Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Mark, On 11/10/23 10:27, Mark Thomas wrote: On 10/11/2023 14:44, Eduardo Guadalupe wrote: Thanks Mark, I found the issue, I assumed OpenSSL was installed because I had seen in some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19 Sep 2023].” That may be the OpenSSL version that is static linked to the Tomcat Native library. I don't think you can use that directly. I would think that WOULD work (once loaded), except Tomcat is specifically attempting to load ssl.dll in this case. IMO it's probably not worth it to allow either libtcnative or libssl. I think you should pick one or the other and load the one you expect to use. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
On Fri, Nov 10, 2023 at 4:27 PM Mark Thomas wrote: > > On 10/11/2023 14:44, Eduardo Guadalupe wrote: > > Thanks Mark, > > > > I found the issue, I assumed OpenSSL was installed because I had seen in > > some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19 > > Sep 2023].” > > That may be the OpenSSL version that is static linked to the Tomcat > Native library. I don't think you can use that directly. Most likely it would be AprLifecycleListener, which uses the same message when it's done with the OpenSSL init. Meh, my bad, although all messages are completely correct. I guess it is more likely to happen on Windows, where OpenSSL is not bundled, but our tomcat-native binary with statically linked OpenSSL would be on the library path. Then OpenSSLLifecycleListener won't be able to load OpenSSL, but AprLifecycleListener would. Rémy > > I double checked and OpenSSL exe is not available on the PATH. > > > > Is there any recommendations on how to install on Windows? O build from > > source is the best alternative? > > I haven't tried this on Windows yet. I've only got as far as noting > we'll need to think about this for Tomcat 12 if we are going to switch > to FFM and some initial research. > > Based on my initial research I suggest: > - look on the OpenSSL wiki for binary windows disributions > - pick one that offers DLLs with no additional dependencies > - download it > - put libssl.dll (or whatever it is called) in an appropriate directory > - ensure that directory is included in java.library.path (use >setenv.bat) > - ensure the OpenSSLLifecycleListener is configured in server.xml > - start Tomcat > > HTH, > > Mark > > > > > > On Fri, Nov 10, 2023, 01:48 Mark Thomas wrote: > > > >> On 10/11/2023 00:59, Eduardo Guadalupe wrote: > >>> Hi, > >>> > >>> I wanted to test the OpenSSL integration using the FFM API rather than > >>> Tomcat Native in Apache Tomcat 11.0.0-M14. > >>> > >>> Starting Tomcat is printing an error: > >>> > >>> > >>> Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no > >> ssl > >>> in java.library.path > >>> > >>> > >>> I am running on Windows 10 with openjdk-22-ea+22. > >>> > >>> Tomcat downloaded from > >>> > >> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip > >>> > >>> Is there additional steps/configurations required? > >> > >> Which OpenSSL binary did you install and where did you install it? > >> > >> Mark > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
On 10/11/2023 14:44, Eduardo Guadalupe wrote: Thanks Mark, I found the issue, I assumed OpenSSL was installed because I had seen in some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19 Sep 2023].” That may be the OpenSSL version that is static linked to the Tomcat Native library. I don't think you can use that directly. I double checked and OpenSSL exe is not available on the PATH. Is there any recommendations on how to install on Windows? O build from source is the best alternative? I haven't tried this on Windows yet. I've only got as far as noting we'll need to think about this for Tomcat 12 if we are going to switch to FFM and some initial research. Based on my initial research I suggest: - look on the OpenSSL wiki for binary windows disributions - pick one that offers DLLs with no additional dependencies - download it - put libssl.dll (or whatever it is called) in an appropriate directory - ensure that directory is included in java.library.path (use setenv.bat) - ensure the OpenSSLLifecycleListener is configured in server.xml - start Tomcat HTH, Mark On Fri, Nov 10, 2023, 01:48 Mark Thomas wrote: On 10/11/2023 00:59, Eduardo Guadalupe wrote: Hi, I wanted to test the OpenSSL integration using the FFM API rather than Tomcat Native in Apache Tomcat 11.0.0-M14. Starting Tomcat is printing an error: Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no ssl in java.library.path I am running on Windows 10 with openjdk-22-ea+22. Tomcat downloaded from https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip Is there additional steps/configurations required? Which OpenSSL binary did you install and where did you install it? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Thanks Mark, I found the issue, I assumed OpenSSL was installed because I had seen in some logs the message “OpenSSL successfully initialized [OpenSSL 3.0.11 19 Sep 2023].” I double checked and OpenSSL exe is not available on the PATH. Is there any recommendations on how to install on Windows? O build from source is the best alternative? On Fri, Nov 10, 2023, 01:48 Mark Thomas wrote: > On 10/11/2023 00:59, Eduardo Guadalupe wrote: > > Hi, > > > > I wanted to test the OpenSSL integration using the FFM API rather than > > Tomcat Native in Apache Tomcat 11.0.0-M14. > > > > Starting Tomcat is printing an error: > > > > > > Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no > ssl > > in java.library.path > > > > > > I am running on Windows 10 with openjdk-22-ea+22. > > > > Tomcat downloaded from > > > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip > > > > Is there additional steps/configurations required? > > Which OpenSSL binary did you install and where did you install it? > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
On 10/11/2023 00:59, Eduardo Guadalupe wrote: Hi, I wanted to test the OpenSSL integration using the FFM API rather than Tomcat Native in Apache Tomcat 11.0.0-M14. Starting Tomcat is printing an error: Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no ssl in java.library.path I am running on Windows 10 with openjdk-22-ea+22. Tomcat downloaded from https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip Is there additional steps/configurations required? Which OpenSSL binary did you install and where did you install it? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Testing OpenSSL integration using the FFM API with Tomcat 11 on Windows 10
Hi, I wanted to test the OpenSSL integration using the FFM API rather than Tomcat Native in Apache Tomcat 11.0.0-M14. Starting Tomcat is printing an error: Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no ssl in java.library.path I am running on Windows 10 with openjdk-22-ea+22. Tomcat downloaded from https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M14/bin/apache-tomcat-11.0.0-M14-windows-x64.zip Is there additional steps/configurations required? Configuration: Logs: 09-Nov-2023 17:57:33.451 SEVERE [main] org.apache.catalina.core.OpenSSLLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine. java.lang.UnsatisfiedLinkError: no ssl in java.library.path: C:\apps\JDK\openjdk-22-ea+22_windows-x64_bin\jdk-22\bin;;. at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2439) at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:916) at java.base/java.lang.System.loadLibrary(System.java:2063) at org.apache.tomcat.util.openssl.RuntimeHelper.(RuntimeHelper.java:60) at org.apache.tomcat.util.openssl.openssl_h.(openssl_h.java:36) at org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary.initLibrary(OpenSSLLibrary.java:84) at org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary.init(OpenSSLLibrary.java:177) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at org.apache.catalina.core.OpenSSLLifecycleListener.lifecycleEvent(OpenSSLLifecycleListener.java:99) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:126) at org.apache.catalina.startup.Catalina.load(Catalina.java:745) at org.apache.catalina.startup.Catalina.load(Catalina.java:767) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:304) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) 09-Nov-2023 17:57:33.452 INFO [main] org.apache.catalina.core.OpenSSLLifecycleListener.lifecycleEvent Failed shutdown of OpenSSL Eduardo Quintanilla
