[GUMP@vmgump]: Project tomcat-trunk-test-nio2 (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test-nio2 has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 12 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-test-nio2 : Tomcat 9.x, a web server implementing the Java Servlet 4.0, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio2/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/logs-NIO2 -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO2/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio2/gump_work/build_tomcat-trunk_tomcat-trunk-test-nio2.html Work Name: build_tomcat-trunk_tomcat-trunk-test-nio2 (Type: Build) Work ended in a state of : Failed Elapsed: 37 mins 16 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-NIO2 -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150501-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150501.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150501-native-src.tar.gz -Dtest.temp=output/test-tmp-NIO2 -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20150501/bi n/openssl -Dexecute.test.apr=false -Dtest.excludePerformance=true -Dexecute.test.nio2=true -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-jni.jar:/srv/gump/public/workspace/tomcat-trunk/output
[GUMP@vmgump]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test-apr has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 28 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-test-apr : Tomcat 9.x, a web server implementing the Java Servlet 4.0, ... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -INFO- Failed with reason build failed -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build) Work ended in a state of : Failed Elapsed: 35 mins 51 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.2-SNAPSHOT.jar -Dtest.reports=output/logs-APR -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150501-native-src.tar.gz -Dexamples.sources.skip=true -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.4-201406061215/ecj-4.4.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-trunk/dest-20150501/lib -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20150501.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20150501-native-src.tar.gz -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false -Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20150501/bin/openssl -Dexecute.test.apr=true -Dtest.excludePerformance=true -Dexecute.test.nio2=false -Deasymock.jar=/srv/gump/public/workspace/easymock/easymock/target/easymock-3.4-SNAPSHOT.jar -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/out
Tomcat 9 connector refactoring: OOM Parachute
As I work through the SSL changes, I've been thinking about the remaining differences between the connectors and in a couple of cases I've started to wonder if some of the features should be retained in Tomcat 9. First on my list is the OOM parachute. The feature reserves a block of memory and then releases it if an OOME occurs to give the JVM a chance to recover. Providing a way to recover from OOME is a good thing but I think the feature is logically flawed and - therefore - I'd like to remove it. My reasoning is as follows: - The parachute only protects against OOME in the NIO(2) poller. - The parachute reserves memory that would otherwise by available for normal operation. It effectively makes an OOME more likely everywhere apart from the Poller since less memory is available for normal operation. - I don't recall a single user reporting having seen an OOM Parachute related error message - APR/native has has no such protection. (If the OOM Parachute was effective I'd be in favour of extending it to APR/native.) Assuming there are no objections, I'll probably do this next week. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat 9 connector refactoring: NIO vs NIO2
Next up on my list is the NIO2 connector. NIO and APR/native both use a polling approach to non-blocking I/O. You add the socket to the poller, tell it what operation (read/write) you want to perform and then you wait for the poller to tell you the socket is ready to perform that operation. NIO2 uses an asynchronous approach to non-blocking I/O. You perform the read/write and then wait to be told it has finished via either a Future or a CompletionHandler. Servlet 3.1 non-blocking I/O is closest to the polling style (you get a callback when you are allowed to read/write). WebSocket non-blocking I/O uses the asynchronous style. In short, regardless of the underlying approach to non-blocking I/O, we have to support JavaEE APIs that use both styles. Therefore there is no 'obvious' advantage for either NIO or NIO2. As far as I can tell, the performance of NIO and NIO2 are comparable. That raises the question why do we need both NIO and NIO2? And I don't have an answer to that. If I had to pick one, I'd pick NIO because: - it has been around longer and is more stable - it uses the same style as APR/native which may allow further refactoring to reduce duplication. So, should we drop one of NIO or NIO2 in Tomcat 9? If not, why not? If yes, which one? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1677080 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AbstractEndpoint.java java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java webapps/docs/config/http.xml
On 30/04/2015 22:33, ma...@apache.org wrote: > Author: markt > Date: Thu Apr 30 21:33:27 2015 > New Revision: 1677080 > > URL: http://svn.apache.org/r1677080 > Log: > Make cipher suite order significant (expressing preference) for JSSE to align > with OpenSSL. I thought APR/native was hard-coded to this but that is not the case. I'll restore the ability to configure this for JSSE when I move it to SSLHostConfig. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677107 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/config/
Author: markt
Date: Fri May 1 10:33:43 2015
New Revision: 1677107
URL: http://svn.apache.org/r1677107
Log:
Move useServerCipherSuitesOrder/SSLHonorCipherOrder to SSLHostConfig
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/webapps/docs/config/http.xml
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677107&r1=1677106&r2=1677107&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri
May 1 10:33:43 2015
@@ -382,21 +382,25 @@ public abstract class AbstractHttp11Prot
defaultSSLHostConfig.setCertificateKeyFile(certificateKeyFile);
}
+
public void setAlgorithm(String keyManagerAlgorithm) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setKeyManagerAlgorithm(keyManagerAlgorithm);
}
+
public void setClientAuth(String certificateVerification) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setCertificateVerification(certificateVerification);
}
+
public void setSSLVerifyClient(String certificateVerification) {
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setCertificateVerification(certificateVerification);
}
+
public void setTrustMaxCertLength(int certificateVerificationDepth){
registerDefaultSSLHostConfig();
defaultSSLHostConfig.setCertificateVerificationDepth(certificateVerificationDepth);
@@ -407,6 +411,16 @@ public abstract class AbstractHttp11Prot
}
+public void setUseServerCipherSuitesOrder(boolean honorCipherOrder) {
+registerDefaultSSLHostConfig();
+defaultSSLHostConfig.setHonorCipherOrder(honorCipherOrder);
+}
+public void setSSLHonorCipherOrder(boolean honorCipherOrder) {
+registerDefaultSSLHostConfig();
+defaultSSLHostConfig.setHonorCipherOrder(honorCipherOrder);
+}
+
+
// - Common
code
// Common configuration required for all new HTTP11 processors
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1677107&r1=1677106&r2=1677107&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Fri May
1 10:33:43 2015
@@ -86,16 +86,6 @@ public class Http11AprProtocol extends A
public String getSSLCipherSuite() { return
((AprEndpoint)getEndpoint()).getSSLCipherSuite(); }
public void setSSLCipherSuite(String SSLCipherSuite) {
((AprEndpoint)getEndpoint()).setSSLCipherSuite(SSLCipherSuite); }
-/**
- * SSL honor cipher order.
