Am 25.03.2016 um 04:53 schrieb Bill Barker:
...
[concat] Testsuites with failed tests:
[concat] TEST-org.apache.tomcat.util.net.TestSsl.APR.txt
...
[concat]
TEST-org.apache.tomcat.websocket.TestWebSocketFrameClientSSL.APR.txt
[concat] TEST-org.apache.tomcat.websocket.TestWsWebSocketContainer.APR.txt
Currently SSL tests which initialize APR twice fail with OpenSSL 1.1,
because we call EVP_cleanup() during deinitialize, but OpenSSL 1.1 does
not reinitialize the second time. So looking up digests via EVP fails
after the second init and as a consequence TLS fails.
Example: in TestSsl the first test testSimpleSsl succeeds, then comes
deinit and another init, and the test testKeyPass fails with
error:140A90F2:SSL routines:SSL_CTX_new:unable to load ssl3 md5 routines
Despite the "ssl3" contained in the error text, this error doesn't have
to do with choosing SSLv3 as protocol. In this case the protocol string
doesn't contain SSLv3 and the error happens before the protocol is
configured during looking up a digest named ssl3-md5 via EVP which
normally always exists (hadn't we removed it by calling EVP_cleanup()).
In principle OpenSSL 1.1 does initialize automatically, so we could skip
it for 1.1, but some things in our init might still be necessary and
thus also their respective deinit parts. It is a bit hairy to decide
which parts are still needed and which parts are automatic.
If no one beats me to it I'll try to fix this next week.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org