subject:"RE\: apr"

Re: APR connector questions

2020-05-09 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel,

On 5/9/20 12:34, daniel@dell.com wrote:
> We want to use APR to call openssl also do with native to support
FIPS mode in tomcat.
>
> Software info Tomcat/9.0.34 libtcnative-1-0-1.2.23-15.30.x86_64

Where did you get that? Is it tcnative-1.2.23?

What about your APR version?

> configuration as below:
>
>  connectionTimeout="6" maxKeepAliveRequests="150"
> SSLCertificateFile="*" SSLCertificateChainFile=""
> SSLCertificateKeyFile="*" compression="on"
>
compressibleMimeType="text/html,text/xml,text/css,text/javascript,applic
ation/javascript"
> port="${bio.https.port}"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> scheme="https" secure="true" sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2" URIEncoding="UTF-8"/>
>
>
> When enable debug info in tomcat will see
>
> 09-May-2020 00:51:35.358 FINE [https-openssl-apr-8443-exec-1]
org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.doClose
Calling
[org.apache.tomcat.util.net.AprEndpoint@4275c20c].closeSocket([org.apach
e.tomcat.util.net.AprEndpoint$AprSocketWrapper@1efb5c3e:139622944367568]
)
> 09-May-2020 00:51:35.367 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [139,622,944,367,568] from poller

Woah, that looks super weird.

> 09-May-2020 00:51:35.367 FINER [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint.destroySocketInternal
Destroying socket [139,622,944,367,568]
> java.lang.Exception at
org.apache.tomcat.util.net.AprEndpoint.destroySocketInternal(AprEndpoint
.java:758)
> at
org.apache.tomcat.util.net.AprEndpoint.access$200(AprEndpoint.java:81)
> at
org.apache.tomcat.util.net.AprEndpoint$Poller.run(AprEndpoint.java:1338)
> at java.base/java.lang.Thread.run(Thread.java:834)

Anything before that in the logs? I mean ... anything relevant?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl63KogACgkQHPApP6U8
pFjbuQ/+OZN86zV/0GY0KWYuEABogZi7JIhAOf+OWzyM12f55ka0fdVkO3PeAeQy
yoxqdfvWIswgghNFkXivr3gzsjou1rHbSoCHEDJdBHxU/iuz5BxWjrJcibX2Bejh
OKFNwvp3mq9lxSM/hActSATxXRJJ9p8CPph5qsjaFPmVB4Xnl6rn3295/rJ00kJ/
og4M7RfD4zaftcV9qWyqHTxgJ1xxYIr32Qmh6dVoL6nn/K0uiQeXIBseJAV8wZvs
7QBr3cAq+MSkGacP+64zAVYld/w0wpQt3a2+FiQbT1dNzUxoYG6B0SbJtHbda9on
rT00MSTY1aNxZvc/h+zjuOdd9YmeM7iyeOfHkHymFtmZY/TnJv0Y9mQoA+8u5W9o
/cFR69s1nRKqwLyEQss6MqeaDMbXPiycrz2xPJqqCr7SyzfmNetpOnBvyDuGRZuS
U+rSDopVvFkyugm9HvoJkhCMqBTWaUZ53kwYuQysgObfJZTITuht+iOcidjRQZPC
5sM2dhUpgx6g0ClX6rVUlBzBEJneG/c0pRhA4nNcd90ymQkirti+du9DdLLVy6Sq
UYOYOq2HJk0qQhOEDXjDI/Kx5S4KbaWLxIQH4131kS3QSA7rw123DRRH58fmFQrM
7m1felpLgCscMJqRkMOAr4o54yw7kUteq98hoMCL8s+E06KDiGs=
=dWlU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR connector questions

2020-05-09 Thread Daniel.Sun

We want to use APR to call openssl also do with native to support FIPS mode in 
tomcat.

Software info
Tomcat/9.0.34
libtcnative-1-0-1.2.23-15.30.x86_64

configuration as below:




When enable debug info in tomcat will see 

09-May-2020 00:51:35.358 FINE [https-openssl-apr-8443-exec-1] 
org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.doClose Calling 
[org.apache.tomcat.util.net.AprEndpoint@4275c20c].closeSocket([org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@1efb5c3e:139622944367568])
09-May-2020 00:51:35.367 FINE [https-openssl-apr-8443-Poller] 
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller Attempting to 
remove [139,622,944,367,568] from poller
09-May-2020 00:51:35.367 FINER [https-openssl-apr-8443-Poller] 
org.apache.tomcat.util.net.AprEndpoint.destroySocketInternal Destroying socket 
[139,622,944,367,568]
java.lang.Exception
at 
org.apache.tomcat.util.net.AprEndpoint.destroySocketInternal(AprEndpoint.java:758)
at 
org.apache.tomcat.util.net.AprEndpoint.access$200(AprEndpoint.java:81)
at 
org.apache.tomcat.util.net.AprEndpoint$Poller.run(AprEndpoint.java:1338)
at java.base/java.lang.Thread.run(Thread.java:834)



BRs
Dan

-Original Message-
From: Christopher Schultz  
Sent: Friday, May 8, 2020 10:37 PM
To: users@tomcat.apache.org
Subject: Re: APR connector questions

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel,

On 5/8/20 04:25, daniel@dell.com wrote:
> We are changing from Nio connector to APR connector to enable FIPS 
> mode in tomcat. But we hit tomcat hang issue, ssl handshake no 
> response when run long time. So many close_wait in netstat output.
> Do you have any advises about that issue?

Can you please post your  configuration? Remember to remove any 
secrets that may be in there.

You may be interested to know that FIPS is available through Java, though not 
through Sun's JSSE provider.

https://stackoverflow.com/questions/5046482/which-jce-providers-are-fips
- -140-2-compliant

You may also be interested in the fact that FIPS mode doesn't really offer any 
additional security. In certain cases, it may reduce your security because of 
the various required-supported algorithms which, honestly, should never be used 
in production.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl61bnAACgkQHPApP6U8
pFjf2Q/+K/kHIF36pSJ3gzU1gkrRnmDOqLtNX4rAzJVguZrOqSDjVNyFjYlYPcDD
A9szjfgdwd8PlTdgXJISpvdSqdvjGSadKbNswcN731VDptMlUz979R54+kRHeoWU
lYdwZuNp/ACj+UXJnSDcxK0Q15UewlRLuTrtpFfoCkteS1uAXAH1OMStsZYFXrSt
Jc3XmrmidTfAl8P24W8xNFxCTDPhkcnO7nJaNPKlGwdtjtxVfOaxyK9UtoKJW+te
lANt3Fi8r5QlLbZIofK9A0BTyHsk17SmUseeETDPCUcqlEZ1z8KWN6NVlLl0O4Rk
P/i3JUrsD8ZuCMghj1Jw6s4B4aWolLoSvxFYGLmNitqGNPGQnuUid5RV6LWLW7nH
kMFDE6yGXHagZ/34GIWcPVJOmcobOdFGtGXb4SWRsf9xOU8U5g2ljpSIYA0xT4J+
lCWZLxkcxW0YdppfPWU7t7uKO8GPnCjBmBUgx7fSHRvNefrgof6CRSAjyKlMsU1w
WSW8ZPblXSBToHy98JoT27wTrYUkhfDGzCDopkMxGH4QZZtvIVH+MNsBpWUWMhMc
h/yo2ubKWwsrmPBhkd+Jjkon3FGsuBRpUdNQJx0+5G5CKGuDNFIIZYV5MDK0ovCu
wmBN/6ZSwUj7ZqpOFekGHhM4DUee8R0kXmScDXd1nogkoIGIO20=
=JFpT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector questions

2020-05-08 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel,

On 5/8/20 04:25, daniel@dell.com wrote:
> We are changing from Nio connector to APR connector to enable FIPS
> mode in tomcat. But we hit tomcat hang issue, ssl handshake no
> response when run long time. So many close_wait in netstat output.
> Do you have any advises about that issue?

Can you please post your  configuration? Remember to remove
any secrets that may be in there.

You may be interested to know that FIPS is available through Java,
though not through Sun's JSSE provider.

https://stackoverflow.com/questions/5046482/which-jce-providers-are-fips
- -140-2-compliant

You may also be interested in the fact that FIPS mode doesn't really
offer any additional security. In certain cases, it may reduce your
security because of the various required-supported algorithms which,
honestly, should never be used in production.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl61bnAACgkQHPApP6U8
pFjf2Q/+K/kHIF36pSJ3gzU1gkrRnmDOqLtNX4rAzJVguZrOqSDjVNyFjYlYPcDD
A9szjfgdwd8PlTdgXJISpvdSqdvjGSadKbNswcN731VDptMlUz979R54+kRHeoWU
lYdwZuNp/ACj+UXJnSDcxK0Q15UewlRLuTrtpFfoCkteS1uAXAH1OMStsZYFXrSt
Jc3XmrmidTfAl8P24W8xNFxCTDPhkcnO7nJaNPKlGwdtjtxVfOaxyK9UtoKJW+te
lANt3Fi8r5QlLbZIofK9A0BTyHsk17SmUseeETDPCUcqlEZ1z8KWN6NVlLl0O4Rk
P/i3JUrsD8ZuCMghj1Jw6s4B4aWolLoSvxFYGLmNitqGNPGQnuUid5RV6LWLW7nH
kMFDE6yGXHagZ/34GIWcPVJOmcobOdFGtGXb4SWRsf9xOU8U5g2ljpSIYA0xT4J+
lCWZLxkcxW0YdppfPWU7t7uKO8GPnCjBmBUgx7fSHRvNefrgof6CRSAjyKlMsU1w
WSW8ZPblXSBToHy98JoT27wTrYUkhfDGzCDopkMxGH4QZZtvIVH+MNsBpWUWMhMc
h/yo2ubKWwsrmPBhkd+Jjkon3FGsuBRpUdNQJx0+5G5CKGuDNFIIZYV5MDK0ovCu
wmBN/6ZSwUj7ZqpOFekGHhM4DUee8R0kXmScDXd1nogkoIGIO20=
=JFpT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR connector questions

2020-05-08 Thread Daniel.Sun

Dear experts:

Nowadays,  we are changing from Nio connector to APR connector to enable FIPS 
mode in tomcat.
But we hit tomcat hang issue, ssl handshake no response when run long time.
So many close_wait in netstat output.
Do you have any advises about that issue?