- *
- * Set to true to enforce the server's cipher order
- * instead of the default which is to allow the client to choose a
- * preferred cipher.
- */
-public boolean getSSLHonorCipherOrder() { return
((AprEndpoint)getEndpoint()).getSSLHonorCipherOrder(); }
-public void setSSLHonorCipherOrder(boolean SSLHonorCipherOrder) {
((AprEndpoint)getEndpoint()).setSSLHonorCipherOrder(SSLHonorCipherOrder); }
-
/**
* SSL certificate chain file.
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java?rev=1677107&r1=1677106&r2=1677107&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java Fri
May 1 10:33:43 2015
@@ -98,11 +98,9 @@ public abstract class AbstractJsseEndpoi
engine.setEnabledCipherSuites(sslContextWrapper.getEnabledCiphers());
engine.setEnabledProtocols(sslContextWrapper.getEnabledProtocols());
-// Force server cipher suite order to be honored
SSLParameters sslParameters = engine.getSSLParameters();
-sslParameters.setUseCipherSuitesOrder(true);
-// Following line may not be required. Depends if JRE takes a defensive
-// copy. Keep the line to avoid any possible issues.
+
sslParameters.s
[Bug 56438] If jar scan does not find context config or TLD config, log a message
https://bz.apache.org/bugzilla/show_bug.cgi?id=56438 --- Comment #12 from Mark Thomas --- All looks good. Since this is a new feature it needs to be added to trunk first and then back-ported so patches are required for trunk and 8.0.x as well. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677111 - in /tomcat/site/trunk: docs/index.html docs/whoweare.html xdocs/whoweare.xml
Author: markt Date: Fri May 1 11:23:28 2015 New Revision: 1677111 URL: http://svn.apache.org/r1677111 Log: Add André at his request Modified: tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/whoweare.html tomcat/site/trunk/xdocs/whoweare.xml Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1677111&r1=1677110&r2=1677111&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri May 1 11:23:28 2015 @@ -242,15 +242,15 @@ since 7.0.59 include: Add support for Java 8 JSSE server-preferred TLS cipher suite ordering. This feature requires Java 8. - + Update to Tomcat Native Library version 1.1.33 to pick up the Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1. - + Implement a new feature for AJP connectors - Tomcat Authorization. If enabled Tomcat, will take an authenticated user name from the AJP protocol and use the appropriate Realm for the request to authorize (i.e. add roles) to that user. - + Update the Eclipse JDT compiler to version 4.4.2. Modified: tomcat/site/trunk/docs/whoweare.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/whoweare.html?rev=1677111&r1=1677110&r2=1677111&view=diff == --- tomcat/site/trunk/docs/whoweare.html (original) +++ tomcat/site/trunk/docs/whoweare.html Fri May 1 11:23:28 2015 @@ -393,6 +393,12 @@ A complete list of all the Apache Commit +André Warnier (soliplaya at apache.org) + + + + + Keith Wannamaker (keith at apache.org) Modified: tomcat/site/trunk/xdocs/whoweare.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/whoweare.xml?rev=1677111&r1=1677110&r2=1677111&view=diff == --- tomcat/site/trunk/xdocs/whoweare.xml (original) +++ tomcat/site/trunk/xdocs/whoweare.xml Fri May 1 11:23:28 2015 @@ -121,6 +121,9 @@ A complete list of all the Apache Commit Mark Thomas (markt at apache.org) +André Warnier (soliplaya at apache.org) + + Keith Wannamaker (keith at apache.org) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.22
Am 01.05.2015 um 01:47 schrieb Ognjen Blagojevic: On 29.4.2015 18:41, Mark Thomas wrote: The proposed 8.0.22 release is: [X] Broken - do not release [ ] Stable - go ahead and release as 8.0.22 Tested .zip distribution on Windows 7 64-bit, Oracle JDK 1.8.0_45 and APR/native 1.1.33: - Crawled all links (except /manager, /host-manager and /examples/async*). No broken links found, except links to JavaDocs. - Smoke tests of BIO, NIO, NIO2 and APR, with and without TLS. Only NIO2+TLS fails. Connector configuration: protocol="org.apache.coyote.http11.Http11Nio2Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="(snip).p12" keyAlias="(snip)" keystoreType="pkcs12" /> I smoke tested with this crawler: https://bz.apache.org/bugzilla/attachment.cgi?id=31184 I get in the logs some of those: 01-May-2015 01:29:59.631 SEVERE [http-apr-83-exec-7] org.apache.coyote.http11.AbstractHttp11Processor.endRequest Error finishing response org.apache.tomcat.jni.Error: 20005: An invalid socket was returned at org.apache.tomcat.jni.Socket.sendbb(Native Method) at org.apache.coyote.http11.InternalAprOutputBuffer.writeToSocket(InternalAprOutputBuffer.java:287) at org.apache.coyote.http11.InternalAprOutputBuffer.writeToSocket(InternalAprOutputBuffer.java:244) at org.apache.coyote.http11.InternalAprOutputBuffer.flushBuffer(InternalAprOutputBuffer.java:213) at org.apache.coyote.http11.AbstractOutputBuffer.endRequest(AbstractOutputBuffer.java:378) at org.apache.coyote.http11.AbstractHttp11Processor.endRequest(AbstractHttp11Processor.java:1800) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1143) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2463) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2452) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) And a lot of those: 01-May-2015 01:29:59.625 WARNING [http-nio2-84-exec-6] org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection Incorrect connection count, multiple socket.close called on the same socket. 01-May-2015 01:29:59.627 WARNING [http-nio2-84-exec-4] org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection Incorrect connection count, multiple socket.close called on the same socket. 01-May-2015 01:29:59.627 WARNING [http-nio2-84-exec-1] org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection Incorrect connection count, multiple socket.close called on the same socket. I probably won't be able to do any more tests before Monday. I have done some tests with jmeter. Calling the "home" page of tomcat through TLS with the different connectors BIO, NIO and NIO2. Using 100 concurrent "clients" and letting each client repeat 1000 requests, I get the following results: * NIO and BIO run without errors. * NIO2 seems to run OK at first, but after a while (last test the "while" ended after 17900 requests) jmeters threads will not get a response from tomcat. The test will continue when the clients timeout after 60 seconds. I see no errors in tomcat logs. The access logs show a time jump of one minute: 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 <--- JUMP 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 <--- 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 If I repeat the same tests with 8.0.21 the test will run without delay (or timeout on jmeter side). Without encryption all connectors will complete the tests without delay on 8.0.22. Regards Felix -Ognjen - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.22
