On 01/12/2025 15:04, Rémy Maucherat wrote:
On Mon, Dec 1, 2025 at 3:01 PM Mark Thomas <[email protected]> wrote:
All,
As you may be aware, releases have been completed for the Migration tool
and Commons Daemon with a view to including them in the next round of
Tomcat releases.
I also planned to complete a new Tomcat Native release but haven't made
much progress on that yet.
Towards the end of last week I needed to test OCSP for $dayjob. It took
me a day to realise that NIO + OpenSSL behaves differently depending on
whether you define the trusted CAs in a KeyStore or a file. That led to
[1]. The test cases Dimitris wrote were a big help in figuring out what
was going on.
Reading through Dimitris's tests also made me realise it shouldn't be
too hard to get OCSP working for JSSE. That got me thinking. If I am
going to work on a Native release, I think it makes sense to include
expanding OCSP support. I'm thinking:
- add OCSP support for all variations of TLS connector
- use common configuration for JSSE and OpenSSL+Tomcat Native and
OpenSSL+FFM where possible
- expose OCSP configuration options in SSLHostConfig
That is probably a reasonable number of days work. So I am thinking
about timing.
A. Do we proceed with the December releases without a new Tomcat Native
release and aim to pick that up in January? (There is probably no more
than a day of prep to do before we are in a position to tag.)
B. Do we delay the December release until a new Tomcat Native release is
ready?
C. Do we skip the December release because of the holidays?
Thoughts?
My own thoughts are that I don't think B is a viable option. The
earliest we are likely to have Native release ready is the 8th (and I
think that is optimistic). That means the Tomcat releases are unlikely
to be ready earlier than the 12th which, if there is a regression, is
getting very close to folks not being available. Therefore I think
either A or C and, because of the clustering regression fix, I am
thinking A.
Let's go with A.
Works for me. I'm just committing the last few things I had on my TODO
list and then I'll run the unit test before tagging. Should be tagging
in a few hours.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
