Hey all, I was wondering if anyone has had any luck or could provide some guidance on using a custom keystore with tomcat 8.5.x and openssl?
I am in the process of upgrading from tomcat 6.0.x using JSSE to tomcat 8.5.x using Openssl. As part of the upgrade process, I need to re-implement our custom keystore. The keystore was implemented in 6.0.x by extending JSSEImplementation and JSSESocketFactory which has since been removed from the code. I was able to work through that and I had my custom keystore working use JSSE, but when I attempt to switch to using OpenSSL and start my application, I get an error like: Exception in thread "Thread-3" java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J at org.apache.tomcat.jni.Pool.create(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:72) at com.comcast.cdn.traffic_control.traffic_router.protocol.RouterSslUtil.getImplementedProtocols(RouterSslUtil.java:65) at org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:53) at com.comcast.cdn.traffic_control.traffic_router.protocol.RouterSslUtil.<init>(RouterSslUtil.java:54) at com.comcast.cdn.traffic_control.traffic_router.protocol.RouterSslImplementation.getSSLUtil(RouterSslImplementation.java:34) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:970) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:613) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66) at com.comcast.cdn.traffic_control.traffic_router.protocol.LanguidNioProtocol.init(LanguidNioProtocol.java:63) at com.comcast.cdn.traffic_control.traffic_router.protocol.LanguidPoller.run(LanguidPoller.java:58) It seems that this is because I don’t have a keystore configured in my server.xml, so tomcat tries to use the default ~/.keystore which causes issues at about the time it tries to get the IMPLEMENTED_PROTOCOLS_SET in OpenSSLUtil. Like I said earlier if I switch to JSSEUtil, things work as expected. Any thoughts? Thanks, Dave