On 01/05/2015 13:07, Felix Schumacher wrote: > Am 01.05.2015 um 01:47 schrieb Ognjen Blagojevic: >> On 29.4.2015 18:41, Mark Thomas wrote: >>> The proposed 8.0.22 release is: >>> [X] Broken - do not release >>> [ ] Stable - go ahead and release as 8.0.22 >> >> Tested .zip distribution on Windows 7 64-bit, Oracle JDK 1.8.0_45 and >> APR/native 1.1.33: >> >> - Crawled all links (except /manager, /host-manager and >> /examples/async*). No broken links found, except links to JavaDocs. >> >> - Smoke tests of BIO, NIO, NIO2 and APR, with and without TLS. Only >> NIO2+TLS fails. >> >> Connector configuration: >> >> > protocol="org.apache.coyote.http11.Http11Nio2Protocol" SSLEnabled="true" >>maxThreads="150" scheme="https" secure="true" >>clientAuth="false" sslProtocol="TLS" >>keystoreFile="(snip).p12" keyAlias="(snip)" >>keystoreType="pkcs12" /> >> >> >> I smoke tested with this crawler: >> >> https://bz.apache.org/bugzilla/attachment.cgi?id=31184 >> >> >> >> I get in the logs some of those: >> >> 01-May-2015 01:29:59.631 SEVERE [http-apr-83-exec-7] >> org.apache.coyote.http11.AbstractHttp11Processor.endRequest Error >> finishing response >> org.apache.tomcat.jni.Error: 20005: An invalid socket was returned >> at org.apache.tomcat.jni.Socket.sendbb(Native Method) >> at >> org.apache.coyote.http11.InternalAprOutputBuffer.writeToSocket(InternalAprOutputBuffer.java:287) >> >> at >> org.apache.coyote.http11.InternalAprOutputBuffer.writeToSocket(InternalAprOutputBuffer.java:244) >> >> at >> org.apache.coyote.http11.InternalAprOutputBuffer.flushBuffer(InternalAprOutputBuffer.java:213) >> >> at >> org.apache.coyote.http11.AbstractOutputBuffer.endRequest(AbstractOutputBuffer.java:378) >> >> at >> org.apache.coyote.http11.AbstractHttp11Processor.endRequest(AbstractHttp11Processor.java:1800) >> >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1143) >> >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) >> >> at >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2463) >> >> at >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2452) >> >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> at java.lang.Thread.run(Thread.java:745) >> >> >> And a lot of those: >> >> 01-May-2015 01:29:59.625 WARNING [http-nio2-84-exec-6] >> org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection >> Incorrect connection count, multiple socket.close called on the same >> socket. >> 01-May-2015 01:29:59.627 WARNING [http-nio2-84-exec-4] >> org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection >> Incorrect connection count, multiple socket.close called on the same >> socket. >> 01-May-2015 01:29:59.627 WARNING [http-nio2-84-exec-1] >> org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection >> Incorrect connection count, multiple socket.close called on the same >> socket. >> >> >> I probably won't be able to do any more tests before Monday. > > I have done some tests with jmeter. Calling the "home" page of tomcat > through TLS with the different connectors BIO, NIO and NIO2. Using 100 > concurrent "clients" and letting each client repeat 1000 requests, I get > the following results: > > * NIO and BIO run without errors. > > * NIO2 seems to run OK at first, but after a while (last test the > "while" ended after 17900 requests) jmeters threads will not get a > response from tomcat. The test will continue when the clients timeout > after 60 seconds. > > I see no errors in tomcat logs. The access logs show a time jump of one > minute: > 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 > 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 > 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 > 11250 <--- JUMP > 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 > 11250 <--- > 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 > 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 > 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 > > If I repeat the same tests with 8.0.21 the test will run without delay > (or timeout on jmeter side). > > Without encryption all connectors will complete the tests without delay > on 8.0.22. This looks to be the culprit: http://svn.apache.org/viewvc?view=revision&revision=1672626 Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional command
Re: Tomcat 9 connector refactoring: NIO vs NIO2
Naively, looking at the Tomcat documentation and note the comparison table there makes it appear that: 1. NIO2 offers everything NIO does 2. NIO cannot offer true blocking IO, whereas NIO2 can If that's not true, then the documentation should be updated at least And, of course, NIO2 just sounds newer/better/fancier than NIO :-) On 5/1/2015 4:55 AM, Mark Thomas wrote: Next up on my list is the NIO2 connector. NIO and APR/native both use a polling approach to non-blocking I/O. You add the socket to the poller, tell it what operation (read/write) you want to perform and then you wait for the poller to tell you the socket is ready to perform that operation. NIO2 uses an asynchronous approach to non-blocking I/O. You perform the read/write and then wait to be told it has finished via either a Future or a CompletionHandler. Servlet 3.1 non-blocking I/O is closest to the polling style (you get a callback when you are allowed to read/write). WebSocket non-blocking I/O uses the asynchronous style. In short, regardless of the underlying approach to non-blocking I/O, we have to support JavaEE APIs that use both styles. Therefore there is no 'obvious' advantage for either NIO or NIO2. As far as I can tell, the performance of NIO and NIO2 are comparable. That raises the question why do we need both NIO and NIO2? And I don't have an answer to that. If I had to pick one, I'd pick NIO because: - it has been around longer and is more stable - it uses the same style as APR/native which may allow further refactoring to reduce duplication. So, should we drop one of NIO or NIO2 in Tomcat 9? If not, why not? If yes, which one? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 9 connector refactoring: NIO vs NIO2
