堆栈内存溢出
  简体   繁体   English

tomcat和apr中的SSL配置

[英]SSL configuration in tomcat and apr

 原文  2013-10-07 04:17:08       java/ tomcat7

问题描述

I'm facing a problem setting up my tomcat with apr native lib, I have the following: 我在使用apr native lib设置我的tomcat时遇到问题,我有以下内容: 

Tomcat: 7.0.42
Java: 1.7.0_40-b43
OS: Centos 6.4 (2.6.32-358.18.1.el6.i686)
APR: 1.3.9
Native lib: 1.1.27
OpenSSL: openssl-1.0.0-27.el6_4.2.i686

My server.xml looks like: 我的server.xml看起来像: 

...
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
...
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="/tmp/monitoringPortalCert.pem"
SSLCertificateKeyFile="/tmp/monitoringPortalKey.pem"
SSLPassword="hide"
/>
...

I compiled the native lib as follow: 我编译了本机库,如下所示: 

./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes --prefix=$CATALINA_HOME 
make && make install

The APR is loaded ok: APR加载好了: 

Oct 06, 2013 7:55:14 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR version 1.3.9.

But I'm still having this error: 但我仍然有这个错误: 

SEVERE: Failed to initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this  platform

Could you guys help to understand where my error is? 你们能帮忙了解我的错误在哪里吗? What am I missing? 我错过了什么?

Thanks in advance for your support. 在此先感谢您的支持。

Thanks for the comment Mark, below it is the ./configure / make && make install outcome: ./configure 感谢评论Mark,下面是./configure / make && make install results:./ configure 

[root@localhost native]# ./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes --    prefix=$CATALINA_HOME && make && make install
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking for working mkdir -p... yes
Tomcat Native Version: 1.1.27
checking for chosen layout... tcnative
checking for APR... yes
  setting CC to "gcc"
  setting CPP to "gcc -E"
checking for JDK location (please wait)... /usr/java/jdk1.7.0_40 from environment
checking Java platform... checking Java platform...
checking for sablevm... NONE
  adding "-I/usr/java/jdk1.7.0_40/include" to TCNATIVE_PRIV_INCLUDES
checking os_type directory...  linux
  adding "-I/usr/java/jdk1.7.0_40/include/linux" to TCNATIVE_PRIV_INCLUDES
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for OpenSSL library... using openssl from /usr/lib and /usr/include
checking OpenSSL library version... ok
checking for OpenSSL DSA support... yes
  setting TCNATIVE_LDFLAGS to "-lssl -lcrypto"
  adding "-DHAVE_OPENSSL" to CFLAGS
  setting TCNATIVE_LIBS to ""
  setting TCNATIVE_LIBS to " /usr/lib/libapr-1.la  -lpthread"
configure: creating ./config.status
config.status: creating tcnative.pc
config.status: creating Makefile
config.status: executing default commands
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-    src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-    src/jni/native'
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-   src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-  src/jni/native'
/usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache-   tomcat-7.0.42/lib/pkgconfig \
                 /usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin
/usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative-  1.pc
list=''; for i in $list; do \
            ( cd $i ; make DESTDIR= install ); \
    done
/bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755     libtcnative-1.la /usr/apache-tomcat-7.0.42/lib
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache-    tomcat-7.0.42/lib/libtcnative-1.so.0.1.27
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative-  1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative-   1.so.0.1.27 libtcnative-1.so.0; }; })
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative-   1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27   libtcnative-1.so; }; })
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat-  7.0.42/lib/libtcnative-1.la
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat-   7.0.42/lib/libtcnative-1.a
libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib'

make && make install: make && make install: 

make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-   src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-  src/jni/native'
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-   src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-   src/jni/native'
/usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache-   tomcat-7.0.42/lib/pkgconfig \
                 /usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin
/usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc
list=''; for i in $list; do \
            ( cd $i ; make DESTDIR= install ); \
    done
/bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755     libtcnative-1.la /usr/apache-tomcat-7.0.42/lib
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache-  tomcat-7.0.42/lib/libtcnative-1.so.0.1.27
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative-   1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative-  1.so.0.1.27 libtcnative-1.so.0; }; })
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative-  1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27    libtcnative-1.so; }; })
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat-  7.0.42/lib/libtcnative-1.la
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat-  7.0.42/lib/libtcnative-1.a
libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib'

It seems everything is fine, but the error is not self-explanatory 似乎一切都很好,但错误并不是不言自明的

5 个解决方案

解决方案1
 12  2014-01-08 11:40:31

I also faced exact issue. 我也遇到了确切的问题。 Problem was it was not detecting correctly installed native library. 问题是它没有检测到正确安装的本机库。

When You install native library, before that install these first. 当您安装本机库时,首先安装它们。

