You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Eduardo Guadalupe <ed...@gmail.com> on 2023/11/10 00:59:50 UTC
Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Hi,
I wanted to test the OpenSSL integration using the FFM API rather than
Tomcat Native in Apache Tomcat 11.0.0-M14.
Starting Tomcat is printing an error:
Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no ssl
in java.library.path
I am running on Windows 10 with openjdk-22-ea+22.
Tomcat downloaded from
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip
Is there additional steps/configurations required?
Configuration:
<Connector
URIEncoding="UTF-8"
connectionTimeout="20000"
maxThreads="800"
port="9456"
processorCache="800"
protocol="HTTP/1.1"
redirectPort="9485"
/>
<Connector
SSLEnabled="true"
URIEncoding="UTF-8"
address="0.0.0.0"
maxThreads="800"
port="9485"
processorCache="800"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
<UpgradeProtocol
className="org.apache.coyote.http2.Http2Protocol"
overheadDataThreshold="0"
/>
<SSLHostConfig>
<Certificate
certificateFile="conf/localhost.cer"
certificateKeyFile="conf/localhost.key" type="RSA" />
</SSLHostConfig>
</Connector>
Logs:
09-Nov-2023 17:57:33.451 SEVERE [main]
org.apache.catalina.core.OpenSSLLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.
java.lang.UnsatisfiedLinkError: no ssl in
java.library.path:
C:\apps\JDK\openjdk-22-ea+22_windows-x64_bin\jdk-22\bin;<more stuff....>;.
at
java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2439)
at
java.base/java.lang.Runtime.loadLibrary0(Runtime.java:916)
at
java.base/java.lang.System.loadLibrary(System.java:2063)
at
org.apache.tomcat.util.openssl.RuntimeHelper.<clinit>(RuntimeHelper.java:60)
at
org.apache.tomcat.util.openssl.openssl_h.<clinit>(openssl_h.java:36)
at
org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary.initLibrary(OpenSSLLibrary.java:84)
at
org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary.init(OpenSSLLibrary.java:177)
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at
java.base/java.lang.reflect.Method.invoke(Method.java:580)
at
org.apache.catalina.core.OpenSSLLifecycleListener.lifecycleEvent(OpenSSLLifecycleListener.java:99)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:126)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:745)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:767)
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at
java.base/java.lang.reflect.Method.invoke(Method.java:580)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:304)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
09-Nov-2023 17:57:33.452 INFO [main]
org.apache.catalina.core.OpenSSLLifecycleListener.lifecycleEvent Failed
shutdown of OpenSSL
Eduardo Quintanilla
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 11/10/23 10:27, Mark Thomas wrote:
> On 10/11/2023 14:44, Eduardo Guadalupe wrote:
>> Thanks Mark,
>>
>> I found the issue, I assumed OpenSSL was installed because I had seen in
>> some logs the message “OpenSSL successfully initialized [OpenSSL
>> 3.0.11 19
>> Sep 2023].”
>
> That may be the OpenSSL version that is static linked to the Tomcat
> Native library. I don't think you can use that directly.
I would think that WOULD work (once loaded), except Tomcat is
specifically attempting to load ssl.dll in this case. IMO it's probably
not worth it to allow either libtcnative or libssl. I think you should
pick one or the other and load the one you expect to use.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Posted by Rémy Maucherat <re...@apache.org>.
On Fri, Nov 10, 2023 at 4:27 PM Mark Thomas <ma...@apache.org> wrote:
>
> On 10/11/2023 14:44, Eduardo Guadalupe wrote:
> > Thanks Mark,
> >
> > I found the issue, I assumed OpenSSL was installed because I had seen in
> > some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19
> > Sep 2023].”
>
> That may be the OpenSSL version that is static linked to the Tomcat
> Native library. I don't think you can use that directly.
Most likely it would be AprLifecycleListener, which uses the same
message when it's done with the OpenSSL init. Meh, my bad, although
all messages are completely correct.
I guess it is more likely to happen on Windows, where OpenSSL is not
bundled, but our tomcat-native binary with statically linked OpenSSL
would be on the library path. Then OpenSSLLifecycleListener won't be
able to load OpenSSL, but AprLifecycleListener would.
Rémy
> > I double checked and OpenSSL exe is not available on the PATH.
> >
> > Is there any recommendations on how to install on Windows? O build from
> > source is the best alternative?
>
> I haven't tried this on Windows yet. I've only got as far as noting
> we'll need to think about this for Tomcat 12 if we are going to switch
> to FFM and some initial research.