On 01/05/2015 13:42, Jess Holle wrote: > Naively, looking at the Tomcat documentation and note the comparison > table there makes it appear that: > > 1. NIO2 offers everything NIO does > 2. NIO cannot offer true blocking IO, whereas NIO2 can > > If that's not true, then the documentation should be updated at least It depends how you define "true blocking IO". None of the three connectors in trunk provide blocking I/O via a single read or write call. For all of them you call read/write and then you need to call something else that blocks until the read/write has finished. Only BIO offered "true" blocking I/O in my view. I'll update the docs. Mark > > And, of course, NIO2 just sounds newer/better/fancier than NIO :-) > > On 5/1/2015 4:55 AM, Mark Thomas wrote: >> Next up on my list is the NIO2 connector. >> >> NIO and APR/native both use a polling approach to non-blocking I/O. You >> add the socket to the poller, tell it what operation (read/write) you >> want to perform and then you wait for the poller to tell you the socket >> is ready to perform that operation. >> >> NIO2 uses an asynchronous approach to non-blocking I/O. You perform the >> read/write and then wait to be told it has finished via either a Future >> or a CompletionHandler. >> >> Servlet 3.1 non-blocking I/O is closest to the polling style (you get a >> callback when you are allowed to read/write). >> >> WebSocket non-blocking I/O uses the asynchronous style. >> >> In short, regardless of the underlying approach to non-blocking I/O, we >> have to support JavaEE APIs that use both styles. Therefore there is no >> 'obvious' advantage for either NIO or NIO2. >> >> As far as I can tell, the performance of NIO and NIO2 are comparable. >> >> That raises the question why do we need both NIO and NIO2? And I don't >> have an answer to that. If I had to pick one, I'd pick NIO because: >> - it has been around longer and is more stable >> - it uses the same style as APR/native which may allow further >> refactoring to reduce duplication. >> >> So, should we drop one of NIO or NIO2 in Tomcat 9? If not, why not? If >> yes, which one? >> >> Mark >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 9 connector refactoring: NIO vs NIO2
On 01/05/2015 14:02, Mark Thomas wrote: > On 01/05/2015 13:42, Jess Holle wrote: >> Naively, looking at the Tomcat documentation and note the comparison >> table there makes it appear that: >> >> 1. NIO2 offers everything NIO does >> 2. NIO cannot offer true blocking IO, whereas NIO2 can >> >> If that's not true, then the documentation should be updated at least > > It depends how you define "true blocking IO". None of the three > connectors in trunk provide blocking I/O via a single read or write > call. For all of them you call read/write and then you need to call > something else that blocks until the read/write has finished. Only BIO > offered "true" blocking I/O in my view. I take that back. APR does offer true blocking. Mark > I'll update the docs. > > Mark > > >> >> And, of course, NIO2 just sounds newer/better/fancier than NIO :-) >> >> On 5/1/2015 4:55 AM, Mark Thomas wrote: >>> Next up on my list is the NIO2 connector. >>> >>> NIO and APR/native both use a polling approach to non-blocking I/O. You >>> add the socket to the poller, tell it what operation (read/write) you >>> want to perform and then you wait for the poller to tell you the socket >>> is ready to perform that operation. >>> >>> NIO2 uses an asynchronous approach to non-blocking I/O. You perform the >>> read/write and then wait to be told it has finished via either a Future >>> or a CompletionHandler. >>> >>> Servlet 3.1 non-blocking I/O is closest to the polling style (you get a >>> callback when you are allowed to read/write). >>> >>> WebSocket non-blocking I/O uses the asynchronous style. >>> >>> In short, regardless of the underlying approach to non-blocking I/O, we >>> have to support JavaEE APIs that use both styles. Therefore there is no >>> 'obvious' advantage for either NIO or NIO2. >>> >>> As far as I can tell, the performance of NIO and NIO2 are comparable. >>> >>> That raises the question why do we need both NIO and NIO2? And I don't >>> have an answer to that. If I had to pick one, I'd pick NIO because: >>> - it has been around longer and is more stable >>> - it uses the same style as APR/native which may allow further >>> refactoring to reduce duplication. >>> >>> So, should we drop one of NIO or NIO2 in Tomcat 9? If not, why not? If >>> yes, which one? >>> >>> Mark >>> >>> - >>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: dev-h...@tomcat.apache.org >>> >>> >> >> > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677129 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Fri May 1 13:06:32 2015 New Revision: 1677129 URL: http://svn.apache.org/r1677129 Log: NIO2 uses simulated blocking (a separate call to the read/write that blocks until the read/write completes) Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677129&r1=1677128&r2=1677129&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri May 1 13:06:32 2015 @@ -1509,13 +1509,13 @@ Read HTTP Body Sim Blocking -Blocking +Sim Blocking Blocking Write HTTP Response Sim Blocking -Blocking +Sim Blocking Blocking - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.22