BRs
Dan

Re: APR libs present but not found

2019-09-12 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

John,

On 9/10/19 14:20, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK
INFORMATION INC at Cisco) wrote:
> I needed to build the APR libs from source as there was no rpm in 
> yum, but the default directory where the libs were place was not
> in the Java path, and so once I noticed that and added that
> directory to the path in setenv.sh APR is found and used.
AFAIK, all yum repos contain a package for libapr. You should not have
had to build from source. Actually, most repos also include a package
for libtcnative, so you can probably avoid building anything yourself.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl16hmAACgkQHPApP6U8
pFi/MQ//Q4bIF4pXYXiBSuqhptVrKli7JNZn9i4frW0ldK60e/0IowgLC36Ji9y0
bcohhinKy/Oq/Y/Buvr8LWyb4yDeS6uk8pcKbC54+Jd7BcUFI1X1qcftobpwnU0b
4B7ooMiNHAEudNiZN/FGGgXzyEVEIDtTQa6745DLDVT94kXpegCyb7qCVE6K2IgY
eiwGMyPCNuGXNBN0emByWGSuy5W0FVsB/cTgdlnJrZZeX7CP9mgHnJ9kE0BQPy81
PO43go/4n+AQargnzdbzwGuVFB4k1AD4Q4l0JpdhBi+RiqrjGGbUBetTSQ+I55D1
tDw9fHjhBZrRSRfcT0AMc5MZQL3KS72mbPKrUNfZ5QxoltVv+1SfYOAt19D1T9Zd
qcyJ6v9gTluuioxyQpIUPW7IQ5b+iFe6X/GI7nQUQh+U4gdOhxbQiZvw8rx1CCpO
ADbXHBNGBc1E5s6optR9ad39xEujA+2O4zqVG8pwjSZ65ZBVyfrCg5LfCR81wdCg
Su1K0n+r2y1QlOAABp50IjiEpIr7fmYqVGI+K74KvPmp8yC37KFI6+XkgOu6cEQr
ebQcWjBuYir+TpCkZz+KBWpJ5QVM7TlDQTGFy5qOOyCitOHiEW7XAscc4w34+H5Q
Pa26jNO8LWC/9fH+ckj0PmMdslojM3MXJwn/hKkOoky0cBHZfBQ=
=SuNP
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR libs present but not found

2019-09-10 Thread John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)

Hi Christopher,

I needed to build the APR libs from source as there was no rpm in yum, but the 
default directory where the libs were place was not in the 
Java path, and so once I noticed that and added that directory to the path in 
setenv.sh APR is found and used. 

Thanks
-John 


-Original Message-
From: Christopher Schultz  
Sent: Friday, September 6, 2019 2:37 PM
To: users@tomcat.apache.org
Subject: Re: APR libs present but not found

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

John,

On 9/6/19 16:51, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION 
INC at Cisco) wrote:
> Hello,
> 
> I installed the following RPMs via Yum for OpenSSL support
> 
> RHEL 7.4 apr.i686
> 1.4.8-3.el7_4.1 apr.x86_64
> 1.4.8-3.el7_4.1 apr-devel.i686
> 1.4.8-3.el7_4.1 apr-devel.x86_64
> 1.4.8-3.el7_4.1
> 
> When I test with Tomcat 7.x or 9.x the log notes the APR native libs 
> could not be found in the java library path, when they are in the java 
> library path located at /lib64 and /lib in the OS file system.
> 
> What am I missing?

Can you post the startup log where Tomcat says it "cannot find the APR 
library"? It should include the set of paths it's checking for those files.

Note that both the APR connector AND the OpenSSL-based JSSE connector require 
both libtcnative and libapr in the library path.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1y0YMACgkQHPApP6U8
pFicOBAAgkpDPq3C805og14AZcCoZ/31VMT4S4YdYCfRMGabnECULuxvM015Lcdi
4o5IG1rDJVivHxyeY8PU2zLbpwL7b4nOuEDSYteJygfbb2xCEOedcSE2PeKBmyj1
nuTDj08bvtXFCN+5k8hv31/ffu2+ZjCffagfQkMxeDG7MmJuLVwN9WIfokO0pEFO
Gq++EdBxTptYAB6UHKDdS9nulpSK6XU8fUP0KmYzCc6w0w2TTToAhHF0OkRiAjyq
egPjBjarglhKUOJH+IADaS4g264qbEZ5Xbtgtws54jKmgEPpc9X8bcOt/EH9Tp0X
7CCCDViwVVjOxrDI7p17GYrEeTBq5qZx2QmhlGmsTTpR1O5C3BIBsPBaasioP6tC
CYRJ3xX7FW+iUTQxqnU9KyzoyfnQ1C+rQjGN0q8vkx+UrmMgSW8CwQAlboiSuGIM
OnqAXkOpfajNveLmBKORBcrxjzgIrHUkLiy3G3qI+qWQrHetbV6q3sE937lTFnhY
lphohR55W0ZkjhWYsVbCa/zAcguKF3xIYjcY5ErD+BKDH/kRaWLKHkR8DbQkEzq5
bFNoO+v9izVMWr13qEERBYXENxQyGRnJOk9KvkW+rLeCVyKdWLHyeeuLGy91gu80
ou6Hzk5ZNwWV70E5Nl3M9I3dx+UOFlTs2YG2UpYHe5GrPmOiNW8=
=PlDO
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR libs present but not found

2019-09-06 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

John,

On 9/6/19 16:51, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK
INFORMATION INC at Cisco) wrote:
> Hello,
> 
> I installed the following RPMs via Yum for OpenSSL support
> 
> RHEL 7.4 apr.i686
> 1.4.8-3.el7_4.1 apr.x86_64
> 1.4.8-3.el7_4.1 apr-devel.i686
> 1.4.8-3.el7_4.1 apr-devel.x86_64
> 1.4.8-3.el7_4.1
> 
> When I test with Tomcat 7.x or 9.x the log notes the APR native
> libs could not be found in the java library path, when they are in
> the java library path located at /lib64 and /lib in the OS file
> system.
> 
> What am I missing?

Can you post the startup log where Tomcat says it "cannot find the APR
library"? It should include the set of paths it's checking for those
files.

Note that both the APR connector AND the OpenSSL-based JSSE connector
require both libtcnative and libapr in the library path.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1y0YMACgkQHPApP6U8
pFicOBAAgkpDPq3C805og14AZcCoZ/31VMT4S4YdYCfRMGabnECULuxvM015Lcdi
4o5IG1rDJVivHxyeY8PU2zLbpwL7b4nOuEDSYteJygfbb2xCEOedcSE2PeKBmyj1
nuTDj08bvtXFCN+5k8hv31/ffu2+ZjCffagfQkMxeDG7MmJuLVwN9WIfokO0pEFO
Gq++EdBxTptYAB6UHKDdS9nulpSK6XU8fUP0KmYzCc6w0w2TTToAhHF0OkRiAjyq
egPjBjarglhKUOJH+IADaS4g264qbEZ5Xbtgtws54jKmgEPpc9X8bcOt/EH9Tp0X
7CCCDViwVVjOxrDI7p17GYrEeTBq5qZx2QmhlGmsTTpR1O5C3BIBsPBaasioP6tC
CYRJ3xX7FW+iUTQxqnU9KyzoyfnQ1C+rQjGN0q8vkx+UrmMgSW8CwQAlboiSuGIM
OnqAXkOpfajNveLmBKORBcrxjzgIrHUkLiy3G3qI+qWQrHetbV6q3sE937lTFnhY
lphohR55W0ZkjhWYsVbCa/zAcguKF3xIYjcY5ErD+BKDH/kRaWLKHkR8DbQkEzq5
bFNoO+v9izVMWr13qEERBYXENxQyGRnJOk9KvkW+rLeCVyKdWLHyeeuLGy91gu80
ou6Hzk5ZNwWV70E5Nl3M9I3dx+UOFlTs2YG2UpYHe5GrPmOiNW8=
=PlDO
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR 1.2.21 with Apache Tomcat 8.5.37

2019-02-04 Thread Mark Thomas

On 04/02/2019 09:37, M. Manna wrote:
> Hello,
> 
> Is it okay to replace 1.2.19 (packed with Tomcat 8.5.37 Windows 64 bit)
> with the newly released version 1.2.21?

Yes.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR/native error on tomcat 8.5.16

2018-04-26 Thread Mark Thomas

On 25/04/18 13:34, M. Manna wrote:
> I needed to mask out certain information before I could send you the full
> stack trace. Here is the full version:

OK. That looks like a normal ClientAbortException.

This doesn't look like Tomcat's logging. It looks like application
logging. I think you need to look at the application's exception handling.

Mark



> 
> INFO   | jvm 1| 2018/04/25 05:37:38 |
> org.apache.catalina.connector.ClientAbortException: java.io.IOException:
> Unexpected error [730,054] writing data to the APR/native socket
> [953,181,632] with wrapper
> [org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@3685e06d
> :953181632].
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:356)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.java:815)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:310)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:284)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.connector.CoyoteOutputStream.flush(CoyoteOutputStream.java:118)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> lsajdflslsjdfServlet.doPost(lsajdflslsjdfServlet.java:161)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> lsajdflslsjdfServlet.doGet(lsajdflslsjdfServlet.java:36)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> lsajdflslsjdfFilter.doFilter(lsajdflslsjdfFilter.java:26)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2298)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> INFO   | jvm 1| 2018/04/25 05:37:38 | at
> java.lang.Thread.run(Thread.java:745)
> INFO   |

Re: APR/native error on tomcat 8.5.16

2018-04-25 Thread M. Manna

Hi Mark,

Thanks for clarifying. Apologies as I truly meant to say "Client dropped
the connection". So once again, thanks for pointing that out.