>
> Based on my initial research I suggest:
> - look on the OpenSSL wiki for binary windows disributions
> - pick one that offers DLLs with no additional dependencies
> - download it
> - put libssl.dll (or whatever it is called) in an appropriate directory
> - ensure that directory is included in java.library.path (use
> setenv.bat)
> - ensure the OpenSSLLifecycleListener is configured in server.xml
> - start Tomcat
>
> HTH,
>
> Mark
>
>
> >
> > On Fri, Nov 10, 2023, 01:48 Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 10/11/2023 00:59, Eduardo Guadalupe wrote:
> >>> Hi,
> >>>
> >>> I wanted to test the OpenSSL integration using the FFM API rather than
> >>> Tomcat Native in Apache Tomcat 11.0.0-M14.
> >>>
> >>> Starting Tomcat is printing an error:
> >>>
> >>>
> >>> Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no
> >> ssl
> >>> in java.library.path
> >>>
> >>>
> >>> I am running on Windows 10 with openjdk-22-ea+22.
> >>>
> >>> Tomcat downloaded from
> >>>
> >> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip
> >>>
> >>> Is there additional steps/configurations required?
> >>
> >> Which OpenSSL binary did you install and where did you install it?
> >>
> >> Mark
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Posted by Mark Thomas <ma...@apache.org>.
On 10/11/2023 14:44, Eduardo Guadalupe wrote:
> Thanks Mark,
>
> I found the issue, I assumed OpenSSL was installed because I had seen in
> some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19
> Sep 2023].”
That may be the OpenSSL version that is static linked to the Tomcat
Native library. I don't think you can use that directly.
> I double checked and OpenSSL exe is not available on the PATH.
>
> Is there any recommendations on how to install on Windows? O build from
> source is the best alternative?
I haven't tried this on Windows yet. I've only got as far as noting
we'll need to think about this for Tomcat 12 if we are going to switch
to FFM and some initial research.
Based on my initial research I suggest:
- look on the OpenSSL wiki for binary windows disributions
- pick one that offers DLLs with no additional dependencies
- download it
- put libssl.dll (or whatever it is called) in an appropriate directory
- ensure that directory is included in java.library.path (use
setenv.bat)
- ensure the OpenSSLLifecycleListener is configured in server.xml
- start Tomcat
HTH,
Mark
>
> On Fri, Nov 10, 2023, 01:48 Mark Thomas <ma...@apache.org> wrote:
>
>> On 10/11/2023 00:59, Eduardo Guadalupe wrote:
>>> Hi,
>>>
>>> I wanted to test the OpenSSL integration using the FFM API rather than
>>> Tomcat Native in Apache Tomcat 11.0.0-M14.
>>>
>>> Starting Tomcat is printing an error:
>>>
>>>
>>> Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no
>> ssl
>>> in java.library.path
>>>
>>>
>>> I am running on Windows 10 with openjdk-22-ea+22.
>>>
>>> Tomcat downloaded from
>>>
>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip
>>>
>>> Is there additional steps/configurations required?
>>
>> Which OpenSSL binary did you install and where did you install it?
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Posted by Eduardo Guadalupe <ed...@gmail.com>.
Thanks Mark,
I found the issue, I assumed OpenSSL was installed because I had seen in
some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19
Sep 2023].”
I double checked and OpenSSL exe is not available on the PATH.
Is there any recommendations on how to install on Windows? O build from
source is the best alternative?
On Fri, Nov 10, 2023, 01:48 Mark Thomas <ma...@apache.org> wrote:
> On 10/11/2023 00:59, Eduardo Guadalupe wrote:
> > Hi,
> >
> > I wanted to test the OpenSSL integration using the FFM API rather than
> > Tomcat Native in Apache Tomcat 11.0.0-M14.
> >
> > Starting Tomcat is printing an error:
> >
> >
> > Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no
> ssl
> > in java.library.path
> >
> >
> > I am running on Windows 10 with openjdk-22-ea+22.
> >
> > Tomcat downloaded from
> >
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip
> >
> > Is there additional steps/configurations required?
>
> Which OpenSSL binary did you install and where did you install it?
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Posted by Mark Thomas <ma...@apache.org>.
On 10/11/2023 00:59, Eduardo Guadalupe wrote:
> Hi,
>
> I wanted to test the OpenSSL integration using the FFM API rather than
> Tomcat Native in Apache Tomcat 11.0.0-M14.
>
> Starting Tomcat is printing an error:
>
>
> Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no ssl
> in java.library.path
>
>
> I am running on Windows 10 with openjdk-22-ea+22.
>
> Tomcat downloaded from
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip
>
> Is there additional steps/configurations required?
Which OpenSSL binary did you install and where did you install it?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org