Am 01.05.2015 um 14:53 schrieb Mark Thomas: On 01/05/2015 13:07, Felix Schumacher wrote: Am 01.05.2015 um 01:47 schrieb Ognjen Blagojevic: On 29.4.2015 18:41, Mark Thomas wrote: The proposed 8.0.22 release is: [X] Broken - do not release [ ] Stable - go ahead and release as 8.0.22 Tested .zip distribution on Windows 7 64-bit, Oracle JDK 1.8.0_45 and APR/native 1.1.33: - Crawled all links (except /manager, /host-manager and /examples/async*). No broken links found, except links to JavaDocs. - Smoke tests of BIO, NIO, NIO2 and APR, with and without TLS. Only NIO2+TLS fails. Connector configuration: I smoke tested with this crawler: https://bz.apache.org/bugzilla/attachment.cgi?id=31184 I get in the logs some of those: 01-May-2015 01:29:59.631 SEVERE [http-apr-83-exec-7] org.apache.coyote.http11.AbstractHttp11Processor.endRequest Error finishing response org.apache.tomcat.jni.Error: 20005: An invalid socket was returned at org.apache.tomcat.jni.Socket.sendbb(Native Method) at org.apache.coyote.http11.InternalAprOutputBuffer.writeToSocket(InternalAprOutputBuffer.java:287) at org.apache.coyote.http11.InternalAprOutputBuffer.writeToSocket(InternalAprOutputBuffer.java:244) at org.apache.coyote.http11.InternalAprOutputBuffer.flushBuffer(InternalAprOutputBuffer.java:213) at org.apache.coyote.http11.AbstractOutputBuffer.endRequest(AbstractOutputBuffer.java:378) at org.apache.coyote.http11.AbstractHttp11Processor.endRequest(AbstractHttp11Processor.java:1800) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1143) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2463) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2452) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) And a lot of those: 01-May-2015 01:29:59.625 WARNING [http-nio2-84-exec-6] org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection Incorrect connection count, multiple socket.close called on the same socket. 01-May-2015 01:29:59.627 WARNING [http-nio2-84-exec-4] org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection Incorrect connection count, multiple socket.close called on the same socket. 01-May-2015 01:29:59.627 WARNING [http-nio2-84-exec-1] org.apache.tomcat.util.net.AbstractEndpoint.countDownConnection Incorrect connection count, multiple socket.close called on the same socket. I probably won't be able to do any more tests before Monday. I have done some tests with jmeter. Calling the "home" page of tomcat through TLS with the different connectors BIO, NIO and NIO2. Using 100 concurrent "clients" and letting each client repeat 1000 requests, I get the following results: * NIO and BIO run without errors. * NIO2 seems to run OK at first, but after a while (last test the "while" ended after 17900 requests) jmeters threads will not get a response from tomcat. The test will continue when the clients timeout after 60 seconds. I see no errors in tomcat logs. The access logs show a time jump of one minute: 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 11250 <--- JUMP 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 <--- 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 11250 If I repeat the same tests with 8.0.21 the test will run without delay (or timeout on jmeter side). Without encryption all connectors will complete the tests without delay on 8.0.22. This looks to be the culprit: http://svn.apache.org/viewvc?view=revision&revision=1672626 Looks to be OK, when I revert that patch on the 8.0.22. NIO2 with TLS completes without delay. Felix Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.22
On 01/05/2015 14:07, Felix Schumacher wrote: > Am 01.05.2015 um 14:53 schrieb Mark Thomas: >> On 01/05/2015 13:07, Felix Schumacher wrote: >>> * NIO2 seems to run OK at first, but after a while (last test the >>> "while" ended after 17900 requests) jmeters threads will not get a >>> response from tomcat. The test will continue when the clients timeout >>> after 60 seconds. >>> >>> I see no errors in tomcat logs. The access logs show a time jump of one >>> minute: >>> 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 >>> 11250 >>> 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 >>> 11250 >>> 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" 200 >>> 11250 <--- JUMP >>> 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 >>> 11250 <--- >>> 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 >>> 11250 >>> 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 >>> 11250 >>> 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" 200 >>> 11250 >>> >>> If I repeat the same tests with 8.0.21 the test will run without delay >>> (or timeout on jmeter side). >>> >>> Without encryption all connectors will complete the tests without delay >>> on 8.0.22. >> This looks to be the culprit: >> http://svn.apache.org/viewvc?view=revision&revision=1672626 > Looks to be OK, when I revert that patch on the 8.0.22. NIO2 with TLS > completes without delay. That patch looks to be addressing multiple issues. Are you able to figure out which part of the patch is causing the problem? (It may require some reverse engineering to figure out which part of the patch is addressing which issue.) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677135 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/jsse/openssl/ test/org/ap
Author: markt
Date: Fri May 1 13:36:20 2015
New Revision: 1677135
URL: http://svn.apache.org/r1677135
Log:
Move ciphers/SSLCipherSuite to SSLHostConfig
Added:
tomcat/trunk/test/org/apache/tomcat/util/net/TestSSLHostConfig.java (with
props)
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/OpenSSLCipherConfigurationParser.java
tomcat/trunk/webapps/docs/config/http.xml
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1677135&r1=1677134&r2=1677135&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
Fri May 1 13:36:20 2015
@@ -41,9 +41,6 @@ public abstract class AbstractHttp11Jsse
public String getSslProtocol() { return getEndpoint().getSslProtocol();}
public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);}
-public String getCiphers() { return getEndpoint().getCiphers();}
-public void setCiphers(String s) { getEndpoint().setCiphers(s);}
-
public String getKeyAlias() { return getEndpoint().getKeyAlias();}
public void setKeyAlias(String s ) { getEndpoint().setKeyAlias(s);}
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677135&r1=1677134&r2=1677135&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri
May 1 13:36:20 2015
@@ -421,6 +421,16 @@ public abstract class AbstractHttp11Prot
}
+public void setCiphers(String ciphers) {
+registerDefaultSSLHostConfig();
+defaultSSLHostConfig.setCiphers(ciphers);
+}
+public void setSSLCipherSuite(String ciphers) {
+registerDefaultSSLHostConfig();
+defaultSSLHostConfig.setCiphers(ciphers);
+}
+
+
// - Common
code
// Common configuration required for all new HTTP11 processors
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1677135&r1=1677134&r2=1677135&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Fri May
1 13:36:20 2015
@@ -81,13 +81,6 @@ public class Http11AprProtocol extends A
/**
- * SSL cipher suite.
- */
-public String getSSLCipherSuite() { return
((AprEndpoint)getEndpoint()).getSSLCipherSuite(); }
-public void setSSLCipherSuite(String SSLCipherSuite) {
((AprEndpoint)getEndpoint()).setSSLCipherSuite(SSLCipherSuite); }
-
-
-/**
* SSL certificate chain file.