I needed to mask out certain information before I could send you the full
stack trace. Here is the full version:

INFO   | jvm 1| 2018/04/25 05:37:38 |
org.apache.catalina.connector.ClientAbortException: java.io.IOException:
Unexpected error [730,054] writing data to the APR/native socket
[953,181,632] with wrapper
[org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@3685e06d
:953181632].
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:356)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.connector.OutputBuffer.flushByteBuffer(OutputBuffer.java:815)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:310)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:284)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.connector.CoyoteOutputStream.flush(CoyoteOutputStream.java:118)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
lsajdflslsjdfServlet.doPost(lsajdflslsjdfServlet.java:161)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
lsajdflslsjdfServlet.doGet(lsajdflslsjdfServlet.java:36)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
lsajdflslsjdfFilter.doFilter(lsajdflslsjdfFilter.java:26)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2298)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
INFO   | jvm 1| 2018/04/25 05:37:38 | at
java.lang.Thread.run(Thread.java:745)
INFO   | jvm 1| 2018/04/25 05:37:38 | Caused by: java.io.IOException:
Unexpected error [730,054] writing data to the APR/native socket
[953,181,632] with wrapper
[org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@3685e06d
:953181632].
INFO   |

Re: APR/native error on tomcat 8.5.16

2018-04-25 Thread Mark Thomas

On 25/04/18 11:18, M. Manna wrote:
> Hello,

> But from the above stack track it seems as though the
> socket cannot handle the size of the data being transferred.

That is not correct. What you are seeing is an I/O exception as a result
of the client dropping the connection.

> We did a controlled restart of individual servers to remove any possibility
> for IO contention, but that didn't result into anything better.
> 
> Has anyone seen this behaviour or remediated it ? Also, will this issue
> occur with Tomcat 8.5.28 and APR 1.2.16 ?

You should upgrade regardless.

A later version may not log this exception by default but since you did
not provide the full stack trace, we can't tell.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apr

2017-11-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris,

On 10/31/17 12:18 PM, Cheltenham, Chris wrote:
> I will need some help here.
> 
> How do I generate a stack trace?

If you are getting an exception in the log file, I'd expect a stack
trace to accompany it.  Something that looks like this:

org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023:
This function has not been implemented on this platform
Caused by: java.foo.BarException
  on Foo.java line 25
  on Bar.java line 52
  ...

It's possible that this particular error doesn't generate a stack
trace. If that's the case, we might need to fix that and get you a
custom version of Tomcat that produces more information. For example,
from the error message, I have no idea what function is being
attempted by that particular part of the code.

> TCAT 8.5.23

Are you using Apache Tomcat or are you using TCAT server (a product
from MuleSoft)?

> Many times I rely on stackoverflow or some web site but too often
> they are usually half assed explanations. Or quarter assed.

Error code 70023 = APR_OS_START_ERROR (2) + APR_OS_ERRSPACE_SIZE
(5) + 23 which is likely the "real error" here[1].

APR error 23 is "APR_EABOVEROOT" which has no documentation[2], but
which points to this definition[3]:

"
#define APR_STATUS_IS_EABOVEROOT (s)  ((s) == APR_EABOVEROOT)

The given path was above the root path.
"

So... how about that  configuration?

> Listener is default assuming you are referring to server.xml.

Hmm. Maybe the problem is with a TLS-enabled  with some
paths in it? Can you please post any APR-based s you have,
with any secrets removed?

> I do not think FIPS is necessary , no.

Okay.

> I believe that is some federal govt standard?

Yes, it's a (mostly useless IMO) US federal standard that mandates the
use of certain algorithms and also requires that the code being used
be certified and self-certifying on startup. At first, I thought you
might be having a problem entering FIPS mode, but that seems unlikely
given what I uncovered above.

- -chris

[1]
https://apr.apache.org/docs/apr/1.6/group__apr__errno.html#ga191894048b7
bd0cca3cf0bdff1eb695b
and
https://apr.apache.org/docs/apr/1.6/group__apr__errno.html#gadb8d97e6836
ccdc57b43b6119a5acccf
[2]
https://apr.apache.org/docs/apr/1.6/group___a_p_r___error.html#ga4828cc0
4f97dc7bed691456adf7c073e
[3]
https://apr.apache.org/docs/apr/1.6/group___a_p_r___s_t_a_t_u_s___i_s.ht
ml#ga641527647de2537c1946a0b2ef07e411
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln6HeIACgkQHPApP6U8
pFhRcQ//VRoiHOKqltO7ePUzskqYa7T5DyQkz74OAHqoEK0CW18ktFWm/1gCkT5n
OL2SS3v6ZW56ZxpabczjMkpSy3xu0ABBbgacYg8VXGUxqyjxipf0s6jE2r2VaH4Z
eGkIWStrNe0LwgRp90MkREon+RW82JA5IQdnC2P6PZdwIA7k8JIgkmHYFyJpCDvT
raoILhaAoCFE7hMccZFqFU4T4DpH8+MMQp5obj6gkFoBQlRptSRNXIsLVEDfpHEQ
/WJ/TN040ASXLUpxy5uNx6nP7BzXtylOk3ce00zFZZUVlONZXpBmJkY27tVbfbAe
pRq4osbTSpNI7yET0NdSd5aH+Z3pcUHVD6zdellpT+gL4bRuOkhzmMZMykAYftpj
Hfh+VvdK0QqVKIy4WNHAcHPft96nFE6Cca43pwoydRc2OsstMs2fk2uekLym31KK
46b+BN+cJW4G2VLpZ0Z7H7UslZE04bn4gcX6z2Lm0Rd/+x1/07S1vWN9WcyGyGXJ
kLrriEPVLq82zBELBe/c36VADrkqzGzfzQGouBXSIBlnhGKwZ717QqeiK/3u9goP
9cuu9htXVkghx5kCEThtJIZrWDI497+4vP6KXcmrggEya6odcotljUPOlFmzH2UI
jNcu5vAPp2Yn8pPa+xv7n4MVXWNuXJLBGa/cQkFx6mLXEk2YZqA=
=xpKi
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apr

2017-10-31 Thread Cheltenham, Chris

Mark,

It’s the openssl that comes with CentoOS 7 so I'm sure its old.
RHEL is usually several version behind the bleeding edge.

It is 1.0.2 k its relatively new and should be ok.


===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571


-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, October 31, 2017 12:47 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: apr

On 31/10/17 14:41, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you see I am building
> against 1.0.1?



> 31-Oct-2017 10:40:15.250 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.
>  org.apache.tomcat.jni.Error: 70023: This function has not been
> implemented on this platform

That is what this suggests to me. I guess it is also possible that 1.0.2 has 
been compiled with non-default options that excludes features Tomcat needs. 
I haven't dug into the source to see.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apr

2017-10-31 Thread Mark Thomas

On 31/10/17 14:41, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you see I am building against 
> 1.0.1?



> 31-Oct-2017 10:40:15.250 SEVERE [main] 
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to 
> initialize the SSLEngine.
>  org.apache.tomcat.jni.Error: 70023: This function has not been implemented 
> on this platform

That is what this suggests to me. I guess it is also possible that 1.0.2
has been compiled with non-default options that excludes features Tomcat
needs. I haven't dug into the source to see.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apr

2017-10-31 Thread Cheltenham, Chris

Chris ,

I do not think FIPS is necessary , no.
I believe that is some federal govt standard?

Listener is default assuming you are referring to server.xml.


===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571


-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, October 31, 2017 11:48 AM
To: users@tomcat.apache.org
Subject: Re: apr

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris,

On 10/31/17 10:41 AM, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you see I am building
> against 1.0.1?
>
> 31-Oct-2017 10:40:15.243 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.14] using APR version
> [1.6.3].

Thanks for posting this. It was missing from your initial post. It's always 
best to confirm that the software agrees with your expectations :
)

> 31-Oct-2017 10:40:15.243 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true]. 31-Oct-2017 10:40:15.248 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
> 31-Oct-2017 10:40:15.250 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023:
> This function has not been implemented on this platform

Is there no stack trace?

Are you expecting to use FIPS? What does your listener configuration look 
like?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln4m0MACgkQHPApP6U8
pFiHDA/+PjekATbmdHU37BPAFr6A9NkEQJfmIDPHq3+ZTQlo3Ukiphht4SU+TZVf
bLoFTCWB83WBT2u76/Oh210p9yjOq9hgEP6uUWhjjIuNQ2BtWpiJLvGcf5j0HbDH
ILpYt5gIsUvFWt50cu8HkiKXLbW0WtLlgthXQlNwfdwgowL4zj5wz8AXGTcl76uN
vJZVjp6GVhmA/aLPc32emSlSU4kVbpaO+sXcSCaubMoiPgh9g7Esbd0vL4lmK2/i
G0o7eZy0sNNvW1oBXY+VGvqhTTpNH/STjc1PJC86O9kl1uvdTRfSv5mTA+izH/p+
eLYBaz81nuLhRryXe9ZKiAtQ1EX2WzwZTEUso+Huar5Ri2kNy2x3ptsm9ZjY4BNv
wiBoxjfz2K/QNijBsjeLWneBIEqDII2eQ3OB80yLtL6JRBksSI2VKZ+G1ELncUyN
cprGwQgrOOXKBWndFBK6ijgA1K8W9ghsR0HIrR9A375k7TJGBqII7L7F51iGmkC3
DXYPa+9ldj04V1dVM0s0R9Kws7JIEKPLWbOPCNRqmwqLZVmXZR1bRFdGEp2lYujX
yyxv+Lb0enpd1QLFcJk3OqCjt1qgiSZojBdCkXSrb3Bgldsi+MdCupOlDjrSRO5U
EklDHVDWVY2UDcc6Yeap1oO3kthXIqPINyoMSankO1W3mMwDxCA=
=9GjN
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apr

2017-10-31 Thread Cheltenham, Chris

I will need some help here.

