Java tomcat 和 apr 中的 SSL 配置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19216979/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL configuration in tomcat and apr
提问by nighter
I'm facing a problem setting up my tomcat with apr native lib, I have the following:
我在使用 apr 本机 lib 设置我的 tomcat 时遇到问题,我有以下内容:
Tomcat: 7.0.42
Java: 1.7.0_40-b43
OS: Centos 6.4 (2.6.32-358.18.1.el6.i686)
APR: 1.3.9
Native lib: 1.1.27
OpenSSL: openssl-1.0.0-27.el6_4.2.i686
My server.xml looks like:
我的 server.xml 看起来像:
...
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
...
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="/tmp/monitoringPortalCert.pem"
SSLCertificateKeyFile="/tmp/monitoringPortalKey.pem"
SSLPassword="hide"
/>
...
I compiled the native lib as follow:
我编译本机库如下:
./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes --prefix=$CATALINA_HOME
make && make install
The APR is loaded ok:
APR 加载正常:
Oct 06, 2013 7:55:14 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR version 1.3.9.
But I'm still having this error:
但我仍然有这个错误:
SEVERE: Failed to initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform
Could you guys help to understand where my error is? What am I missing?
你们能帮助理解我的错误在哪里吗?我错过了什么?
Thanks in advance for your support.
预先感谢您的支持。
Thanks for the comment Mark, below it is the ./configure / make && make install outcome: ./configure
感谢 Mark 的评论,下面是 ./configure / make && make install 结果:./configure
[root@localhost native]# ./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes -- prefix=$CATALINA_HOME && make && make install
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking for working mkdir -p... yes
Tomcat Native Version: 1.1.27
checking for chosen layout... tcnative
checking for APR... yes
setting CC to "gcc"
setting CPP to "gcc -E"
checking for JDK location (please wait)... /usr/java/jdk1.7.0_40 from environment
checking Java platform... checking Java platform...
checking for sablevm... NONE
adding "-I/usr/java/jdk1.7.0_40/include" to TCNATIVE_PRIV_INCLUDES
checking os_type directory... linux
adding "-I/usr/java/jdk1.7.0_40/include/linux" to TCNATIVE_PRIV_INCLUDES
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for OpenSSL library... using openssl from /usr/lib and /usr/include
checking OpenSSL library version... ok
checking for OpenSSL DSA support... yes
setting TCNATIVE_LDFLAGS to "-lssl -lcrypto"
adding "-DHAVE_OPENSSL" to CFLAGS
setting TCNATIVE_LIBS to ""
setting TCNATIVE_LIBS to " /usr/lib/libapr-1.la -lpthread"
configure: creating ./config.status
config.status: creating tcnative.pc
config.status: creating Makefile
config.status: executing default commands
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
/usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache- tomcat-7.0.42/lib/pkgconfig \
/usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin
/usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc
list=''; for i in $list; do \
( cd $i ; make DESTDIR= install ); \
done
/bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/apache-tomcat-7.0.42/lib
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache- tomcat-7.0.42/lib/libtcnative-1.so.0.1.27
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative- 1.so.0.1.27 libtcnative-1.so.0; }; })
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27 libtcnative-1.so; }; })
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.la
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.a
libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib'
make && make install:
make && make 安装:
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
make[1]: Nothing to be done for `local-all'.
make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native'
/usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache- tomcat-7.0.42/lib/pkgconfig \
/usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin
/usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc
list=''; for i in $list; do \
( cd $i ; make DESTDIR= install ); \
done
/bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/apache-tomcat-7.0.42/lib
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache- tomcat-7.0.42/lib/libtcnative-1.so.0.1.27
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative- 1.so.0.1.27 libtcnative-1.so.0; }; })
libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27 libtcnative-1.so; }; })
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.la
libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.a
libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a
libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib'
It seems everything is fine, but the error is not self-explanatory
似乎一切都很好,但错误不言自明
回答by Mark Thomas
Go back and check the results of ./configure as it look like the OpenSSL libraries have not been found.
