2013/11/11 <ma...@apache.org>: > Author: markt > Date: Sun Nov 10 20:20:37 2013 > New Revision: 1540539 > > URL: http://svn.apache.org/r1540539 > Log: > Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55749 > Improve error message when SSLEngine is disabled in AprLifecycleListener and > SSL is configured for an APR/native connector. > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java > tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties > > Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1540539&r1=1540538&r2=1540539&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Sun Nov 10 > 20:20:37 2013 > @@ -514,7 +514,15 @@ public class AprEndpoint extends Abstrac > } > > // Create SSL Context > - sslContext = SSLContext.make(rootPool, value, > SSL.SSL_MODE_SERVER); > + try { > + sslContext = SSLContext.make(rootPool, value, > SSL.SSL_MODE_SERVER); > + } catch (Exception e) { > + // If the sslEngine is disabled on the AprLifecycleListener > + // there will be an Exception here but there is no way to > check > + // the AprLifecycleListener settings from here > + throw new Exception( > + sm.getString("endpoint.apr.failSslContextMake"), e); > + } > if (SSLInsecureRenegotiation) { > boolean legacyRenegSupported = false; > try { > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1540539&r1=1540538&r2=1540539&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties > (original) > +++ tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties > Sun Nov 10 20:20:37 2013
> +endpoint.apr.failSslContextMake=Unable to create SSLContext. Check SSLEngine > is enabled in the AprLifecycleListener and that a valid SSLProtocol has been > specified 1. A missing word in the message: s/ Check SSLEngine / Check that SSLEngine / or "Check whether SSLEngine ..."? 2. Maybe mention that "Check that AprLifecycleListener has initialized successfully", in case one missed previous log messages. Looking at AprLifecycleListener when it fails to initialize an SSL Engine it logs an error and continues. Thus I think one can reach this place even if the engine failed to initialize. http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/AprLifecycleListener.java?view=markup#l107 (Possible example of a failure: if tcnative was compiled without OpenSSL. In that case SSL.initialize() is replaced by a stub that always throws an exception, http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?view=markup#l1107 ) 3. You aren't improving the message reported in Bugzilla, but a different one. In OP's stacktrace from Tomcat 6: java.lang.Exception: Socket bind failed: [226] Adresse bereits im Zugriff at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:671) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:851) The above is an implicit call to init() from within start(). I think that there should have been a previous explicit call to init() that failed and should have printed an error message. It looks like the message that you are improving should have already been in the logs, but OP failed to notice it. The "Address already in use" message reported in Bugzilla would still occur when init() is called by the second time. I do not know whether repeated call to init() is possible in Tomcat 7 (I hope better lifecycles prevent it), but it looks possible in Tomcat 6. In AprEndpoint of Tomcat 6 [[[ public void init() throws Exception { if (initialized) return; // Create the root APR memory pool rootPool = Pool.create(0); ... ]]] Maybe add a sanity check just below the "if (initialized) return;" lines above: if (rootPool != 0) then it means that the pool has already been created. In other words, init() has already been called once, but failed. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