How do I generate a stack trace?

TCAT 8.5.23

Many times I rely on stackoverflow or some web site but too often they are 
usually half assed explanations.
Or quarter assed.

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571


-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, October 31, 2017 11:48 AM
To: users@tomcat.apache.org
Subject: Re: apr

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris,

On 10/31/17 10:41 AM, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you see I am building
> against 1.0.1?
>
> 31-Oct-2017 10:40:15.243 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.14] using APR version
> [1.6.3].

Thanks for posting this. It was missing from your initial post. It's always 
best to confirm that the software agrees with your expectations :
)

> 31-Oct-2017 10:40:15.243 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true]. 31-Oct-2017 10:40:15.248 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
> 31-Oct-2017 10:40:15.250 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023:
> This function has not been implemented on this platform

Is there no stack trace?

Are you expecting to use FIPS? What does your listener configuration look 
like?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln4m0MACgkQHPApP6U8
pFiHDA/+PjekATbmdHU37BPAFr6A9NkEQJfmIDPHq3+ZTQlo3Ukiphht4SU+TZVf
bLoFTCWB83WBT2u76/Oh210p9yjOq9hgEP6uUWhjjIuNQ2BtWpiJLvGcf5j0HbDH
ILpYt5gIsUvFWt50cu8HkiKXLbW0WtLlgthXQlNwfdwgowL4zj5wz8AXGTcl76uN
vJZVjp6GVhmA/aLPc32emSlSU4kVbpaO+sXcSCaubMoiPgh9g7Esbd0vL4lmK2/i
G0o7eZy0sNNvW1oBXY+VGvqhTTpNH/STjc1PJC86O9kl1uvdTRfSv5mTA+izH/p+
eLYBaz81nuLhRryXe9ZKiAtQ1EX2WzwZTEUso+Huar5Ri2kNy2x3ptsm9ZjY4BNv
wiBoxjfz2K/QNijBsjeLWneBIEqDII2eQ3OB80yLtL6JRBksSI2VKZ+G1ELncUyN
cprGwQgrOOXKBWndFBK6ijgA1K8W9ghsR0HIrR9A375k7TJGBqII7L7F51iGmkC3
DXYPa+9ldj04V1dVM0s0R9Kws7JIEKPLWbOPCNRqmwqLZVmXZR1bRFdGEp2lYujX
yyxv+Lb0enpd1QLFcJk3OqCjt1qgiSZojBdCkXSrb3Bgldsi+MdCupOlDjrSRO5U
EklDHVDWVY2UDcc6Yeap1oO3kthXIqPINyoMSankO1W3mMwDxCA=
=9GjN
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apr

2017-10-31 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris,

On 10/31/17 10:41 AM, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you see I am building
> against 1.0.1?
> 
> 31-Oct-2017 10:40:15.243 INFO [main] 
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.14] using APR version
> [1.6.3].

Thanks for posting this. It was missing from your initial post. It's
always best to confirm that the software agrees with your expectations :
)

> 31-Oct-2017 10:40:15.243 INFO [main] 
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR 
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true]. 31-Oct-2017 10:40:15.248 INFO [main] 
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL
> [true] 31-Oct-2017 10:40:15.250 SEVERE [main] 
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed
> to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023:
> This function has not been implemented on this platform

Is there no stack trace?

Are you expecting to use FIPS? What does your listener configuration
look like?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln4m0MACgkQHPApP6U8
pFiHDA/+PjekATbmdHU37BPAFr6A9NkEQJfmIDPHq3+ZTQlo3Ukiphht4SU+TZVf
bLoFTCWB83WBT2u76/Oh210p9yjOq9hgEP6uUWhjjIuNQ2BtWpiJLvGcf5j0HbDH
ILpYt5gIsUvFWt50cu8HkiKXLbW0WtLlgthXQlNwfdwgowL4zj5wz8AXGTcl76uN
vJZVjp6GVhmA/aLPc32emSlSU4kVbpaO+sXcSCaubMoiPgh9g7Esbd0vL4lmK2/i
G0o7eZy0sNNvW1oBXY+VGvqhTTpNH/STjc1PJC86O9kl1uvdTRfSv5mTA+izH/p+
eLYBaz81nuLhRryXe9ZKiAtQ1EX2WzwZTEUso+Huar5Ri2kNy2x3ptsm9ZjY4BNv
wiBoxjfz2K/QNijBsjeLWneBIEqDII2eQ3OB80yLtL6JRBksSI2VKZ+G1ELncUyN
cprGwQgrOOXKBWndFBK6ijgA1K8W9ghsR0HIrR9A375k7TJGBqII7L7F51iGmkC3
DXYPa+9ldj04V1dVM0s0R9Kws7JIEKPLWbOPCNRqmwqLZVmXZR1bRFdGEp2lYujX
yyxv+Lb0enpd1QLFcJk3OqCjt1qgiSZojBdCkXSrb3Bgldsi+MdCupOlDjrSRO5U
EklDHVDWVY2UDcc6Yeap1oO3kthXIqPINyoMSankO1W3mMwDxCA=
=9GjN
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apr

2017-10-31 Thread Cheltenham, Chris

Thanks Mark , but where in the error logs do you see I am building against 
1.0.1?

31-Oct-2017 10:40:15.243 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR 
based Apache Tomcat Native library [1.2.14] using APR version [1.6.3].
31-Oct-2017 10:40:15.243 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR 
capabilities: IPv6 [true], sendfile [true], accept filters [false], random 
[true].
31-Oct-2017 10:40:15.248 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL 
configuration: useAprConnector [false], useOpenSSL [true]
31-Oct-2017 10:40:15.250 SEVERE [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to 
initialize the SSLEngine.
 org.apache.tomcat.jni.Error: 70023: This function has not been implemented 
on this platform

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, October 31, 2017 10:08 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: apr

On 31/10/17 12:19, Cheltenham, Chris wrote:
> Mark,
>
> I am not sure what you are saying.
>
> I tried apr 1.4.8 through 1.6.2
> With
> Tnative 1.1.16 through 1.2.14
>
> I get the same openssl error every time.
>
> I am using CentOS's install and its 1.0.2k FIPS
>
> I appreciate your help but I don't understand what you are trying to
> tell me.

It appears that you aren't building against the OpenSSL version you think 
you are. It looks like you are building against OpenSSL 1.0.1 or earlier. I 
can't think of any other reason for you to see the error message you are 
seeing.

Other than that, concentrate on using the latest APR and Tomcat Native.

Mark

>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Tuesday, October 31, 2017 3:24 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: apr
>
> On 30/10/2017 17:49, Cheltenham, Chris wrote:
>> Hello Everyone,
>>
>> Using OpenSSL 1.0.2k-fips
>>
>> I am trying to install the apr.
>>
>> I used several different versions of APR 1.4 through 1.6
>>
>> Then I compiled tnative 1.1.16, 1.2.x
>
> The latest release of the 1.1.x line is 1.1.34.
>
> Given 1.2.x is a drop-in replacement for 1.1.x and that 1.1.x is
> unlikely to see another release, everyone should be using 1.2.x at this 
> point.
>
>
>> When I start tomcat I get the same message each time.
>>
>> 30-Oct-2017 12:51:14.602 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
>> APR/OpenSSL
>> configuration: useAprConnector [false], useOpenSSL [true]
>>
>> 30-Oct-2017 12:51:14.605 SEVERE [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed
>> to initialize the SSLEngine.
>>
>> org.apache.tomcat.jni.Error: 70023: This function has not been
>> implemented on this platform
>
> That looks like an OpenSSL version prior to 1.0.2 is being used.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apr

2017-10-31 Thread Mark Thomas

On 31/10/17 12:19, Cheltenham, Chris wrote:
> Mark,
> 
> I am not sure what you are saying.
> 
> I tried apr 1.4.8 through 1.6.2
> With 
> Tnative 1.1.16 through 1.2.14
> 
> I get the same openssl error every time.
> 
> I am using CentOS's install and its 1.0.2k FIPS
> 
> I appreciate your help but I don't understand what you are trying to tell
> me.

It appears that you aren't building against the OpenSSL version you
think you are. It looks like you are building against OpenSSL 1.0.1 or
earlier. I can't think of any other reason for you to see the error
message you are seeing.

Other than that, concentrate on using the latest APR and Tomcat Native.

Mark


> 
> 
> 
> ===
> 
> Thank You;
> 
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
> 
> Work # 215-400-5025
> Cell # 215-301-6571 
> 
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org] 
> Sent: Tuesday, October 31, 2017 3:24 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: apr
> 
> On 30/10/2017 17:49, Cheltenham, Chris wrote:
>> Hello Everyone,
>>
>> Using OpenSSL 1.0.2k-fips
>>
>> I am trying to install the apr.
>>
>> I used several different versions of APR 1.4 through 1.6
>>
>> Then I compiled tnative 1.1.16, 1.2.x
> 
> The latest release of the 1.1.x line is 1.1.34.
> 
> Given 1.2.x is a drop-in replacement for 1.1.x and that 1.1.x is unlikely
> to see another release, everyone should be using 1.2.x at this point.
> 
> 
>> When I start tomcat I get the same message each time.
>>
>> 30-Oct-2017 12:51:14.602 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent 
>> APR/OpenSSL
>> configuration: useAprConnector [false], useOpenSSL [true]
>>
>> 30-Oct-2017 12:51:14.605 SEVERE [main] 
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to 
>> initialize the SSLEngine.
>>
>> org.apache.tomcat.jni.Error: 70023: This function has not been 
>> implemented on this platform
> 
> That looks like an OpenSSL version prior to 1.0.2 is being used.
> 
> Mark
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apr

2017-10-31 Thread Cheltenham, Chris

Mark,

I am not sure what you are saying.