For Ubuntu: sudo apt-get install libapr1-dev libssl-dev 对于Ubuntu:sudo apt-get install libapr1-dev libssl-dev

These libraries are required instead of libtcnative. 这些库是必需的而不是libtcnative。 After they have been successfully installed, configure your app n this manner. 成功安装后,以这种方式配置您的应用程序。 

sudo ./configure --with-apr=`which apr-1-config` --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME

Here CATALINA_HOME is your tomcat home that you have set or directly use /opt/apache_tomcat_version 这里CATALINA_HOME是您设置的tomcat主页或直接使用/ opt / apache_tomcat_version

Then 然后 

sudo make
sudo make install

After installation is finished , it will update you that libraries have not been put in tomcat's lib folder. 安装完成后,它将更新您已将文件库放入tomcat的lib文件夹中。

Configure your setenv like this 像这样配置你的setenv 

export LD_LIBRARY_PATH=/opt/apache-tomcat-7.0.42/lib:$LD_LIBRARY_PATH

Restart your tomcat, you're all Done! 重启你的tomcat,你们都完成了!

Cheers 干杯

解决方案2
 4  2013-10-07 08:38:35

返回并查看./configure的结果,因为它看起来还没有找到OpenSSL库。

解决方案3
 0  2014-07-31 21:00:21

On Ubuntu 12.04 , like Mark Thomas has pinpointed above I had not installed the prerequisite libs before I built the tcnative (tomcat native) library. Ubuntu 12.04 ,就像Mark Thomas在上面指出的那样,我在构建tcnative (tomcat native)库之前没有安装必备库。 As mentioned in the official webpage all I had to do was : 正如官方网页上所提到的,我所要做的就是: 

apt-get install libapr1.0-dev libssl-dev

and after that rebuild the tomcat native library, ie, redo the configure , make && make install 然后重建tomcat本机库,即重做configuremake && make install

解决方案4
 0  2016-07-12 13:35:21

From my perspective, working on a RHEL 6.6 system, I had to fork/copy an already existing Tomcat branch (such as /opt/tomcat/DEFAULT_BRANCH/conf /opt/tomcat/DEFAULT_BRANCH/ etc) and it was known-to-be-working already with previous forks. 从我的角度来看,在RHEL 6.6系统上工作时,我不得不分叉/复制已经存在的Tomcat分支(例如/ opt / tomcat / DEFAULT_BRANCH / conf / opt / tomcat / DEFAULT_BRANCH / etc),这是已知的 - 已经使用以前的叉子。

Therefore recompiling wasn't an option and even when I tried recompiling per the suggestions in this post, I always ran into the same SSL Engine problem in Catalina.out 因此重新编译不是一个选项,即使我按照本文中的建议尝试重新编译,我总是在Catalina.out中遇到相同的SSL引擎问题

What I ended up going was commenting the "Listener className" entry from the server.xml file (Line 27) and I then followed the following steps and it ended up working: 我最后要做的是评论server.xml文件中的“Listener className”条目(第27行)然后我按照以下步骤进行操作:

https://dzone.com/articles/setting-ssl-tomcat-5-minutes https://dzone.com/articles/setting-ssl-tomcat-5-minutes

Hope this helps somebody. 希望这有助于某人。

解决方案5
 0  2016-10-18 01:16:45

Another possible reason is that the version of openssl used by libcnative is different from the version of openssl currently used by tomcat . 另一个可能的原因是版本openssl所用libcnative是从版本不同openssl目前使用tomcat So, you can just recompile libcnative with the option: 因此,您可以使用以下选项重新编译libcnative 

--with-ssl=`the openssl directory used by tomcat`

It may be suitable for an OS in which there are many libcrypto.so.1.0.0 of different version. 它可能适用于有许多不同版本的libcrypto.so.1.0.0的操作系统。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有APR连接器的Tomcat正在使用SSL断开Java客户端 - Tomcat with APR connector is disconnecting Java clients with SSL Tomcat + SSL配置+客户端 - Tomcat + SSL configuration + Client Tomcat Alpha SSL配置 - Tomcat Alpha SSL configuration Tomcat SSL配置问题 - Questions of Tomcat SSL configuration 如何为 Tomcat 本机/APR SSL 启用调试日志记录 - How to enable debug logging for Tomcat native/APR SSL SSL Tomcat配置 - SSL Tomcat Configuration 外部tomcat中spring的SSL配置 - SSL Configuration for spring in External tomcat Tomcat 7 GWT应用SSL配置 - Tomcat 7 GWT app ssl configuration 带有嵌入式 Tomcat 的 APR - Spring - APR with Embedded Tomcat - Spring Tomcat 6.0中的BASIC身份验证和SSL配置失败 - BASIC Authentication and SSL configuration failed in Tomcat 6.0
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM