-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
On 2/3/16 10:54 AM, Christopher Schultz wrote: > Mark, > > On 2/3/16 4:05 AM, Mark Thomas wrote: >> The proposed Apache Tomcat 8.0.32 release is now available for >> voting. > >> The main changes since 8.0.30 are: > >> - Restore the default for mapperContextRootRedirectEnabled to >> true > >> - Update the packaged version of the Tomcat Native Library to >> 1.2.4 to pick up the Windows binaries that are based on OpenSSL >> 1.0.2e > >> - Expand session attribute filtering on load/unload to all >> managers > >> It can be obtained from: >> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.32/ >> The Maven staging repo is: >> https://repository.apache.org/content/repositories/orgapachetomcat-10 6 > >> 3/ > > > The svn tag is: >> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_32/ > >> The proposed 8.0.32 release is: [ ] Broken - do not release [ ] >> Stable - go ahead and release as 8.0.32 > > tcnative bundled with 8.0.32 fails to compile on my system against > OpenSSL 1.0.1e (Debian). It looks like they may not have > back-ported some expected changes from 1.0.1[latest]: > > src/sslcontext.c: In function > 'Java_org_apache_tomcat_jni_SSLContext_setCertificateRaw': > src/sslcontext.c:1079:5: error: 'eckey' undeclared (first use in > this function) src/sslcontext.c:1079:5: note: each undeclared > identifier is reported only once for each function it appears in > make[1]: *** [src/sslcontext.lo] Error 1 > > I'm going to have a look at this. This looks like a bug. - From sslcontext.c, starting at line 977: TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong ctx, jbyteArray javaCert, jbyteArray javaKey, jint idx) { #ifdef HAVE_ECC #if defined(SSL_CTX_set_ecdh_auto) EC_KEY *eckey = NULL; #endif #endif [...] #ifdef HAVE_ECC /* * TODO try to read the ECDH curve name from somewhere... */ #if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(c->ctx, 1); #else eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); SSL_CTX_set_tmp_ecdh(c->ctx, eckey); EC_KEY_free(eckey); #endif #endif The local variable 'eckey' is defined only if both HAVE_ECC and SSL_CTX_set_ecdh_auto are defined, but in the lower usage, eckey is ignored when SSL_CTX_set_ecdh_auto is set and used when it is not set. I suspect the intended implementation was to have the upper #ifdef SSL_CTX_set_ecdh_auto actually be "#ifndef" instead. I think we have to re-roll the release since tcnative is broken. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlayJBsACgkQ9CaO5/Lv0PDbFACdEGOM2OHkM07KwSUcBG+Ip7QV bXAAoMDKiAxfCN5wIZw1oHNRXNSQmKhs =XvQw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org