I tried apr 1.4.8 through 1.6.2
With 
Tnative 1.1.16 through 1.2.14

I get the same openssl error every time.

I am using CentOS's install and its 1.0.2k FIPS

I appreciate your help but I don't understand what you are trying to tell
me.



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Tuesday, October 31, 2017 3:24 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: apr

On 30/10/2017 17:49, Cheltenham, Chris wrote:
> Hello Everyone,
> 
> Using OpenSSL 1.0.2k-fips
> 
> I am trying to install the apr.
> 
> I used several different versions of APR 1.4 through 1.6
> 
> Then I compiled tnative 1.1.16, 1.2.x

The latest release of the 1.1.x line is 1.1.34.

Given 1.2.x is a drop-in replacement for 1.1.x and that 1.1.x is unlikely
to see another release, everyone should be using 1.2.x at this point.


> When I start tomcat I get the same message each time.
> 
> 30-Oct-2017 12:51:14.602 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent 
> APR/OpenSSL
> configuration: useAprConnector [false], useOpenSSL [true]
> 
> 30-Oct-2017 12:51:14.605 SEVERE [main] 
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to 
> initialize the SSLEngine.
> 
> org.apache.tomcat.jni.Error: 70023: This function has not been 
> implemented on this platform

That looks like an OpenSSL version prior to 1.0.2 is being used.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apr

2017-10-31 Thread Mark Thomas

On 30/10/2017 17:49, Cheltenham, Chris wrote:
> Hello Everyone,
> 
> Using OpenSSL 1.0.2k-fips
> 
> I am trying to install the apr.
> 
> I used several different versions of APR 1.4 through 1.6
> 
> Then I compiled tnative 1.1.16, 1.2.x

The latest release of the 1.1.x line is 1.1.34.

Given 1.2.x is a drop-in replacement for 1.1.x and that 1.1.x is
unlikely to see another release, everyone should be using 1.2.x at this
point.


> When I start tomcat I get the same message each time.
> 
> 30-Oct-2017 12:51:14.602 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
> configuration: useAprConnector [false], useOpenSSL [true]
> 
> 30-Oct-2017 12:51:14.605 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.
> 
> org.apache.tomcat.jni.Error: 70023: This function has not been
> implemented on this platform

That looks like an OpenSSL version prior to 1.0.2 is being used.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: apr

2017-10-30 Thread Cheltenham, Chris

Ok this is NOT windows ..

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-Original Message-
From: marcus presley [mailto:marcus_pres...@hotmail.com] 
Sent: Monday, October 30, 2017 3:17 PM
To: users@tomcat.apache.org
Subject: Re: apr 

Hi Chris,


Did you recompile APR with FIPS?  You must completely compile
tcnative.dll.


Marcus



From: Cheltenham, Chris <ccheltenham-...@philasd.org>
Sent: Monday, October 30, 2017 1:49 PM
To: users@tomcat.apache.org
Subject: apr


Hello Everyone,

Using OpenSSL 1.0.2k-fips
I am trying to install the apr.

I used several different versions of APR 1.4 through 1.6 Then I compiled
tnative 1.1.16, 1.2.x

When I start tomcat I get the same message each time.

30-Oct-2017 12:51:14.602 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
30-Oct-2017 12:51:14.605 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented
on this platform

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apr

2017-10-30 Thread marcus presley

Hi Chris,


Did you recompile APR with FIPS?  You must completely compile tcnative.dll.


Marcus



From: Cheltenham, Chris 
Sent: Monday, October 30, 2017 1:49 PM
To: users@tomcat.apache.org
Subject: apr


Hello Everyone,

Using OpenSSL 1.0.2k-fips
I am trying to install the apr.

I used several different versions of APR 1.4 through 1.6
Then I compiled tnative 1.1.16, 1.2.x

When I start tomcat I get the same message each time.

30-Oct-2017 12:51:14.602 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL 
configuration: useAprConnector [false], useOpenSSL [true]
30-Oct-2017 12:51:14.605 SEVERE [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to 
initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented on 
this platform

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

Re: apr library

2017-07-22 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Anibal,

On 7/22/17 11:30 AM, Anibal Alvarez Alvarez wrote:
> Hi. When I run a .jsp file, in the console I can read < [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> La biblioteca nativa de Apache Tomcat basada en ARP que permite un 
> rendimiento óptimo en entornos de desarrollo no ha sido hallada en 
> java.library.path: 
> /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib>>
> 
> How can I set this path *"/usr/share/apr/lib"* into the
> *java.library.path*?
> 
> I've tried to add it up at eclipse.ini like: ... -vm 
> -Djava.library.path="${workspace_loc:project}/lib;${env_var:PATH};/usr
/local/apr/lib"
>
> 
...
> but I'm still getting the message above.
> 
> I've read *this solution* at the attached file, but I don't want
> to configure the build-path each time and every proyect.

Your attachment was stripped from the list.

> Is there any solution for all proyects permanently?

If you build the tcnative library and put it into the right place
(like ${workspace_loc:project}... whatever that turns out to be) it
should work.

For a development environment, I wouldn't bother with APR unless you
really need your dev environment to exactly mirror your production
environment AND you are using tcnative in production as well.

These days, using NIO is probably better unless you need to use
OpenSSL for crypto. You didn't mention your version, but Tomcat 8.5.x
and later can use NIO+OpenSSL, so the APR connector is becoming less
and less relevant.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZc3GxAAoJEBzwKT+lPKRYg9wP/jsY1aeQZMi6oMKZ7nrK1S2q
0aQCT/aORK3H7KMdn51SSfEyapKcr2L1CNcrXc+ln4IxklZlFoJaXSmSu0P2IZ5t
td3SLdZE/2tH9u7cZHX9pLY5zN6hf0i7oSo72N6kKTP+hsgoBPSblUF9npWS7odU
P5CxoYaRczONIpluQheJzVdCRu1tzx5hDpXBx8dvCTuAsJyayCg2ssBFghBGsPqx
7zV9+0ZLXIOGtVpEPFQoLNO/F39TXGqEVsbmd0NuU3n8IGX/zSw+UoZSH08wlkpN
0yv8AsBd6uGxBorMI1xyLzqm9bzmSJ5eI0Ckr2g8Bb3iue9e9SK0WjMsM5uphYfC
AWYcniyZv02LuQYlbG71a4HatjK2KUCtSG6cHS1A0v5C+5/RuKBUceh5E2MXmvpp
PMV4Gjb2TcLtNNW1JomZ/KtwMWl+AWzd6fi4SDLll5XYOveWloqh5cl1mhUSLvto
KTS2D67REmpM0tZv8eK8VgtaoN8lrwHvMamG9bKw7kxs5mBBy/F/MDfBjU6u1Ac1
oeETD2VWubNSdn4dooUgKEkKDXsISjMr+9LgG7JmaRTldo72j4xOaVQ4JKUovIv/
oh16zzKvb/Eot48ImKrkf79XXl8HwA3P6+a03EKrHC/hPNT1r4QZek6i1Yccf8dg
gj9p7lamqTVghvPC6LWo
=+y/K
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Buffer NullPointer Error

2015-05-20 Thread Mark Thomas

On 20/05/2015 18:02, Maxim Neshcheret wrote:
 Dear All
 
 I am deploying application (Tomcat 8.0.22, JDK 1.7.79, Solaris, SPARC, APR 
 1.5.2) and observing multiple erros while its communicates with client 
 software (error presented below). It looks like that error happens while 
 application writes output buffer. Any suggestion what is going wrong? Might 
 it be resources limitation on OS level (was configured based on Oracle 
 recommendations already).

Application trying to write to a response object that has already been
closed?

Mark

 
 java.lang.NullPointerException
 at 
 org.apache.coyote.http11.InternalAprOutputBuffer.addToBB(InternalAprOutputBuffer.java:186)
  ~[tomcat-coyote.jar:8.0.21]
 at 
 org.apache.coyote.http11.InternalAprOutputBuffer.access$000(InternalAprOutputBuffer.java:40)
  ~[tomcat-coyote.jar:8.0.21]
 at 
 org.apache.coyote.http11.InternalAprOutputBuffer$SocketOutputBuffer.doWrite(InternalAprOutputBuffer.java:349)
  ~[tomcat-coyote.jar:
 at 
 org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(ChunkedOutputFilter.java:116)
  ~[tomcat-coyote.jar:8.0.21]
 at 
 org.apache.coyote.http11.AbstractOutputBuffer.doWrite(AbstractOutputBuffer.java:256)
  ~[tomcat-coyote.jar:8.0.21]
 at org.apache.coyote.Response.doWrite(Response.java:503) 
 ~[tomcat-coyote.jar:8.0.21]
 at 
 org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:388)
  ~[catalina.jar:8.0.21]
 at 
 org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:426) 
 ~[tomcat-util.jar:8.0.21]
 at 
 org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.java:471)
  ~[catalina.jar:8.0.21]
 at 
 org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:393) 
 ~[tomcat-util.jar:8.0.21]
 at 
 org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:339) 
 ~[catalina.jar:8.0.21]
 at 
 org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:317) 
 ~[catalina.jar:8.0.21]
 at 
 org.apache.catalina.connector.CoyoteWriter.flush(CoyoteWriter.java:94) 
 ~[catalina.jar:8.0.21]
 at se.highex.core.gw.GWSession.sendMsgs(GWSession.java:1568) 
 ~[GWSession.class:?]
 at se.highex.core.gw.GWSession.takeNotifyQueue(GWSession.java:1668) 
 ~[GWSession.class:?]
 
 BR,
 Maxim
 
 
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-12-01 Thread Sanaullah

Hi Chris,

I have attached the diff.let me know if its ok?

