Am 30.03.26 um 20:34 schrieb Rémy Maucherat:
The proposed Apache Tomcat 9.0.117 release is now available for voting.
The notable changes compared to 9.0.116 are:
- Fix a bug in the non-blocking flushing code for NIO+TLS that meant
that a response may not have been fully written until the connection
was closed. Pull request 966 provided by Phil Clay.
- Improved HTTP/2 error handling
- Better error handling for the EncryptInterceptor
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.117/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1587
The tag is:
https://github.com/apache/tomcat/tree/9.0.117
f892e52577feef83aff57d34c2b4be61a5a68524
The proposed 9.0.117 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.117
+1 to release.
Reproducibility of the build checked (including the Windows installer)
using "ant verify-release" on Linux Mint 22.3. OK after setting LANG.
Original Windows installer signature verified with osslsigncode 2.10.
Unit tests ran on platforms
- RHEL 7, 8, 9 and 10 and SLES 12 and 15
using
- recent patch versions of JDK 1.8.0, 11, 17, 21, 25, 26 and 27 (EA)
from
- Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and from
OpenJDK for 27
where available.
Also tested with
- tcnative 1.3.7, 2.0.14 and panama
- tcnative including post-release memory leak patches
based on
- OpenSSL 3.0.19, 3.5.5, 3.6.1 and 4.0.0-beta1 (for tcnative 2 and panama)
- OpenSSL containing one post-release patch for 3.5 and 3.6.
Not all test runs are done yet, but by far most of them. Only some
JDK25, 26 and 27 on RHEL still need to run.
Test observations:
- on SLES parts of JDK26 and all of JDK27 yet to be run
- on RHEL most of JDK25 and all of JDK26 and JDK27 yet to be run
- IMHO nothing critical
- TestSslHandshakeFailure often fails with jsse and JDK1.8.0
Examples:
Testcase: testMissingClientCertificate took 5.355 sec
Caused an ERROR
Unexpected exception, expected<javax.net.ssl.SSLHandshakeException> but
was<javax.net.ssl.SSLException>
java.lang.Exception: Unexpected exception,
expected<javax.net.ssl.SSLHandshakeException> but
was<javax.net.ssl.SSLException>
Caused by: javax.net.ssl.SSLException: readHandshakeRecord
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1318)
...
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:683)
...
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:656)
at
org.apache.tomcat.util.net.TestSslHandshakeFailure.testMissingClientCertificate(TestSslHandshakeFailure.java:79)
Suppressed: java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at
java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at
sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:362)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:274)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
Caused by: java.net.SocketException: Connection reset
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:115)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at
sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:251)
at
sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
at
sun.security.ssl.Finished$T12FinishedProducer.onProduceFinished(Finished.java:399)
at
sun.security.ssl.Finished$T12FinishedProducer.produce(Finished.java:374)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at
sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at
sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
and
Testcase: testMissingClientCertificate took 4.857 sec
Caused an ERROR
Unexpected exception, expected<javax.net.ssl.SSLHandshakeException> but
was<java.net.SocketException>
java.lang.Exception: Unexpected exception,
expected<javax.net.ssl.SSLHandshakeException> but
was<java.net.SocketException>
Caused by: java.net.SocketException: Connection reset
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:115)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at
sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:273)
at
sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
at
sun.security.ssl.Finished$T12FinishedProducer.onProduceFinished(Finished.java:399)
at
sun.security.ssl.Finished$T12FinishedProducer.produce(Finished.java:374)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:420)
at
sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at
sun.security.ssl.TransportContext.dispatch(TransportContext.java:200)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:155)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1382)
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1295)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:417)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:389)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:715)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:689)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:683)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:677)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:662)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:656)
at
org.apache.tomcat.util.net.TestSslHandshakeFailure.testMissingClientCertificate(TestSslHandshakeFailure.java:79)
- TestOcspEnabled probably no longer fails when using panama (but
many of the panama constellations yet have to be tested)
- TestOcspSoftFailTryLater often fails with jsse and JDK1.8.0
Examples:
Testcase: test[JSSE with OpenSSL trust false: softFail false, clientOk
false] took 2.504 sec
Caused an ERROR
readHandshakeRecord
javax.net.ssl.SSLException: readHandshakeRecord
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1318)
...
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:716)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:667)
at
org.apache.tomcat.util.net.ocsp.OcspBaseTest.doTest(OcspBaseTest.java:173)
at
org.apache.tomcat.util.net.ocsp.TestOcspSoftFailTryLater.test(TestOcspSoftFailTryLater.java:101)
Suppressed: java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
...
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
Caused by: java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
...
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
Testcase: test[JSSE with OpenSSL trust false: softFail false, clientOk
true] took 0.193 sec
Caused an ERROR
readHandshakeRecord
javax.net.ssl.SSLException: readHandshakeRecord
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1318)
,,,
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:715)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:667)
at
org.apache.tomcat.util.net.ocsp.OcspBaseTest.doTest(OcspBaseTest.java:173)
at
org.apache.tomcat.util.net.ocsp.TestOcspSoftFailTryLater.test(TestOcspSoftFailTryLater.java:101)
Suppressed: java.net.SocketException: Broken pipe (Write failed)
at java.net.SocketOutputStream.socketWrite0(Native Method)
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)
at
java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at
sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:362)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:274)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
Caused by: java.net.SocketException: Connection reset
at
java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:115)
...
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
- TestOcspSoftFailTryLater only 3 failures with JDK11+
all jsse JDK 17 or 21 NIO2:
- Zulu 17 RHEL 7
- Adopt 21 RHEL 9
- Zulu 25 SLES 15
Testcase: test[JSSE with OpenSSL trust false: softFail false, clientOk
true] took 0.xxx sec
Caused an ERROR
Error writing to server
java.io.IOException: Error writing to server
at
java.base/sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:768)
...
at
java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)
...
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:716)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:667)
at
org.apache.tomcat.util.net.ocsp.OcspBaseTest.doTest(OcspBaseTest.java:173)
at
org.apache.tomcat.util.net.ocsp.TestOcspSoftFailTryLater.test(TestOcspSoftFailTryLater.java:101)
- TestOcspEnabled very sporadically (2 times) failed when using
tcnative and JDK21+, once Oracle JDK21 on RHEL 10 with NIO2, tcnative
2.0.14and OpenSSL 3.5, and once RedHat JDK 21 on RHEL 9with NIO,
tcnative 1.3.7 and OpenSSL 3.0.
Example:
Testcase: test[JSSE with OpenSSL trust false: clientOk false, serverOk
false, verifyClient DEFAULT, verifyServer false] took 8.203 sec
FAILED
Handshake failed when not expected to do so.
junit.framework.AssertionFailedError: Handshake failed when not expected
to do so.
at
org.apache.tomcat.util.net.ocsp.TestOcspEnabled.test(TestOcspEnabled.java:117)
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
- in addition
- very few crashes with tcnative (7 in 852 runs)
- one crash with JSSE (in 125 runs,
org.apache.catalina.startup.TestTomcatStandalone)
- very few failures with jsse (5 in 125 runs)
- very few non-crash-failures with tcnative (2 in 852 runs)
Thanks for RM!
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
