Hi Chris,
I don't get any unit test failures. I set in build.properties:
test.apr.loc=/path/to/tcnative/lib
test.openssl.path=/path/to/openssl/bin/openssl
Plus when testing with JSSE:
test.sslImplementation=org.apache.tomcat.util.net.jsse.JSSEImplementation
resp. OpenSSL:
test.sslImplementation=org.apache.tomcat.util.net.openssl.OpenSSLImplementation
I do test with all Java LTS releases plus 18 plus for TC 8.5.0 Java
1.7.0. All in combination with self-compiled OpenSSL 1.1.1 plus tcnative
and I did not get any such failures for quite some time (probably more
than a year). Have not tried OpenSSL 3.0.0 during the last months though.
Wild guess: maybe test.openssl.path is missing in your setup and the
unit tests use the platform OpenSSL commandline binary in these tests,
but on the server (Tomcat) side a newer one which you used to compile
tcnative? Or platform OpenSSL misses some default OpenSSL ciphers? As
said: using test.openssl.path makes sure, both sides use the same OpenSSL.
For the sake of completeness (not related to OpenSSL):
- testing with pre Java 11 needs the following lines in your own
build.properties file:
opens.javalang=-Dnop
opens.javaio=-Dnop
opens.sunrmi=-Dnop
opens.javautil=-Dnop
opens.javautilconcurrent=-Dnop
You can add them before building or also just before running the test.
They only apply to the unit test runs. The "nop" was chosen as any
system property name that is likely not actually being used. It should
remind one of a "no-operation".
- testing with Java 1.7.0 for TC 8.5 in addition needs older easymock
and objenesis versions. You would have to set
easymock.version=3.6
objenesis.version=2.6
plus appropriate checksum lines for the download check:
easymock.checksum.value=1e6943105a21a336a874140e82b1a406|276883daaf2230e6f1e07c78ad695d2a18c7170b
objenesis.checksum.value=5ffac3f51405ca9b2915970a224b3e8f|639033469776fd37c08358c6b92a4761feb2af4b
Best regards,
Rainer
Am 24.02.2022 um 21:23 schrieb Christopher Schultz:
All,
My cipher-suite tests usually fail due to missing support for either
certain OpenSSL ciphersuites or JSSE, depending upon the JVM used to tun
run the tests.
I checked the testing code, but I don't see any documented way to
customize what gets tested.
I seem to remember @isapir giving instructions for how to ignore certain
cipher suites in specific environments so that all the tests would pass.
Is that officially documented anywhere?
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