Regards,
Sanaullah

On Fri, Nov 21, 2014 at 2:08 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sanaullah,

 On 11/18/14 10:26 PM, Sanaullah wrote:
  Hi Chris,
 
  Engine is loaded Successfully. the issue is with tcnative.
  tcnative was not loading any engine and it was due to
  HAVE_ENGINE_LOAD_BUILTIN_ENGINES preprocessor which is unable to
  call ENGINE_load_builtin_engines. I made one change and in ssl.c of
  tomcat-native-1.1.31
 
  original Preprocessor #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
 
  Changed to
 
  #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup();
 
  #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES
  ENGINE_load_builtin_engines(); #endif

 Can you give me a patch in diff -U form? I'd like to take a look at it
 formally.

 Thanks for doing the digging to figure out how to make this work. I
 don't have a non-standard engine available to play with.

 Thanks,
 - -chris

  On Wed, Nov 19, 2014 at 12:36 AM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Sanaullah,
 
  On 11/14/14 10:04 PM, Sanaullah wrote:
  The Engine name is correct its LunaCA3 Here is the code
  snippet from the openssl for the confirmation.
 
  openssl-1.0.1g/engines/e_lunaca3.c:#define ENGINE_LUNACA3_ID
  LunaCA3
 
  I think the issue is with static and shared libraries of
  openssl.
 
  It could be. Since you are building on *NIX, you should probably
  be using dynamically-linked shared-libraries. But you have to be
  careful about the load-ordering if you are using an OpenSSL that is
  not the system default (e.g. in /usr/lib).
 
  if openssl build as shared then this LunaCA3 engine is not
  working for nodejs and even for Apache as well both required
  openssl to build static.
 
  Interesting...
 
  I tried to follow the Build document of tomcat native.
  Building statically linked library on Unixes
  
 
  To statically link apr and openssl dependencies use the
  following procedure.
 
  You will need to build static version of openssl library.
 
  ./config --prefix=~/natives/openssl no-shared -fPIC make
  make install_sw
  Apr by default builds both static and dynamic libraries.
 
  ./configure --prefix=~/natives/apr make make install
 
  After that edit the ~/natives/apr/lib/libapr-1.la file and
  comment or delete the following sections: dlname='...' and
  library_names='...' This is needed so that libtool picks the
  static version of the library.
 
  Build Tomcat native by executing
 
  ./configure --with-apr=~/natives/apr
  --with-ssl=~/natives/openssl
  --prefix=~/natives/tomcat
  make make install
 
  You're reaching the limits of my knowledge about building the
  whole bundle statically. I'll ping Rainer (CC'd here) who knows
  more than I do.
 
  here is something strange, Openssl successully build and
  install with -fPIC but tcnative still give me error.
 
  /usr/bin/ld:
  /usr/local/apache2/lib/libapr-1.a(apr_snprintf.o): relocation
  R_X86_64_32 against `.rodata' can not be used when making a
  shared object; recompile with -fPIC
  /usr/local/apache2/lib/libapr-1.a: error adding symbols: Bad
  value collect2: error: ld returned 1 exit status make[1]:
  *** [libtcnative-1.la] Error 1 make[1]: Leaving directory
  `/opt/aprtc/tomcat-native-1.1.31-src/jni/native' make: ***
  [all-recursive] Error 1
 
  I am not sure what to do here ?
 
  Hmm. Let's see if Rainer (or anyone else!) replies.
 
  -chris
 
 
  -
 
 
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUblhaAAoJEBzwKT+lPKRY4Y4P/jz71yNBd5eqCoddMlRZ3ISV
 Zd5xFv2O42EKNb+Hh2ImbG+yC/PyNW/3K7vSFlMELcUOsvdjBht1GfEgMLba+dhm
 utoUiNj9ueavF/Ip7EC2dTgmcx1CYFjYlcPieRWQjU//i+oBBKw514lckBQUc+y/
 ScSU2ReMPUuWQ3C3sHVUYZcKoJNRYLFqXkcCc7GzNn+leNHfp55OqB/lVwCU06AE
 BbGA+tVTBL2cjbTV8qGvDSY4UuGlZU7JoOMRaliAJhgsyDl20kIVyi7pTL52ieAV
 jmhU+K34RMGxiDp2XpsKf9lLnOTW2JdMmir+XrOsrEHn9ZQ3lYo3fKgUa0a38maR
 zH5+bJ3L5aDL3ifZdcg0bozs+6l3rxC52Itwzskh2ZfPWsIbZaT7NMXjrQQ1KoGB
 yFE+JUg/M1WxikWsgkkmTVEMY2/VqJqNIplk8KZohCC6SnXxz4rjNAVV1jZUnzSZ
 gpEjyc71ElUO7KqD7HMtK9fXTYvBdUmXCWCuSZQ+LW1Z37CfXTLfQd9/jQDe2OL2
 ylseItc9mnyKiZ8X8dRUUjlqyiUIyOUCCBnI/Wm13sh8RQ7G0bvA63Lc0xhYbORf
 xQfmSguArnSDnMoNAswyl9taqHXUyZRtw+xSQVgBSDgww9KJc/SJzkrS++4xjs8o
 NUgaRzlaV134AyVsDxYb
 =1n83
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


304c304
 #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES
---
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
661c661
 #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES
---
 #if

Re: APR with PKCS11 support

2014-12-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sanaullah,

On 12/1/14 6:09 AM, Sanaullah wrote:
 I have attached the diff [that allows external crypto decides to
 be used via tcnative). let me know if its ok?

For reference, here's the diff:

 
 304c304  #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES ---
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
 661c661  #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES ---
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES

This looks like a /reverse/ diff, since you said you removed the
HAVE_ENGINE_LOAD_BUILTIN_ENGINES and replaced it with 1. Other than
that, it's about as compact as you can get!

I think this would have been easier if you had just built tcnative
like this:

$ cd /path/to/tcnative/jni/native

$ CFLAGS=-DHAVE_ENGINE_LOAD_BUILTIN_ENGINES ./configure ...

$ CFLAGS=-DHAVE_ENGINE_LOAD_BUILTIN_ENGINES make

Can you try re-downloading the source and re-building with the above
CFLAGS set instead of patching the code? If that works, it will be a
slightly safer way to build.

I wonder why HAVE_ENGINE_LOAD_BUILTIN_ENGINES isn't usually set to 1.
I'll do a bit of reading about it.

Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUfIh6AAoJEBzwKT+lPKRYbKgP/1K0FulX2YQmOLnlTupIqAye
/d5+MXepk/kWCdKswP2aSjqpVRF4aCt6aQiWDI5oxpG45b5hkTFk0wAkC9q8MQiv
Aq9RknauhbqExSLdXyS+krfZP+i3yFOEDGccxLyKg6svlIX6xsf3ywUtekBrx/G1
HdGhIXX3ipMKh36yYpfzJOlBNg3uTxdk8oADtQPBC4HsNR0ZGtE5tcAXbl0ZCN33
F5n/u5H6nYhOimlon6eFqpton6qqecjyyCNPhpoZFJFFgRJX9HrOuFkAPRyUc6GG
+VgTHpH7J/RxtA3Ac2nk3U91WMIFgu+faJT7erh4KaSTT/+PaYdc7YUfctnjgUg+
R/O1/q5YN8GOItCpe/wfCZEIxRbcBiPAsLhe8Dlz5nqdc1aauAaezuqUDZu6lQKG
mP/0YF5fg13L4YyEVcSM9MNzm/+vPABZ0QuZsD6QSlpAagOvbLQAX1saQeKo4ngF
Yu7Xa1oo0J8Lg3cUMq3JbK6v3/A/wXmNXe85JSViR8otpWz+rM3eT6WD5kcIczko
gPlF4c4bYL86i0JXJMm44Bv7ZNuOzYZk200IzlUe9ZBHiXX/UwbINawLisKcs5+G
+5evf1YyGn6HvucMC7ENvszLNJAyLWk6sOguutO2COry9tyq5AL9pkATwUhH6mkL
HPfFzWYVT+Kabcf7vvw/
=/JO0
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-11-20 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sanaullah,

On 11/18/14 10:26 PM, Sanaullah wrote:
 Hi Chris,
 
 Engine is loaded Successfully. the issue is with tcnative.
 tcnative was not loading any engine and it was due to
 HAVE_ENGINE_LOAD_BUILTIN_ENGINES preprocessor which is unable to
 call ENGINE_load_builtin_engines. I made one change and in ssl.c of
 tomcat-native-1.1.31
 
 original Preprocessor #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
 
 Changed to
 
 #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup();
 
 #if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES 
 ENGINE_load_builtin_engines(); #endif

Can you give me a patch in diff -U form? I'd like to take a look at it
formally.

Thanks for doing the digging to figure out how to make this work. I
don't have a non-standard engine available to play with.

Thanks,
- -chris

 On Wed, Nov 19, 2014 at 12:36 AM, Christopher Schultz  
 ch...@christopherschultz.net wrote:
 
 Sanaullah,
 
 On 11/14/14 10:04 PM, Sanaullah wrote:
 The Engine name is correct its LunaCA3 Here is the code
 snippet from the openssl for the confirmation.
 
 openssl-1.0.1g/engines/e_lunaca3.c:#define ENGINE_LUNACA3_ID 
 LunaCA3
 
 I think the issue is with static and shared libraries of
 openssl.
 
 It could be. Since you are building on *NIX, you should probably
 be using dynamically-linked shared-libraries. But you have to be
 careful about the load-ordering if you are using an OpenSSL that is
 not the system default (e.g. in /usr/lib).
 
 if openssl build as shared then this LunaCA3 engine is not
 working for nodejs and even for Apache as well both required
 openssl to build static.
 
 Interesting...
 
 I tried to follow the Build document of tomcat native.
 Building statically linked library on Unixes 
 
 
 To statically link apr and openssl dependencies use the
 following procedure.
 
 You will need to build static version of openssl library.
 
 ./config --prefix=~/natives/openssl no-shared -fPIC make
 make install_sw
 Apr by default builds both static and dynamic libraries.
 
