Re: [VOTE] Release Apache Tomcat 8.5.89

[Christopher Schultz]

All,

On 5/9/23 13:38, Christopher Schultz wrote:
The proposed Apache Tomcat 8.5.89 release is now available for voting.
The notable changes compared to 8.5.88 are:

- Many improvements to the JSON access log valve.

- Deprecate support for the HTTP Connector settings rejectIllegalHeader
    and allowHostHeaderMismatch and reject HTTP headers without names.

- Add a RateLimitFilter which can be used to mitigate DoS and Brute
    Force attacks.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.89/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1436

The tag is:
https://github.com/apache/tomcat/tree/8.5.89/
da91bd19ef2cb34a96e4ad04749dfc97c941db87

The proposed 8.5.89 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.88 (stable)

I'm getting a unit test failure I don't understand:

Testsuite: org.apache.tomcat.websocket.TestWsWebSocketContainerSSL
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.717 sec
------------- Standard Error -----------------
10-May-2023 22:15:22.794 INFO [main] 
org.apache.catalina.startup.LoggingBaseTest.setUp Starting test case 
[testConnectToServerEndpointSSL]
10-May-2023 22:15:22.903 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded 
Apache Tomcat Native library [1.2.36] using APR version [1.7.0].
10-May-2023 22:15:22.904 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR 
capabilities: IPv6 [true], sendfile [true], accept filters [false], 
random [true], UDS [{4}].
10-May-2023 22:15:22.904 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL 
configuration: useAprConnector [false], useOpenSSL [true]
10-May-2023 22:15:22.906 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized [OpenSSL 1.1.1  11 Sep 2018]
10-May-2023 22:15:23.117 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["https-openssl-apr-127.0.0.1-auto-1"]
10-May-2023 22:15:23.192 INFO [main] 
org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector 
[https-openssl-apr-127.0.0.1-auto-1], TLS virtual host [_default_], 
certificate type [UNDEFINED] configured from [/home/cschultz/.keystore] 
using alias [tomcat] and with trust store 
[/mnt/ephemeral0/cschultz/projects/apache/apache-tomcat/tarball/apache-tomcat-8.5.89-src/test/org/apache/tomcat/util/net/ca-cert.pem]
10-May-2023 22:15:23.203 INFO [main] 
org.apache.catalina.core.StandardService.startInternal Starting service 
[Tomcat]
10-May-2023 22:15:23.203 INFO [main] 
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet 
engine: [Apache Tomcat/8.5.89]
10-May-2023 22:15:23.308 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["https-openssl-apr-127.0.0.1-auto-1-37597"]
10-May-2023 22:15:23.353 INFO [main] 
org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler 
["https-openssl-apr-127.0.0.1-auto-1-37597"]
10-May-2023 22:15:23.361 INFO [main] 
org.apache.catalina.core.StandardService.stopInternal Stopping service 
[Tomcat]
10-May-2023 22:15:23.368 INFO [main] 
org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler 
["https-openssl-apr-127.0.0.1-auto-1-37597"]
10-May-2023 22:15:23.386 INFO [main] 
org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler 
["https-openssl-apr-127.0.0.1-auto-1-37597"]
------------- ---------------- ---------------

Testcase: testConnectToServerEndpointSSL took 0.691 sec
        Caused an ERROR
The HTTP request to initiate the WebSocket connection to 
[wss://localhost:37597/echoAsync] failed
javax.websocket.DeploymentException: The HTTP request to initiate the 
WebSocket connection to [wss://localhost:37597/echoAsync] failed
        at 
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServerRecursive(WsWebSocketContainer.java:428)
        at 
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:170)
        at 
org.apache.tomcat.websocket.TestWsWebSocketContainerSSL.testConnectToServerEndpointSSL(TestWsWebSocketContainerSSL.java:64)
Caused by: java.util.concurrent.ExecutionException: 
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol 
is disabled or cipher suites are inappropriate)
        at 
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:489)
        at 
org.apache.tomcat.websocket.WsWebSocketContainer.connectToServerRecursive(WsWebSocketContainer.java:320)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol 
(protocol is disabled or cipher suites are inappropriate)
        at 
sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:171)
        at 
sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
        at 
sun.security.ssl.TransportContext.kickstart(TransportContext.java:220)
        at 
sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:97)
        at 
org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:347)

This fails for all of APR, NIO, and NIO2 and I'm using OpenSSL 1.1.1 and 
Java 1.8.0_292.

Any ideas?

Thanks,
-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org