Re: SSL_CTX_set_alpn_select_cb undefined

Fri, 15 Apr 2016 10:58:00 -0700 

Am 15.04.2016 um 19:37 schrieb Michael Fox:

I am running Red Hat Linux version 7.2, Apache version 2.4.6, Java JDK 
1.8.0_65, Tomcat version 9.0.0.M1, Tomcat connector version 1.2.5, and have 
uncommented the HTTP/2 Connector lines in the Tomcat server.xml file.  When I 
run the configure command for the Tomcat connector, I get the message:

checking OpenSSL library version >= 1.0.2...



Found   OPENSSL_VERSION_NUMBER 0x1000105f (OpenSSL 1.0.1e 11 Feb 2013)

Require OPENSSL_VERSION_NUMBER 0x1000200f or greater (1.0.2)



Per Red Hat (https://access.redhat.com/articles/1384453), they consider OpenSSL 
version 1.0.2 to have security issues, and so are not issuing that version.
You misunderstood that text. Version 1.0.2 had security issues, which where fixed by 1.0.2a. So the current patch level of 1.0.2, which is 1.0.2g has no known security issues.
tcnative starting with version 1.2.0 no longer supports OpenSSL older than 1.0.2. So no support for 0.9.8, 1.0.0 and 1.0.1. You need to build tcnative 1.2.x against OpenSSL 1.0.2 preferably against 1.0.2g. 

The symbol SSL_CTX_set_alpn_select_cb only exists in 1.0.2 and newer.

Regards,

Rainer


To be able to configure and make the tcnative library, I run the configure 
command as such:

  ./configure --with-apr=/usr/bin/apr-1-config --with-java-home=$JAVA_HOME 
--prefix=$CATALINA_HOME --disable-openssl-version-check --with-ssl=yes



I am able to make and install the library, but when I run the Tomcat configtest 
I get:

INFO: Initializing ProtocolHandler ["https-apr-8443"]

/usr/java/jdk1.8.0_65/bin/java: symbol lookup error: 
/home/tomcat/apache-tomcat-9.0.0.M1-src/output/build/lib/libtcnative-1.so.0.2.5:
 undefined symbol: SSL_CTX_set_alpn_select_cb

Configuration error detected!



Is there a way to get around or define this symbol?

Should I investigate the use of older versions of Tomcat, Java, and Tomcat 
connector?

Should I not use APR with Tomcat (and then use HTTP/1.1)?

Should I abandon the RedHat Apache software and use the latest Apache from 
apache.org?



Thanks,

Mike


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to