 ./configure --prefix=~/natives/apr make make install
 
 After that edit the ~/natives/apr/lib/libapr-1.la file and
 comment or delete the following sections: dlname='...' and 
 library_names='...' This is needed so that libtool picks the 
 static version of the library.
 
 Build Tomcat native by executing
 
 ./configure --with-apr=~/natives/apr 
 --with-ssl=~/natives/openssl
 --prefix=~/natives/tomcat
 make make install
 
 You're reaching the limits of my knowledge about building the
 whole bundle statically. I'll ping Rainer (CC'd here) who knows
 more than I do.
 
 here is something strange, Openssl successully build and
 install with -fPIC but tcnative still give me error.
 
 /usr/bin/ld:
 /usr/local/apache2/lib/libapr-1.a(apr_snprintf.o): relocation
 R_X86_64_32 against `.rodata' can not be used when making a
 shared object; recompile with -fPIC 
 /usr/local/apache2/lib/libapr-1.a: error adding symbols: Bad
 value collect2: error: ld returned 1 exit status make[1]:
 *** [libtcnative-1.la] Error 1 make[1]: Leaving directory 
 `/opt/aprtc/tomcat-native-1.1.31-src/jni/native' make: *** 
 [all-recursive] Error 1
 
 I am not sure what to do here ?
 
 Hmm. Let's see if Rainer (or anyone else!) replies.
 
 -chris
 
 
 -

 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUblhaAAoJEBzwKT+lPKRY4Y4P/jz71yNBd5eqCoddMlRZ3ISV
Zd5xFv2O42EKNb+Hh2ImbG+yC/PyNW/3K7vSFlMELcUOsvdjBht1GfEgMLba+dhm
utoUiNj9ueavF/Ip7EC2dTgmcx1CYFjYlcPieRWQjU//i+oBBKw514lckBQUc+y/
ScSU2ReMPUuWQ3C3sHVUYZcKoJNRYLFqXkcCc7GzNn+leNHfp55OqB/lVwCU06AE
BbGA+tVTBL2cjbTV8qGvDSY4UuGlZU7JoOMRaliAJhgsyDl20kIVyi7pTL52ieAV
jmhU+K34RMGxiDp2XpsKf9lLnOTW2JdMmir+XrOsrEHn9ZQ3lYo3fKgUa0a38maR
zH5+bJ3L5aDL3ifZdcg0bozs+6l3rxC52Itwzskh2ZfPWsIbZaT7NMXjrQQ1KoGB
yFE+JUg/M1WxikWsgkkmTVEMY2/VqJqNIplk8KZohCC6SnXxz4rjNAVV1jZUnzSZ
gpEjyc71ElUO7KqD7HMtK9fXTYvBdUmXCWCuSZQ+LW1Z37CfXTLfQd9/jQDe2OL2
ylseItc9mnyKiZ8X8dRUUjlqyiUIyOUCCBnI/Wm13sh8RQ7G0bvA63Lc0xhYbORf
xQfmSguArnSDnMoNAswyl9taqHXUyZRtw+xSQVgBSDgww9KJc/SJzkrS++4xjs8o
NUgaRzlaV134AyVsDxYb
=1n83
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-11-18 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sanaullah,

On 11/14/14 10:04 PM, Sanaullah wrote:
 The Engine name is correct its LunaCA3 Here is the code snippet 
 from the openssl for the confirmation.
 
 openssl-1.0.1g/engines/e_lunaca3.c:#define ENGINE_LUNACA3_ID 
 LunaCA3
 
 I think the issue is with static and shared libraries of openssl.

It could be. Since you are building on *NIX, you should probably be
using dynamically-linked shared-libraries. But you have to be careful
about the load-ordering if you are using an OpenSSL that is not the
system default (e.g. in /usr/lib).

 if openssl build as shared then this LunaCA3 engine is not working 
 for nodejs and even for Apache as well both required openssl to 
 build static.

Interesting...

 I tried to follow the Build document of tomcat native. Building 
 statically linked library on Unixes 
 
 
 To statically link apr and openssl dependencies use the following 
 procedure.
 
 You will need to build static version of openssl library.
 
 ./config --prefix=~/natives/openssl no-shared -fPIC make make 
 install_sw
 Apr by default builds both static and dynamic libraries.
 
 ./configure --prefix=~/natives/apr make make install
 
 After that edit the ~/natives/apr/lib/libapr-1.la file and comment 
 or delete the following sections: dlname='...' and 
 library_names='...' This is needed so that libtool picks the
 static version of the library.
 
 Build Tomcat native by executing
 
 ./configure --with-apr=~/natives/apr 
 --with-ssl=~/natives/openssl
 --prefix=~/natives/tomcat
 make make install

You're reaching the limits of my knowledge about building the whole
bundle statically. I'll ping Rainer (CC'd here) who knows more than I do.

 here is something strange, Openssl successully build and install 
 with -fPIC but tcnative still give me error.
 
 /usr/bin/ld: /usr/local/apache2/lib/libapr-1.a(apr_snprintf.o): 
 relocation R_X86_64_32 against `.rodata' can not be used when 
 making a shared object; recompile with -fPIC 
 /usr/local/apache2/lib/libapr-1.a: error adding symbols: Bad value 
 collect2: error: ld returned 1 exit status make[1]: *** 
 [libtcnative-1.la] Error 1 make[1]: Leaving directory 
 `/opt/aprtc/tomcat-native-1.1.31-src/jni/native' make: *** 
 [all-recursive] Error 1
 
 I am not sure what to do here ?

Hmm. Let's see if Rainer (or anyone else!) replies.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUa5+0AAoJEBzwKT+lPKRYBsoP/33HiFbBQpcM7SR+BQRyl/Tx
DhA8AcP5jBQgkLkE3ZJy04QUgL6JWvX1vyxfQJxtMp1agmBtcMMgnkpUMIxLB7yP
pOqy5mJJOsFL1hvg22n+MCfoT3+zAzFOhZvnTOXOp8OczVtJ35ZWcXl3oDaXHSyR
mdkFCMXD8USwKVBv5PZm/OD+S5NEnv8PgxWiaFtNtSlfC38H+SLbf1JaMYvjhdAa
PKcLpE2aI0efUX4tWG8bYK+hbzDkoL1D+3qEccCoKJ9DooMVHKiu+PB1Gf6oS5tD
qS7ZblkqiBxwS5GOFBaoch29C+jQAB81Mrj9ndhD7BZ5o852NQUeIChWrKuX+QLw
jWiPWaSU459uPdj1UZW0JibsN7U6N8V+hR1RvYNAL3kXRuJ9WjbHw5HmyiX0QeoF
OwDAuKMOifXNnYsfxHtoNoNebB8smXntzMPA0b3mksywTDfI288vCOiAQm7XT44m
u5MvyVIjpoWz/NZNm8t2Er1B1dceiRBpr9urO8HcljWY3oT8dMsfapEEDh2jlFV+
LZphHn3Cu3FzEwbclAhD4hCbb6kUVxpZnBm8eAD9BvDn8Ym+nfrs+dGBVBMhf7le
1t4ayKz0A2VAldPOa9WsOO/g8VUoLGW7cKaKSAJfOdJFcnnpg7pYPy0Pj5bcmJrn
xIF9OeYjsCFOhml42lpV
=j3PO
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-11-18 Thread Sanaullah

Hi Chris,

Engine is loaded Successfully. the issue is with tcnative.  tcnative was
not loading any engine and it was due to HAVE_ENGINE_LOAD_BUILTIN_ENGINES
preprocessor which is unable to call ENGINE_load_builtin_engines. I made
one change and in ssl.c of tomcat-native-1.1.31

original Preprocessor
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES

Changed to

#if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();

#if 1 //HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_load_builtin_engines();
#endif


Regards,
Sanaullah




On Wed, Nov 19, 2014 at 12:36 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sanaullah,

 On 11/14/14 10:04 PM, Sanaullah wrote:
  The Engine name is correct its LunaCA3 Here is the code snippet
  from the openssl for the confirmation.
 
  openssl-1.0.1g/engines/e_lunaca3.c:#define ENGINE_LUNACA3_ID
  LunaCA3
 
  I think the issue is with static and shared libraries of openssl.

 It could be. Since you are building on *NIX, you should probably be
 using dynamically-linked shared-libraries. But you have to be careful
 about the load-ordering if you are using an OpenSSL that is not the
 system default (e.g. in /usr/lib).

  if openssl build as shared then this LunaCA3 engine is not working
  for nodejs and even for Apache as well both required openssl to
  build static.

 Interesting...

  I tried to follow the Build document of tomcat native. Building
  statically linked library on Unixes
  
 
  To statically link apr and openssl dependencies use the following
  procedure.
 
  You will need to build static version of openssl library.
 
  ./config --prefix=~/natives/openssl no-shared -fPIC make make
  install_sw
  Apr by default builds both static and dynamic libraries.
 
  ./configure --prefix=~/natives/apr make make install
 
  After that edit the ~/natives/apr/lib/libapr-1.la file and comment
  or delete the following sections: dlname='...' and
  library_names='...' This is needed so that libtool picks the
  static version of the library.
 
  Build Tomcat native by executing
 
  ./configure --with-apr=~/natives/apr
  --with-ssl=~/natives/openssl
  --prefix=~/natives/tomcat
  make make install

 You're reaching the limits of my knowledge about building the whole
 bundle statically. I'll ping Rainer (CC'd here) who knows more than I do.

  here is something strange, Openssl successully build and install
  with -fPIC but tcnative still give me error.
 
  /usr/bin/ld: /usr/local/apache2/lib/libapr-1.a(apr_snprintf.o):
  relocation R_X86_64_32 against `.rodata' can not be used when
  making a shared object; recompile with -fPIC
  /usr/local/apache2/lib/libapr-1.a: error adding symbols: Bad value
  collect2: error: ld returned 1 exit status make[1]: ***
  [libtcnative-1.la] Error 1 make[1]: Leaving directory
  `/opt/aprtc/tomcat-native-1.1.31-src/jni/native' make: ***
  [all-recursive] Error 1
 
  I am not sure what to do here ?

