[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-dev
Subject: Re: [NOTICE] Intent to T&R 2.4.37 - about 12:00 GMT tomorrow
From: Daniel Ruggeri <druggeri () primary ! net>
Date: 2018-10-18 14:31:58
Message-ID: 0ea4c28e543d6324bad2831a7fe200af () primary ! net
[Download RAW message or body]
On 2018-10-18 07:12, Rainer Jung wrote:
> Am 17.10.2018 um 13:41 schrieb Daniel Ruggeri:
> > Hi, all;
> > With the fix for detected OpenSSL 1.1.1 issues now backported to
> > 2.4.x, I would like to tag the next version of our venerable server
> > soon.
> >
> > I have already successfully completed the test suite against my
> > "latest sources" docker environment and am watching for any smoke
> > detected in [1]. Feeling good about this one :-)
> >
> > How about roughly 24 hours from now?
> >
> > [1]
> > https://lists.apache.org/thread.html/48de97bd66ceabcf84a3719b36cd69274cb8c4b64d68c46696beb906@<dev.httpd.apache.org>
> >
>
> In the meantime most of my tests finished. The two small mod_ssl
> patches applied this morning were not part of the testing but seem
> simple enough to understand and should pose no risk.
>
> My testing showed:
>
> - t/ssl/ocsp.t fails in test 2 and 3 (lines 43 and 49) when the server
> is build using OpenSSL 0.9.8zh:
> Can't connect to localhost:8535 (SSL connect attempt failed because of
> handshake problems error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
> alert handshake failure)
> SSL connect attempt failed because of handshake problems
> error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
> failure at
> /shared/build/dev/httpd/install/Bundle-ApacheTest/20180911-0.9.8zh-1/rhel7.x86_64/lib/perl5/LWP/Protocol/http.pm \
> line 50.
> I don't know whether that is expected for old OpenSSL, so can not
> judge on criticality.
>
> - t/modules/http2.t fails when the server is build using OpenSSL
> 0.9.8zh with the "Bad plan. You planned 52 tests..." message
> indicating, that h2 using TLS does not work. It happens on all
> platforms, but not if the client also uses OpenSSL 0.9.8zh.
>
> I don't know whether that is expected for old OpenSSL, so can not
> judge on criticality.
>
> - only once out of 68 runs on Solaris failure in t/modules/cgi.t test
> 54 in line 232. There log contents are checked and the file system is
> on NFS. Might be, that this is a timing issue in the test. Not a
> show-stopper for me.
>
> - only once out of 68 runs on Solaris failure in t/ssl/proxy.t test
> 106 in line 131. /eat_post responds with a proxy error (502) instead
> of 200 with the posted content length as the response body. Need to
> investigate but would also say not a show-stopper, because only on
> Solaris and only once.
>
> - some crashes on Solaris when building the server statically linked.
> Only with event MPM and looks like always at the end of a process
> lifetime, typically during shutdown. Maybe a problem with duplicate
> OpenSSL unloading/cleanup (apr-util plus mod_ssl). I think its a known
> problem, but no fix yet available. Since it should not happen to
> processes which are in use I would say it is more of an annoyance and
> not a show-stopper.
>
> Regards,
>
> Rainer
Thank you so much for the thorough testing. I see that the H2 failure
case makes sense based on feedback. I also suspect there is a strong
lead on the ocsp case. I'm also pleased to see the backports have
already made it into 2.4.x so I think we're good to go.
--
Daniel Ruggeri
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic