You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/02/17 23:27:14 UTC

[Bug 59024] New: Tomcat Native uses OPENSSL_VERSION_TEXT for run-time OpenSSL version number instead of SSLeay_version(SSLEAY_VERSION)

https://bz.apache.org/bugzilla/show_bug.cgi?id=59024

            Bug ID: 59024
           Summary: Tomcat Native uses OPENSSL_VERSION_TEXT for run-time
                    OpenSSL version number instead of
                    SSLeay_version(SSLEAY_VERSION)
           Product: Tomcat Native
           Version: 1.2.4
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: gkiessling@teradici.com

When Tomcat Native is dynamically linked with OpenSSL, the same OpenSSL version
number is reported in catalina.out when Tomcat is started up even after the
shared OpenSSL libraries are replaced with different versions. For example, if
Tomcat Native was built with OpenSSL version 1.0.2d, the following will appear
in catalina.out whenever Tomcat is started even if the shared OpenSSL library
actually being used is version 1.0.2f:

INFO: OpenSSL successfully initialized (OpenSSL 1.0.2d 9 Jul 2015)

This is because the OPENSSL_VERSION_TEXT macro that's defined in
openssl/opensslv.h is used to report the version number instead of the value
returned by the SSLeay_version() function defined in crypto.h.

The fix for this is simple: replace "OPENSSL_VERSION_TEXT" in the definition of
versionString() in /native/src/ssl.c with "SSLeay_version(SSLEAY_VERSION)" so
that it looks like this:

TCN_IMPLEMENT_CALL(jstring, SSL, versionString)(TCN_STDARGS)
{
    UNREFERENCED(o);
    return AJP_TO_JSTRING(SSLeay_version(SSLEAY_VERSION));
}

I have verified this fix works with Tomcat Native 1.2.4 built on CentOS 6.7.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 59024] Tomcat Native uses OPENSSL_VERSION_TEXT for run-time OpenSSL version number instead of SSLeay_version(SSLEAY_VERSION)

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59024

Rainer Jung <ra...@kippdata.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Rainer Jung <ra...@kippdata.de> ---
Thanks for the report. I have tweaked to change a bit to make it compatible
with OpenSSL 1.1.0 as well and I have also changed version() for OpenSSL 1.1.0.

This will be part of the next tcnative release 1.2.5 and - if we release 1.1.x
again - also of 1.1.35.

Change revisions are r1731004 + r1731006 (1.2.x) resp. r1731007 (1.1.x).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org