Re: Tomcat Native and macOS 10.15.7
Thad, On 8/23/22 10:49, Thad Humphries wrote: On Tue, Aug 23, 2022 at 10:18 AM Mark Thomas wrote: On 23/08/2022 14:12, Thad Humphries wrote: I'm trying to understand a problem I'm having with Tomcat Native since moving from 1.2.x to 2.0. For several years I have been running Tomcat 9.0.12 in Eclipse and 9.0.37 for localhost on my home and office Mac Mini's with macOS 10.15.7 Catalina. Both use OpenJDK 8 from Amazon. To support development I have a self-signed certificate and until recently used Tomcat Native 1.2.x installed with Homebrew. I added `CATALINA_OPTS="-Xmx1024m -Djava.library.path=/usr/local/opt/tomcat-native/lib"` to my bin/setevn.sh With this configuration I was able to the connector org.apache.coyote.http11.Http11AprProtocol with UpgradeProtocol for org.apache.coyote.http2.Http2Protocol Recently Homebrew replaced Tomcat Native 1.2.x with 2.0.1. Since then when Tomcat starts I see in catalina.out "The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/local/opt/tomcat-native/lib]". I've had to switch my development to connector org.apache.coyote.http11.Http11NioProtocol (I need SSL for my client-server setup). I've tried using a Tomcat Native 2 I built myself, but get the same "not found on the java.library.path" message. I tried using a Tomcat Native 1.2.35 I built myself but got the following stacktrace in catalina.out 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.7.0]. 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 23-Aug-2022 03:07:29.544 SEVERE [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:289) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) at org.apache.catalina.startup.Catalina.load(Catalina.java:690) at org.apache.catalina.startup.Catalina.load(Catalina.java:712) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) What is the issue I'm seeing and how might it be corrected if I want to run Tomcat Native for the APR protocol? You can't. The APR connector has been deprecated and has been removed in Tomcat 10.1.x onwards. Tomcat Native 2.0.x does not support the APR connectors. You need to switch to NIO or NIO2. If you want to use OpenSSL for TLS then you can do so (you'll need Tomcat Native 2.0.x and OpenSSL). Look at the docs for the sslImplementationName attribute. BTW, this is not critical to me; I can live with NIO. However I'm the *only* person on this team who pays any attention to Tomcat, and I may be having to explain this to my coworkers and our boss. Others use a mix of Linux, Windows, and Mac. Most don't use SSL internally but some use the AJP connector for Apache, and IIRC that needs Tomcat Native, too. AJP does not require APR/Native. There are NIO and NIO2 implementations for AJP. Mark Thank you, Mark. That all makes sense. I'll look at the docs you've referenced. I recall once watching some YouTube videos on Tomcat connectors. I'll find and rewatch those, too. Some additional details: tcnative 2.x, while not supporting the APR connector, supports everything you need for native cryptographic operations via OpenSSL. It likely works with LibreSSL as well but there hasn't been significant testing done, there. Switching from APR to NIO+tcnative+OpenSSL should give you a reasonably efficient connector which is slightly "safer"
Re: Tomcat Native and macOS 10.15.7
On Tue, Aug 23, 2022 at 10:18 AM Mark Thomas wrote: > On 23/08/2022 14:12, Thad Humphries wrote: > > I'm trying to understand a problem I'm having with Tomcat Native since > > moving from 1.2.x to 2.0. > > > > For several years I have been running Tomcat 9.0.12 in Eclipse and 9.0.37 > > for localhost on my home and office Mac Mini's with macOS 10.15.7 > Catalina. > > Both use OpenJDK 8 from Amazon. To support development I have a > self-signed > > certificate and until recently used Tomcat Native 1.2.x installed with > > Homebrew. I added `CATALINA_OPTS="-Xmx1024m > > -Djava.library.path=/usr/local/opt/tomcat-native/lib"` to my > bin/setevn.sh > > > > With this configuration I was able to the > > connector org.apache.coyote.http11.Http11AprProtocol with UpgradeProtocol > > for org.apache.coyote.http2.Http2Protocol > > > > Recently Homebrew replaced Tomcat Native 1.2.x with 2.0.1. Since then > when > > Tomcat starts I see in catalina.out "The Apache Tomcat Native library > which > > allows using OpenSSL was not found on the java.library.path: > > [/usr/local/opt/tomcat-native/lib]". I've had to switch my development to > > connector org.apache.coyote.http11.Http11NioProtocol (I need SSL for my > > client-server setup). > > > > I've tried using a Tomcat Native 2 I built myself, but get the same "not > > found on the java.library.path" message. I tried using a Tomcat Native > > 1.2.35 I built myself but got the following stacktrace in catalina.out > > > > 23-Aug-2022 03:07:29.541 INFO [main] > > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > Apache > > Tomcat Native library [1.2.35] using APR version [1.7.0]. > > 23-Aug-2022 03:07:29.541 INFO [main] > > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random > > [true]. > > 23-Aug-2022 03:07:29.541 INFO [main] > > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL > > configuration: useAprConnector [false], useOpenSSL [true] > > 23-Aug-2022 03:07:29.544 SEVERE [main] > > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to > > initialize the SSLEngine. > > org.apache.tomcat.jni.Error: 70023: This function has not been > implemented > > on this platform > > at org.apache.tomcat.jni.SSL.initialize(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > > > org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:289) > > at > > > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136) > > at > > > org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) > > at > > > org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) > > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:690) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:712) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) > > > > What is the issue I'm seeing and how might it be corrected if I want to > run > > Tomcat Native for the APR protocol? > > You can't. > > The APR connector has been deprecated and has been removed in Tomcat > 10.1.x onwards. > > Tomcat Native 2.0.x does not support the APR connectors. > > You need to switch to NIO or NIO2. If you want to use OpenSSL for TLS > then you can do so (you'll need Tomcat Native 2.0.x and OpenSSL). Look > at the docs for the sslImplementationName attribute. > > > BTW, this is not critical to me; I can live with NIO. However I'm the > *only* > > person on this team who pays any attention to Tomcat, and I may be having > > to explain this to my coworkers and our boss. Others use a mix of Linux, > > Windows, and Mac. Most don't use SSL internally but some use the AJP > > connector for Apache, and IIRC that needs Tomcat Native, too. > > AJP does not require APR/Native. There are NIO and NIO2 implementations > for AJP. > > Mark > Thank you, Mark. That all makes sense. I'll look at the docs you've referenced. I recall once watching some YouTube videos on Tomcat connectors. I'll find and rewatch those, too. -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there
Re: Tomcat Native and macOS 10.15.7
On 23/08/2022 14:12, Thad Humphries wrote: I'm trying to understand a problem I'm having with Tomcat Native since moving from 1.2.x to 2.0. For several years I have been running Tomcat 9.0.12 in Eclipse and 9.0.37 for localhost on my home and office Mac Mini's with macOS 10.15.7 Catalina. Both use OpenJDK 8 from Amazon. To support development I have a self-signed certificate and until recently used Tomcat Native 1.2.x installed with Homebrew. I added `CATALINA_OPTS="-Xmx1024m -Djava.library.path=/usr/local/opt/tomcat-native/lib"` to my bin/setevn.sh With this configuration I was able to the connector org.apache.coyote.http11.Http11AprProtocol with UpgradeProtocol for org.apache.coyote.http2.Http2Protocol Recently Homebrew replaced Tomcat Native 1.2.x with 2.0.1. Since then when Tomcat starts I see in catalina.out "The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/local/opt/tomcat-native/lib]". I've had to switch my development to connector org.apache.coyote.http11.Http11NioProtocol (I need SSL for my client-server setup). I've tried using a Tomcat Native 2 I built myself, but get the same "not found on the java.library.path" message. I tried using a Tomcat Native 1.2.35 I built myself but got the following stacktrace in catalina.out 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.7.0]. 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 23-Aug-2022 03:07:29.544 SEVERE [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:289) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) at org.apache.catalina.startup.Catalina.load(Catalina.java:690) at org.apache.catalina.startup.Catalina.load(Catalina.java:712) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) What is the issue I'm seeing and how might it be corrected if I want to run Tomcat Native for the APR protocol? You can't. The APR connector has been deprecated and has been removed in Tomcat 10.1.x onwards. Tomcat Native 2.0.x does not support the APR connectors. You need to switch to NIO or NIO2. If you want to use OpenSSL for TLS then you can do so (you'll need Tomcat Native 2.0.x and OpenSSL). Look at the docs for the sslImplementationName attribute. BTW, this is not critical to me; I can live with NIO. However I'm the *only* person on this team who pays any attention to Tomcat, and I may be having to explain this to my coworkers and our boss. Others use a mix of Linux, Windows, and Mac. Most don't use SSL internally but some use the AJP connector for Apache, and IIRC that needs Tomcat Native, too. AJP does not require APR/Native. There are NIO and NIO2 implementations for AJP. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Native and macOS 10.15.7
I'm trying to understand a problem I'm having with Tomcat Native since moving from 1.2.x to 2.0. For several years I have been running Tomcat 9.0.12 in Eclipse and 9.0.37 for localhost on my home and office Mac Mini's with macOS 10.15.7 Catalina. Both use OpenJDK 8 from Amazon. To support development I have a self-signed certificate and until recently used Tomcat Native 1.2.x installed with Homebrew. I added `CATALINA_OPTS="-Xmx1024m -Djava.library.path=/usr/local/opt/tomcat-native/lib"` to my bin/setevn.sh With this configuration I was able to the connector org.apache.coyote.http11.Http11AprProtocol with UpgradeProtocol for org.apache.coyote.http2.Http2Protocol Recently Homebrew replaced Tomcat Native 1.2.x with 2.0.1. Since then when Tomcat starts I see in catalina.out "The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/local/opt/tomcat-native/lib]". I've had to switch my development to connector org.apache.coyote.http11.Http11NioProtocol (I need SSL for my client-server setup). I've tried using a Tomcat Native 2 I built myself, but get the same "not found on the java.library.path" message. I tried using a Tomcat Native 1.2.35 I built myself but got the following stacktrace in catalina.out 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.7.0]. 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 23-Aug-2022 03:07:29.541 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 23-Aug-2022 03:07:29.544 SEVERE [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:289) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:135) at org.apache.catalina.startup.Catalina.load(Catalina.java:690) at org.apache.catalina.startup.Catalina.load(Catalina.java:712) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) What is the issue I'm seeing and how might it be corrected if I want to run Tomcat Native for the APR protocol? BTW, this is not critical to me; I can live with NIO. However I'm the *only* person on this team who pays any attention to Tomcat, and I may be having to explain this to my coworkers and our boss. Others use a mix of Linux, Windows, and Mac. Most don't use SSL internally but some use the AJP connector for Apache, and IIRC that needs Tomcat Native, too. -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v. 111-13)