返回并检查 ./configure 的结果,因为它看起来像没有找到 OpenSSL 库。
回答by 89n3ur0n
I also faced exact issue. Problem was it was not detecting correctly installed native library.
我也遇到了确切的问题。问题是它没有检测到正确安装的本机库。
When You install native library, before that install these first.
当您安装本机库时,请先安装这些。
For Ubuntu: sudo apt-get install libapr1-dev libssl-dev
对于 Ubuntu: sudo apt-get install libapr1-dev libssl-dev
These libraries are required instead of libtcnative. After they have been successfully installed, configure your app n this manner.
这些库是必需的,而不是 libtcnative。成功安装后,以这种方式配置您的应用程序。
sudo ./configure --with-apr=`which apr-1-config` --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME
Here CATALINA_HOME is your tomcat home that you have set or directly use /opt/apache_tomcat_version
这里CATALINA_HOME是你设置的或者直接使用/opt/apache_tomcat_version的tomcat home
Then
然后
sudo make
sudo make install
After installation is finished , it will update you that libraries have not been put in tomcat's lib folder.
安装完成后,它会通知您库尚未放入 tomcat 的 lib 文件夹中。
Configure your setenv like this
像这样配置你的 setenv
export LD_LIBRARY_PATH=/opt/apache-tomcat-7.0.42/lib:$LD_LIBRARY_PATH
Restart your tomcat, you're all Done!
重启你的 tomcat,你就大功告成了!
Cheers
干杯
回答by Rocky Inde
On Ubuntu 12.04, like Mark Thomas has pinpointed above I had not installed the prerequisite libs before I built the tcnative(tomcat native) library. As mentioned in the official webpageall I had to do was :
在 上Ubuntu 12.04,就像 Mark Thomas 在上面指出的那样,我在构建tcnative(tomcat 本机)库之前没有安装必备库。正如官方网页中提到的,我所要做的就是:
apt-get install libapr1.0-dev libssl-dev
and after that rebuild the tomcat native library, i.e., redo the configure, make && make install
然后重建tomcat本机库,即重做configure,make && make install
回答by DLS
From my perspective, working on a RHEL 6.6 system, I had to fork/copy an already existing Tomcat branch (such as /opt/tomcat/DEFAULT_BRANCH/conf /opt/tomcat/DEFAULT_BRANCH/ etc) and it was known-to-be-working already with previous forks.
从我的角度来看,在 RHEL 6.6 系统上工作,我不得不 fork/copy 一个已经存在的 Tomcat 分支(例如 /opt/tomcat/DEFAULT_BRANCH/conf /opt/tomcat/DEFAULT_BRANCH/ 等)并且它是已知的- 已经在使用以前的叉子了。
Therefore recompiling wasn't an option and even when I tried recompiling per the suggestions in this post, I always ran into the same SSL Engine problem in Catalina.out
因此重新编译不是一个选项,即使我尝试按照本文中的建议重新编译,我总是在 Catalina.out 中遇到相同的 SSL 引擎问题
What I ended up going was commenting the "Listener className" entry from the server.xml file (Line 27) and I then followed the following steps and it ended up working:
我最终要做的是评论 server.xml 文件(第 27 行)中的“Listener className”条目,然后我按照以下步骤操作,结果正常工作:
https://dzone.com/articles/setting-ssl-tomcat-5-minutes
https://dzone.com/articles/setting-ssl-tomcat-5-minutes
Hope this helps somebody.
希望这可以帮助某人。
回答by Yuchen Wang
Another possible reason is that the version of opensslused by libcnativeis different from the version of opensslcurrently used by tomcat. So, you can just recompile libcnativewith the option:
另一个可能的原因是opensslused bylibcnative的版本与opensslby 当前使用的版本不同tomcat。因此,您可以libcnative使用以下选项重新编译:
--with-ssl=`the openssl directory used by tomcat`
It may be suitable for an OS in which there are many libcrypto.so.1.0.0of different version.
它可能适用于有许多libcrypto.so.1.0.0不同版本的操作系统。
