All,
On 10/9/23 18:18, Christopher Schultz wrote:
The proposed Apache Tomcat 10.1.14 release is now available for
voting.
The notable changes compared to 10.1.13 are:
- Update Tomcat Native to 1.2.39 to pick up Windows binaries built with
OpenSSL 3.0.11.
- Provide a lifecycle listener that will automatically reload TLS
configurations a set time before the certificate is due to expire.
This is intended to be used with third-party tools that regularly
renew TLS certificates.
- Improve performance of EL expressions in JSPs that use implicit
objects.
- Several improvements to thread safety and recycling cleanup.
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.14/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1459
The tag is:
https://github.com/apache/tomcat/tree/10.1.14
5feba31fa86b38bd645bf9cc1ddee883ad7bc6a4
The proposed 10.1.14 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.1.14
+1 for stable release
Builds clean and unit test pass with one exception on MacOS. Did not
test with APR/OpenSSL.
Details:
java version "11.0.10" 2021-01-19 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.10+8-LTS-162)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.10+8-LTS-162, mixed mode)
[concat] Testsuites with failed tests:
[concat] TEST-org.apache.tomcat.util.net.jsse.TestPEMFile.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.jsse.TestPEMFile.NIO2.txt
Failure details:
Testsuite: org.apache.tomcat.util.net.jsse.TestPEMFile
Tests run: 6, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.163 sec
Testcase: testKeyEncryptedPkcs1DesEde3Cbc took 0.104 sec
Testcase: testKeyPkcs1WithUnnecessaryPassword took 0.001 sec
Testcase: testKeyEncryptedPkcs8 took 0.045 sec
Caused an ERROR
Cannot retrieve the PKCS8EncodedKeySpec
java.security.spec.InvalidKeySpecException: Cannot retrieve the
PKCS8EncodedKeySpec
at
java.base/javax.crypto.EncryptedPrivateKeyInfo.getKeySpec(EncryptedPrivateKeyInfo.java:255)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:228)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:153)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:102)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:97)
at
org.apache.tomcat.util.net.jsse.TestPEMFile.testKey(TestPEMFile.java:79)
at
org.apache.tomcat.util.net.jsse.TestPEMFile.testKeyEncrypted(TestPEMFile.java:74)
at
org.apache.tomcat.util.net.jsse.TestPEMFile.testKeyEncryptedPkcs8(TestPEMFile.java:69)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Caused by: javax.crypto.BadPaddingException: Given final block not
properly padded. Such issues can arise if a bad key is used during
decryption.
at
java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
at
java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
at
java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
at
java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:323)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
at
java.base/javax.crypto.EncryptedPrivateKeyInfo.getKeySpec(EncryptedPrivateKeyInfo.java:250)
Testcase: testKeyPkcs1 took 0.001 sec
Testcase: testKeyEncryptedPkcs1Aes256 took 0.001 sec
Testcase: testKeyEncryptedPkcs1DesCbc took 0.001 sec
Re-running the tests repeated the same failure. Looking at my voting on
10.1.11 indicates that upgrading to Java 11.0.19 may resolve this issue.
I'm traveling and my local environment has Java 11.0.10 so I'm going to
blame it on the OID issue likely resolved in Java 11 whose workaround
was removed by markt in c4ffcf56a669aba1e508a0e769892f178879c1f5.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