*/
public String getSSLCertificateChainFile() { return
((AprEndpoint)getEndpoint()).getSSLCertificateChainFile(); }
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1677135&r1=1677134&r2=1677135&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Fri May
1 13:36:20 2015
@@ -51,8 +51,6 @@ public abstract class AbstractEndpointhttp://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1677135&r1=1677134&r2=1677135&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri May 1
13:36:20 2015
@@ -218,14 +218,6 @@ public class AprEndpoint extends Abstrac
/**
- * SSL cipher suite.
- */
-protected
svn commit: r1677138 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Fri May 1 13:42:26 2015 New Revision: 1677138 URL: http://svn.apache.org/r1677138 Log: Move clientCertProvider to correct section Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677138&r1=1677137&r2=1677138&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri May 1 13:42:26 2015 @@ -326,6 +326,17 @@ connector is started and unbound when it is stopped. + + When client certificate information is presented in a form other than + instances of java.security.cert.X509Certificate it needs to + be converted before it can be used and this property controls which JSSE + provider is used to perform the conversion. For example it is used with + the AJP connectors, the HTTP APR connector and + with the + org.apache.catalina.valves.SSLValve. If not specified, the default + provider will be used. + + The value is a comma separated list of MIME types for which HTTP compression may be used. @@ -1177,17 +1188,6 @@ element. - - When client certificate information is presented in a form other than - instances of java.security.cert.X509Certificate it needs to - be converted before it can be used and this property controls which JSSE - provider is used to perform the conversion. For example it is used with - the AJP connectors, the HTTP APR connector and - with the - org.apache.catalina.valves.SSLValve. If not specified, the default - provider will be used. - - The certificate revocation list to be used to verify client certificates. If not defined, client certificates will not be checked - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677140 - /tomcat/trunk/build.properties.default
Author: kkolinko
Date: Fri May 1 13:46:13 2015
New Revision: 1677140
URL: http://svn.apache.org/r1677140
Log:
Update to Checkstyle 6.6
Modified:
tomcat/trunk/build.properties.default
Modified: tomcat/trunk/build.properties.default
URL:
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1677140&r1=1677139&r2=1677140&view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Fri May 1 13:46:13 2015
@@ -213,7 +213,7 @@ objenesis.loc=https://objenesis.googleco
objenesis.jar=${objenesis.home}/objenesis-${objenesis.version}.jar
# - Checkstyle, version 6.0 or later -
-checkstyle.version=6.5
+checkstyle.version=6.6
checkstyle.home=${base.path}/checkstyle-${checkstyle.version}
checkstyle.loc=${base-sf.loc}/checkstyle/checkstyle/${checkstyle.version}/checkstyle-${checkstyle.version}-all.jar
checkstyle.jar=${checkstyle.home}/checkstyle-${checkstyle.version}-all.jar
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677141 - in /tomcat/tc8.0.x/trunk: ./ build.properties.default webapps/docs/changelog.xml
Author: kkolinko Date: Fri May 1 13:51:37 2015 New Revision: 1677141 URL: http://svn.apache.org/r1677141 Log: Update to Checkstyle 6.6. Correct subsection name in changelog file. Merged r1677140 from tomcat/trunk. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/build.properties.default tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Fri May 1 13:51:37 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943 +/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644
Re: [VOTE] Release Apache Tomcat 8.0.22
Am 1. Mai 2015 15:19:44 MESZ, schrieb Mark Thomas : >On 01/05/2015 14:07, Felix Schumacher wrote: >> Am 01.05.2015 um 14:53 schrieb Mark Thomas: >>> On 01/05/2015 13:07, Felix Schumacher wrote: > > > * NIO2 seems to run OK at first, but after a while (last test the "while" ended after 17900 requests) jmeters threads will not get a response from tomcat. The test will continue when the clients >timeout after 60 seconds. I see no errors in tomcat logs. The access logs show a time jump of >one minute: 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" >200 11250 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" >200 11250 192.168.178.20 - - [01/May/2015:13:57:39 +0200] "GET / HTTP/1.1" >200 11250 <--- JUMP 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" >200 11250 <--- 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" >200 11250 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" >200 11250 192.168.178.20 - - [01/May/2015:13:58:33 +0200] "GET / HTTP/1.1" >200 11250 If I repeat the same tests with 8.0.21 the test will run without >delay (or timeout on jmeter side). Without encryption all connectors will complete the tests without >delay on 8.0.22. >>> This looks to be the culprit: >>> http://svn.apache.org/viewvc?view=revision&revision=1672626 >> Looks to be OK, when I revert that patch on the 8.0.22. NIO2 with TLS >> completes without delay. > >That patch looks to be addressing multiple issues. Are you able to >figure out which part of the patch is causing the problem? (It may >require some reverse engineering to figure out which part of the patch >is addressing which issue.) I can take a look tomorrow. Felix > >Mark > > >- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 9 connector refactoring: NIO vs NIO2
2015-05-01 11:55 GMT+02:00 Mark Thomas : > Next up on my list is the NIO2 connector. > > NIO and APR/native both use a polling approach to non-blocking I/O. You > add the socket to the poller, tell it what operation (read/write) you > want to perform and then you wait for the poller to tell you the socket > is ready to perform that operation. > > NIO2 uses an asynchronous approach to non-blocking I/O. You perform the > read/write and then wait to be told it has finished via either a Future > or a CompletionHandler. > > Servlet 3.1 non-blocking I/O is closest to the polling style (you get a > callback when you are allowed to read/write). > > WebSocket non-blocking I/O uses the asynchronous style. > > In short, regardless of the underlying approach to non-blocking I/O, we > have to support JavaEE APIs that use both styles. Therefore there is no > 'obvious' advantage for either NIO or NIO2. > > As far as I can tell, the performance of NIO and NIO2 are comparable. > > That raises the question why do we need both NIO and NIO2? And I don't > have an answer to that. If I had to pick one, I'd pick NIO because: > - it has been around longer and is more stable > - it uses the same style as APR/native which may allow further > refactoring to reduce duplication. > > So, should we drop one of NIO or NIO2 in Tomcat 9? If not, why not? If > yes, which one? > > I volunteer to help maintain NIO2 for the time being, so I am not in favor of removing it at the moment. Unfortunately, I think all three connectors have some good points. APR: - Blocking IO - OpenSSL (for the time being) - Sendfile NIO: - It's been around longer :) - Sendfile NIO2: - Modern async IO - Scatter / gather IO that can be exposed and taken advantage (see the new IO calls I added; implementing them with APR and NIO is going to be a whole lot more convoluted ...) - Probably HTTP/2 and Servlet.next will take advantage of it just like websockets did I don't think NIO has gotten any better, it's still the most horrendous IO API imaginable as far as I am concerned. Of course, you can use frameworks and stuff but ... I agree to keep it as well, since as you say it's more mature and stable, but that's about it. Rémy
