Re: Unit tests using tcnative/panama [Was: [Bug 68910] Improve LibreSSL version check in tcnative.m4]

Fri, 26 Apr 2024 12:43:54 -0700 



On 4/18/24 06:05, Rainer Jung wrote:

Am 18.04.24 um 09:08 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=68910

--- Comment #3 from Michael Osipov <micha...@apache.org> ---
(In reply to Christopher Schultz from comment #1)

(In reply to Michael Osipov from comment #0)

since we also do support LibreSSL [...]


Note: Support for LibreSSL is more of an aspiration and less of a
requirement. We don't technically advertise support for LibreSSL, but I
would like to be able to support it.


FYI. Just ran 10.1.x with LibreSSL 3.5.2:

    [concat] 
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
    [concat] 
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt

    [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt
    [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt

    [concat] 
TEST-org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt
    [concat] 
TEST-org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt
    [concat] 
TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO.txt
    [concat] 
TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.NIO2.txt



The rest is passing. These are failing for renegotiation or protocol 
mismatch.

That looks very promising.



Probably not relevant for this specific topic but maybe of general 
interest:



For other reasons I tried to identify, which unit tests actually load 
and execute with tcnative and/or panama, and those are very few. Most 
tests do not use these. Apart from the ones you mentioned as failing:


org.apache.catalina.valves.rewrite.TestResolverSSL
org.apache.tomcat.util.net.TestClientCert
org.apache.tomcat.util.net.TestCustomSslTrustManager
org.apache.tomcat.util.net.openssl.TestOpenSSLConf

the only other tests I found using tcnative and/or openssl connectors are:

org.apache.coyote.http2.TestLargeUpload
org.apache.tomcat.util.net.TestClientCertTls13
org.apache.tomcat.util.net.TestSSLHostConfigCompat
org.apache.tomcat.util.net.TestSSLHostConfigIntegration
org.apache.tomcat.util.net.TestSsl
org.apache.tomcat.websocket.TestWebSocketFrameClientSSL
org.apache.tomcat.websocket.TestWsWebSocketContainerSSL


So almost all of the tests actually using a connector to run servlets 
etc. only use plain http connectors (or fixed JSSE, but I think such do 
not exist).



A few more might only use the commandline openssl binary. Those are not 
included in the above lists.



I was thinking about this the other day as well, since there are 
tcnative+APR-based tests in Tomcat 9 which are executed separately from 
NIO and NIO2. I wasn't ever sure if/how the native library was being 
loaded. I wonder if on test-start (for those tests which actually use 
the connector), we could advertise which strategy is actually being used 
at runtime? I'm aware that FFM isn't supported pre-10.1.23 and that the 
APR connector has been removed in 10.1 but when running 10.1/11 tests it 
would be nice to know that the tests are failing because some specific 
test isn't working via e.g. FFM rather than the native library just 
didn't load properly and therefore ALL tests are failing.


-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to