Mark,
On 6/8/22 08:54, Christopher Schultz wrote:
Mark,
On 6/8/22 03:07, Mark Thomas wrote:
On 08/06/2022 00:04, Christopher Schultz wrote:
Mark,
On 6/7/22 11:25, Christopher Schultz wrote:
The proposed Apache Tomcat 8.5.80 release is now available for voting.
The notable changes compared to 8.5.79 are:
- Ensure that changes made to a request by the RemoteIPValve persist
after the request is put into asynchronous mode.
- Correct a regression in the support added for encrypted PKCS#1
formatted private keys in the previous release that broke support
for unencrypted PKCS#1 formatted private keys.
- Increase the default buffer size for cluster messages from 43800
to 65536 bytes. This is expected to improve performance for large
messages when running on Linux based systems.
- When using TLS with non-blocking writes and the NIO connector,
ensure that flushing the buffers attempts to empty all of the
output buffers.
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.80/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1379
The tag is:
https://github.com/apache/tomcat/tree/8.5.78/
f732d3aa5ca55eb07cb73d9ec2b585330f80f00b
The proposed 8.5.80 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.79 (stable)
These tests are failing:
TEST-org.apache.tomcat.util.net.jsse.TestPEMFile.APR.txt
TEST-org.apache.tomcat.util.net.jsse.TestPEMFile.NIO.txt
TEST-org.apache.tomcat.util.net.jsse.TestPEMFile.NIO2.txt
Unsurprisingly, they all have the same cause:
Testcase: testKeyEncryptedPkcs8 took 0.002 sec
Caused an ERROR
ObjectIdentifier() -- data isn't an object ID (tag = 48)
java.io.IOException: ObjectIdentifier() -- data isn't an object ID
(tag = 48)
at
sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:285)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:320)
at
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at
java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:151)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:133)
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:413)
at
javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:210)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:143)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)
at
org.apache.tomcat.util.net.jsse.TestPEMFile.testKey(TestPEMFile.java:79)
at
org.apache.tomcat.util.net.jsse.TestPEMFile.testKeyEncrypted(TestPEMFile.java:74)
at
org.apache.tomcat.util.net.jsse.TestPEMFile.testKeyEncryptedPkcs8(TestPEMFile.java:69)
This is all on Java 8. Is this an expected error on Java 8?
Almost certainly a known bug in some JREs. See this thread for
background:
https://tomcat.markmail.org/thread/qpwyogdutes3p6wo
Thanks for that reference again. I re-read a few of those but forgot
there was s discussion of the version numbers.
My exact JRE version is 1.8.0_292. I will retry with 1.8.0_333.
I now have a different set of tests failing:
* org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
* org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt
* org.apache.tomcat.util.net.TestClientCert.NIO.txt
* org.apache.tomcat.util.net.TestClientCert.NIO2.txt
* org.apache.tomcat.util.net.TestCustomSsl.NIO.txt
* org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt
* org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt
* org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt
It looks like all the tests failed due to similar issues:
Testcase: testClientCertGetWithPreemptive took 0.824 sec
Caused an ERROR
Remote host terminated the handshake
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at
sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1506)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1323)
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1228)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:412)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:384)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:587)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:692)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:666)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:660)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:654)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:639)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:633)
at
org.apache.tomcat.util.net.TestClientCert.doTestClientCertGet(TestClientCert.java:62)
at
org.apache.tomcat.util.net.TestClientCert.testClientCertGetWithPreemptive(TestClientCert.java:44)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at
sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:480)
at
sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:469)
at
sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:159)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1315)
I've never had these tests fail before. (And they didn't fail when
running under _292 earlier).
Any suggestions?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
