Actually, it looks like the error I pasted above was actually my embedded tomcat not being able to find tc-native. Sorry for the noise, I will respond if/when I run into a different/"real" problem. --Dave
On Tue, Jun 6, 2017 at 2:41 PM, Dave Neuman <neu...@apache.org> wrote: > Hey all, > I was wondering if anyone has had any luck or could provide some guidance > on using a custom keystore with tomcat 8.5.x and openssl? > > I am in the process of upgrading from tomcat 6.0.x using JSSE to tomcat > 8.5.x using Openssl. As part of the upgrade process, I need to re-implement > our custom keystore. The keystore was implemented in 6.0.x by extending > JSSEImplementation and JSSESocketFactory which has since been removed from > the code. I was able to work through that and I had my custom keystore > working use JSSE, but when I attempt to switch to using OpenSSL and start > my application, I get an error like: > > Exception in thread "Thread-3" java.lang.UnsatisfiedLinkError: > org.apache.tomcat.jni.Pool.create(J)J at > org.apache.tomcat.jni.Pool.create(Native > Method) at > org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:72) > at com.comcast.cdn.traffic_control.traffic_router.protocol.RouterSslUtil. > getImplementedProtocols(RouterSslUtil.java:65) at > org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:53) at > com.comcast.cdn.traffic_control.traffic_router. > protocol.RouterSslUtil.<init>(RouterSslUtil.java:54) at > com.comcast.cdn.traffic_control.traffic_router.protocol. > RouterSslImplementation.getSSLUtil(RouterSslImplementation.java:34) at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:970) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:613) at > org.apache.coyote.http11.AbstractHttp11Protocol.init( > AbstractHttp11Protocol.java:66) at com.comcast.cdn.traffic_ > control.traffic_router.protocol.LanguidNioProtocol. > init(LanguidNioProtocol.java:63) at com.comcast.cdn.traffic_ > control.traffic_router.protocol.LanguidPoller.run(LanguidPoller.java:58) > > It seems that this is because I don’t have a keystore configured in my > server.xml, so tomcat tries to use the default ~/.keystore which causes > issues at about the time it tries to get the IMPLEMENTED_PROTOCOLS_SET in > OpenSSLUtil. Like I said earlier if I switch to JSSEUtil, things work as > expected. > > Any thoughts? > > Thanks, > Dave > >