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1180 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1677140 Blamelist: kkolinko,markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677163 - in /tomcat/site/trunk: docs/whoweare.html xdocs/whoweare.xml
Author: kkolinko
Date: Fri May 1 15:01:43 2015
New Revision: 1677163
URL: http://svn.apache.org/r1677163
Log:
Re-order alphabetically. ('r' > 'n')
Modified:
tomcat/site/trunk/docs/whoweare.html
tomcat/site/trunk/xdocs/whoweare.xml
Modified: tomcat/site/trunk/docs/whoweare.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/whoweare.html?rev=1677163&r1=1677162&r2=1677163&view=diff
==
--- tomcat/site/trunk/docs/whoweare.html (original)
+++ tomcat/site/trunk/docs/whoweare.html Fri May 1 15:01:43 2015
@@ -393,13 +393,13 @@ A complete list of all the Apache Commit
-André Warnier (soliplaya at apache.org)
+Keith Wannamaker (keith at apache.org)
-Keith Wannamaker (keith at apache.org)
+André Warnier (soliplaya at apache.org)
Modified: tomcat/site/trunk/xdocs/whoweare.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/whoweare.xml?rev=1677163&r1=1677162&r2=1677163&view=diff
==
--- tomcat/site/trunk/xdocs/whoweare.xml (original)
+++ tomcat/site/trunk/xdocs/whoweare.xml Fri May 1 15:01:43 2015
@@ -121,10 +121,10 @@ A complete list of all the Apache Commit
Mark Thomas (markt at apache.org)
-André Warnier (soliplaya at apache.org)
+Keith Wannamaker (keith at apache.org)
-Keith Wannamaker (keith at apache.org)
+André Warnier (soliplaya at apache.org)
Tim Whittington (timw at apache.org)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a restored build on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/236 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1677141 Blamelist: kkolinko Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat 9 connector refactoring: NIO vs NIO2
On 01/05/2015 15:03, Rémy Maucherat wrote: > 2015-05-01 11:55 GMT+02:00 Mark Thomas : >> So, should we drop one of NIO or NIO2 in Tomcat 9? If not, why not? If >> yes, which one? >> >> I volunteer to help maintain NIO2 for the time being, so I am not in favor > of removing it at the moment. Unfortunately, I think all three connectors > have some good points. > > APR: > - Blocking IO > - OpenSSL (for the time being) If you can get OpenSSL working with the Java connectors then that opens up the question why keep the APR/native connector. But we aren't there yet. > - Sendfile > > NIO: > - It's been around longer :) > - Sendfile > > NIO2: > - Modern async IO > - Scatter / gather IO that can be exposed and taken advantage (see the new > IO calls I added; implementing them with APR and NIO is going to be a whole > lot more convoluted ...) > - Probably HTTP/2 and Servlet.next will take advantage of it just like > websockets did WebSockets didn't take advantage of it scatter/gather. Neither did it take advantage of the async style of API. > I don't think NIO has gotten any better, it's still the most horrendous IO > API imaginable as far as I am concerned. Of course, you can use frameworks > and stuff but ... I agree to keep it as well, since as you say it's more > mature and stable, but that's about it. The main driver for this thinking is reducing complexity in the connectors. Having to support both poller style and async style basic I/O creates complexity. If we only supported one style the I/O code could be a lot cleaner. Overall, I think I prefer the async style. It is much easier to simulate blocking and requires less supporting code (no pollers etc). But, APR uses the poller style and it has much better SSL performance. Thinking ahead (not sure how far, maybe Tomcat 9 at the outside) but if we had OpenSSL working with NIO.2 and performance was similar to the APR/native connector I'd be all for dropping NIO and APR/native in favour of NIO2 and with the option to use OpenSSL or JSSE for SSL. Is that too extreme? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677201 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Fri May 1 18:23:58 2015 New Revision: 1677201 URL: http://svn.apache.org/r1677201 Log: Drop duplicates Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677201&r1=1677200&r2=1677201&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri May 1 18:23:58 2015 @@ -1356,31 +1356,6 @@ - See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile";> - the mod_ssl documentation. - - - - See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath";> - the mod_ssl documentation. - - - - See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationfile";> - the mod_ssl documentation. - - - - See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcarevocationpath";> - the mod_ssl documentation. - - - - See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile";> - the mod_ssl documentation. - - - Name of the file that contains the concatenated certificates for the trusted certificate authorities. The format is PEM-encoded. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677204 - in /tomcat/trunk: java/org/apache/coyote/http11/AbstractHttp11Protocol.java java/org/apache/tomcat/util/net/SSLHostConfig.java java/org/apache/tomcat/util/net/jsse/JSSESocketFac
Author: markt
Date: Fri May 1 18:31:01 2015
New Revision: 1677204
URL: http://svn.apache.org/r1677204
Log:
Rename keystoreFile ->certificateKeystoreFile
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/webapps/docs/config/http.xml
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677204&r1=1677203&r2=1677204&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri
May 1 18:31:01 2015
@@ -371,7 +371,7 @@ public abstract class AbstractHttp11Prot
public void setKeystoreFile(String keystoreFile) {
registerDefaultSSLHostConfig();
-defaultSSLHostConfig.setKeystoreFile(keystoreFile);
+defaultSSLHostConfig.setCertificateKeystoreFile(keystoreFile);
}
public void setSSLCertificateFile(String certificateFile) {
registerDefaultSSLHostConfig();
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1677204&r1=1677203&r2=1677204&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Fri May 1
18:31:01 2015
@@ -52,8 +52,8 @@ public class SSLHostConfig {
private Set protocols = new HashSet<>();
// JSSE
+private String certificateKeystoreFile =
System.getProperty("user.home")+"/.keystore";
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
-private String keystoreFile = System.getProperty("user.home")+"/.keystore";
// OpenSSL
private String certificateFile;
private String certificateKeyFile;
@@ -218,14 +218,14 @@ public class SSLHostConfig {
}
-public void setKeystoreFile(String keystoreFile) {
-setProperty("keystoreFile", Type.JSSE);
-this.keystoreFile = keystoreFile;
+public void setCertificateKeystoreFile(String certificateKeystoreFile) {
+setProperty("certificateKeystoreFile", Type.JSSE);
+this.certificateKeystoreFile = certificateKeystoreFile;
}
-public String getKeystoreFile() {
-return keystoreFile;
+public String getCertificateKeystoreFile() {
+return certificateKeystoreFile;
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677204&r1=1677203&r2=1677204&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Fri May 1 18:31:01 2015
@@ -205,7 +205,7 @@ public class JSSESocketFactory implement
protected KeyStore getKeystore(String type, String provider, String pass)
throws IOException {
-String keystoreFile = sslHostConfig.getKeystoreFile();
+String keystoreFile = sslHostConfig.getCertificateKeystoreFile();
if (keystoreFile == null)
keystoreFile = defaultKeystoreFile;
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677204&r1=1677203&r2=1677204&view=diff
==
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Fri May 1 18:31:01 2015
@@ -1076,6 +1076,15 @@
RECOMMENDED).
