20, jean-frederic clere wrote:
On 09/08/2021 22:05, Mark Thomas wrote:
[X] Stable - go ahead and release as 8.5.70
On fedora 34, I have the following failures:
+++
[concat] Testsuites with failed tests:
[concat]
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
[concat]
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt
[concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt
+++
But that looks like a configuration problem... invalid certificate...
Various test certificates have expired.
To summarise (my recollection of) previous discussion on this:
- We could auto-generate these but there are concerns around entropy
particularly on CI systems if we do this.
- We could generate certs with a longer expiry (currently 2 years). Two
years was chosen as a balance between having to regenerate these too
often, keeping up with changing requirements for certs and reducing
damage in case someone is foolish enough to use the keys in
production.
Overall, I'm happy with having to do this every two years or so.
I'll regenerate new ones. I'm about to go into a meeting but should have
this down shortly afterwards.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
