On Mon, Dec 1, 2025 at 3:01 PM Mark Thomas <[email protected]> wrote: > > All, > > As you may be aware, releases have been completed for the Migration tool > and Commons Daemon with a view to including them in the next round of > Tomcat releases. > > I also planned to complete a new Tomcat Native release but haven't made > much progress on that yet. > > Towards the end of last week I needed to test OCSP for $dayjob. It took > me a day to realise that NIO + OpenSSL behaves differently depending on > whether you define the trusted CAs in a KeyStore or a file. That led to > [1]. The test cases Dimitris wrote were a big help in figuring out what > was going on. > > Reading through Dimitris's tests also made me realise it shouldn't be > too hard to get OCSP working for JSSE. That got me thinking. If I am > going to work on a Native release, I think it makes sense to include > expanding OCSP support. I'm thinking: > - add OCSP support for all variations of TLS connector > - use common configuration for JSSE and OpenSSL+Tomcat Native and > OpenSSL+FFM where possible > - expose OCSP configuration options in SSLHostConfig > > That is probably a reasonable number of days work. So I am thinking > about timing. > > A. Do we proceed with the December releases without a new Tomcat Native > release and aim to pick that up in January? (There is probably no more > than a day of prep to do before we are in a position to tag.) > > B. Do we delay the December release until a new Tomcat Native release is > ready? > > C. Do we skip the December release because of the holidays? > > Thoughts? > > My own thoughts are that I don't think B is a viable option. The > earliest we are likely to have Native release ready is the 8th (and I > think that is optimistic). That means the Tomcat releases are unlikely > to be ready earlier than the 12th which, if there is a regression, is > getting very close to folks not being available. Therefore I think > either A or C and, because of the clustering regression fix, I am > thinking A.
Let's go with A. Rémy > Thoughts? > > Mark > > > > > [1] https://github.com/apache/tomcat/commit/2251fb8 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