+
+ JSSE only.
+ The pathname of the keystore file where you have stored the server
+ certificate and key to be loaded. By default, the pathname is the file
+ .keystore in the operating system home directory of the user
+ that is running Tomcat. If your keystoreType doesn't need a
+ file use "" (empty string) for this parameter.
+
+
Set to required if you want the SSL stack to require a
valid certificate chain from the client before accepting a connection.
@@ -1134,15 +1143,6 @@
documentation for the default value.
-
- JSSE only.
- The pathname of the keystore file where you have stored the server
- certificate and key to be loaded. By default, the pathname is the file
- .keystore in the op
svn commit: r1677206 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/
Author: markt
Date: Fri May 1 18:52:24 2015
New Revision: 1677206
URL: http://svn.apache.org/r1677206
Log:
More migration to SSLHostConfig
keyPass/SSLPassword -> certificateKeyPassword
keystorePass -> certificateKeystorePassword
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
tomcat/trunk/webapps/docs/config/http.xml
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1677206&r1=1677205&r2=1677206&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java
Fri May 1 18:52:24 2015
@@ -25,9 +25,6 @@ public abstract class AbstractHttp11Jsse
super(endpoint);
}
-public String getKeystorePass() { return getEndpoint().getKeystorePass();}
-public void setKeystorePass(String s ) { getEndpoint().setKeystorePass(s);}
-
public String getKeystoreType() { return getEndpoint().getKeystoreType();}
public void setKeystoreType(String s ) { getEndpoint().setKeystoreType(s);}
@@ -44,9 +41,6 @@ public abstract class AbstractHttp11Jsse
public String getKeyAlias() { return getEndpoint().getKeyAlias();}
public void setKeyAlias(String s ) { getEndpoint().setKeyAlias(s);}
-public String getKeyPass() { return getEndpoint().getKeyPass();}
-public void setKeyPass(String s ) { getEndpoint().setKeyPass(s);}
-
public void setTruststoreFile(String f){
getEndpoint().setTruststoreFile(f);}
public String getTruststoreFile(){ return
getEndpoint().getTruststoreFile();}
Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677206&r1=1677205&r2=1677206&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Fri
May 1 18:52:24 2015
@@ -430,6 +430,21 @@ public abstract class AbstractHttp11Prot
defaultSSLHostConfig.setCiphers(ciphers);
}
+public void setKeystorePass(String certificateKeystorePassword) {
+registerDefaultSSLHostConfig();
+
defaultSSLHostConfig.setCertificateKeystorePassword(certificateKeystorePassword);
+}
+
+public void setKeyPass(String certificateKeyPassword) {
+registerDefaultSSLHostConfig();
+defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword);
+}
+public void setSSLPassword(String certificateKeyPassword) {
+registerDefaultSSLHostConfig();
+defaultSSLHostConfig.setCertificateKeyPassword(certificateKeyPassword);
+}
+
+
// - Common
code
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1677206&r1=1677205&r2=1677206&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Fri May
1 18:52:24 2015
@@ -73,14 +73,6 @@ public class Http11AprProtocol extends A
// SSL related properties
/**
- * SSL password (if a cert is encrypted, and no password has been
provided, a callback
- * will ask for a password).
- */
-public String getSSLPassword() { return
((AprEndpoint)getEndpoint()).getSSLPassword(); }
-public void setSSLPassword(String SSLPassword) {
((AprEndpoint)getEndpoint()).setSSLPassword(SSLPassword); }
-
-
-/**
* SSL certificate chain file.
*/
public String getSSLCertificateChainFile() { return
((AprEndpoint)getEndpoint()).getSSLCertificateChainFile(); }
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1677206&r1=1677205&r2=1677206&view=diff
===
svn commit: r1677207 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Fri May 1 18:55:33 2015 New Revision: 1677207 URL: http://svn.apache.org/r1677207 Log: Typo Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677207&r1=1677206&r2=1677207&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri May 1 18:55:33 2015 @@ -1043,7 +1043,7 @@ Connector. As of Tomcat 9, the SSL configuration attributes in the - Connector are deprecated. If specified, thwy will be used to + Connector are deprecated. If specified, they will be used to configure a SSLHostConfig for the sslDefaultHost. Note that if an explicit SSLHostConfig element also exists for the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
