On Fri, Jul 12, 2019 at 11:21 AM Rémy Maucherat <r...@apache.org> wrote:
> In the native code, it crashes on: > https://github.com/apache/tomcat-native/blob/master/native/src/ssl.c#L635 > > I modified the code to: > double d = (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)); > apr_snprintf(buf, sizeof(buf), "%.0f", d); > > And it cores on the apr_snprintf. I don't see how it is unsafe though. > > Ok, going back to it on Monday, things are magically going better (summary: everything works fine). The problem is "simply" that "--static" doesn't provide a working native image when using TLS. The problem also actually occurs with JSSE as well (since the EC support is also an external JNI library). Note: Not being able to statically link ties the native image to the platform it is built on (= not good for cloud in some cases, unless the target is good enough to build the binary), so that's not great and TLS becomes non viable in many cases. Rémy