 Hmm. Let's see if Rainer (or anyone else!) replies.

 - -chris

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUa5+0AAoJEBzwKT+lPKRYBsoP/33HiFbBQpcM7SR+BQRyl/Tx
 DhA8AcP5jBQgkLkE3ZJy04QUgL6JWvX1vyxfQJxtMp1agmBtcMMgnkpUMIxLB7yP
 pOqy5mJJOsFL1hvg22n+MCfoT3+zAzFOhZvnTOXOp8OczVtJ35ZWcXl3oDaXHSyR
 mdkFCMXD8USwKVBv5PZm/OD+S5NEnv8PgxWiaFtNtSlfC38H+SLbf1JaMYvjhdAa
 PKcLpE2aI0efUX4tWG8bYK+hbzDkoL1D+3qEccCoKJ9DooMVHKiu+PB1Gf6oS5tD
 qS7ZblkqiBxwS5GOFBaoch29C+jQAB81Mrj9ndhD7BZ5o852NQUeIChWrKuX+QLw
 jWiPWaSU459uPdj1UZW0JibsN7U6N8V+hR1RvYNAL3kXRuJ9WjbHw5HmyiX0QeoF
 OwDAuKMOifXNnYsfxHtoNoNebB8smXntzMPA0b3mksywTDfI288vCOiAQm7XT44m
 u5MvyVIjpoWz/NZNm8t2Er1B1dceiRBpr9urO8HcljWY3oT8dMsfapEEDh2jlFV+
 LZphHn3Cu3FzEwbclAhD4hCbb6kUVxpZnBm8eAD9BvDn8Ym+nfrs+dGBVBMhf7le
 1t4ayKz0A2VAldPOa9WsOO/g8VUoLGW7cKaKSAJfOdJFcnnpg7pYPy0Pj5bcmJrn
 xIF9OeYjsCFOhml42lpV
 =j3PO
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-11-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sanaullah,

On 10/29/14 9:54 AM, Sanaullah wrote:
 I again started working on SSLEngine with safenet and i need some
 help, how to enable the debugging? I configure the engine as
 LunaCA3.
 
 Listener class=org.apache.catalina.core.AprLifecycleListener 
 SSLEngine=LunaCA3 /
 
 Here is error log after starting the server.
 
 Oct 29, 2014 1:40:21 PM
 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR
 based Apache Tomcat Native library 1.1.31 using APR version 1.5.1. 
 Oct 29, 2014 1:40:22 PM
 org.apache.catalina.core.AprLifecycleListener init INFO: APR
 capabilities: IPv6 [true], sendfile [true], accept filters [false],
 random [true]. Oct 29, 2014 1:40:22 PM
 org.apache.catalina.core.AprLifecycleListener lifecycleEvent 
 SEVERE: Failed to initialize the SSLEngine. 
 org.apache.tomcat.jni.Error: 70023: This function has not been
 implemented on this platform

So the error code 70023 is (at least on my Linux system) equal to the
APR error code with the label APR_ENOTIMPL. I can see that in a few
places in the native implementation of the initialize method:

Starting on line native/src/ssl.c:679:
if ((ee = ENGINE_by_id(J2S(engine))) == NULL
 (ee = ssl_try_load_engine(J2S(engine))) == NULL)
err = APR_ENOTIMPL;
else {
if (strcmp(J2S(engine), chil) == 0)
ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1,
0, 0);
if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
err = APR_ENOTIMPL;
}

Again, starting on native/src/ssl.c:711:
SSL_TMP_KEYS_INIT(r);
if (r) {
TCN_FREE_CSTRING(engine);
ssl_init_cleanup(NULL);
tcn_ThrowAPRException(e, APR_ENOTIMPL);
return APR_ENOTIMPL;
}

So, either the engine cannot be loaded, or we can't call
ENGINE_set_default, or SSL_TMP_KEYS_INIT fails. I suspect it's not the
key init that's failing, given that you are trying to use a special
engine.

Are you comfortable modifying the code for tcnative? If you are on a
UNIX platform, (re-)compilation is pretty easy. You can add some code
to dump-out the state of things while the code executes.

I noticed at some point (re-reading the thread) that you were using
SSLCryptoDevice LunaCA but then somehow you and I started using
LunaCA3. Have you tried with LunaCA (without the 3)?

When you can get httpd to do this for you, do you have to modify the
LD_LIBRARY_PATH or put a library anywhere, or does OpenSSL already
have whatever it needs in order to support the hardware crypto device?

I'm wondering if the JVM doesn't have the appropriate library
available for some reason.

What do you get when you run openssl engine from your command-line
without any other special circumstances?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUZreIAAoJEBzwKT+lPKRYbOEP/3ix/d/bWeQVWSjrimLGBosd
XgyF7Z4PqC4oChGYguxfu6K/47JRXwizZ3gWe6hNvdxivRU+Rnzhpre86bU6qqyO
glT6qO4qYrvnA35y0qj+bLAIjOekVTkEHS11HO4ZofUBn/mAHCcN98AJ8AH2M0v6
6G2Yx2rF2+Be7yPL7txCFObAagAXIwp20Bv22+zcswVo6YVlDAI1r1RpjUTafObg
9IR31BRCwY9P9oJZ3lDKzBOWX3bFU+12CxeKJjJDg1TA1eB8s0e7XVCWyKdPgafi
UNI5Zv2dFZLgy37/jTmCySpE71MtxmH0IOrs3vJJHr2o27Axk8vMQkKxzXO1ddZ5
uYvk5KBaMhAUgaWaMvPFC69KBUOv+bTQo/+HujmuM6M2ogIDXYmSJYmI6qM7SGWR
7cguyOS9+rgJiiCdRktvQJMj3I9ukHi8px3VU+hZRDv7OYKc4FRaDWAYt2NpnP/o
exKtjVl9gG8rX96Zhimik0S0sXeykF5mwFZeygno+6eIMdLeyz4R0yVaIJCRfX+z
yDomd6BrHjjTTSVU2DygkCESUlMSJ1RsyLjAPN7GRLCefy0kFnk0RukF0txulrnB
KoGlvVuY1moZrbMRmnL3zG8EX0zWkAjtjXk4Rd8mJ4aHQy1cMUgtZ7KCMTJYTfs5
rpPyrMcQZiYI5r3YjI0a
=Ax7i
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-11-14 Thread Sanaullah

Hi Chris,

The Engine name is correct its LunaCA3 Here is the code snippet from the
openssl for the confirmation.

openssl-1.0.1g/engines/e_lunaca3.c:#define ENGINE_LUNACA3_ID  LunaCA3

I think the issue is with static and shared libraries of openssl. if
openssl build as shared then this LunaCA3 engine is not working for nodejs
and even for Apache as well both required openssl to build static.

I tried to follow the Build document of tomcat native.
Building statically linked library on Unixes


To statically link apr and openssl dependencies use the following
procedure.

You will need to build static version of openssl library.

 ./config --prefix=~/natives/openssl no-shared -fPIC
 make
 make install_sw
Apr by default builds both static and dynamic libraries.

 ./configure --prefix=~/natives/apr
 make
 make install

After that edit the ~/natives/apr/lib/libapr-1.la file
and comment or delete the following sections:
dlname='...' and library_names='...'
This is needed so that libtool picks the static version of the library.

Build Tomcat native by executing

 ./configure --with-apr=~/natives/apr --with-ssl=~/natives/openssl
--prefix=~/natives/tomcat
 make
 make install


here is something strange, Openssl successully build and install with -fPIC
but tcnative still give me error.

/usr/bin/ld: /usr/local/apache2/lib/libapr-1.a(apr_snprintf.o): relocation
R_X86_64_32 against `.rodata' can not be used when making a shared object;
recompile with -fPIC
/usr/local/apache2/lib/libapr-1.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
make[1]: *** [libtcnative-1.la] Error 1
make[1]: Leaving directory `/opt/aprtc/tomcat-native-1.1.31-src/jni/native'
make: *** [all-recursive] Error 1

I am not sure what to do here ?

Regards,
Sanaullah

On Sat, Nov 15, 2014 at 7:16 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sanaullah,

 On 10/29/14 9:54 AM, Sanaullah wrote:
  I again started working on SSLEngine with safenet and i need some
  help, how to enable the debugging? I configure the engine as
  LunaCA3.
 
  Listener class=org.apache.catalina.core.AprLifecycleListener
  SSLEngine=LunaCA3 /
 
  Here is error log after starting the server.
 
  Oct 29, 2014 1:40:21 PM
  org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR
  based Apache Tomcat Native library 1.1.31 using APR version 1.5.1.
  Oct 29, 2014 1:40:22 PM
  org.apache.catalina.core.AprLifecycleListener init INFO: APR
  capabilities: IPv6 [true], sendfile [true], accept filters [false],
  random [true]. Oct 29, 2014 1:40:22 PM
  org.apache.catalina.core.AprLifecycleListener lifecycleEvent
  SEVERE: Failed to initialize the SSLEngine.
  org.apache.tomcat.jni.Error: 70023: This function has not been
  implemented on this platform

 So the error code 70023 is (at least on my Linux system) equal to the
 APR error code with the label APR_ENOTIMPL. I can see that in a few
 places in the native implementation of the initialize method:

 Starting on line native/src/ssl.c:679:
 if ((ee = ENGINE_by_id(J2S(engine))) == NULL
  (ee = ssl_try_load_engine(J2S(engine))) == NULL)
 err = APR_ENOTIMPL;
 else {
 if (strcmp(J2S(engine), chil) == 0)
 ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1,
 0, 0);
 if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
 err = APR_ENOTIMPL;
 }

 Again, starting on native/src/ssl.c:711:
 SSL_TMP_KEYS_INIT(r);
 if (r) {
 TCN_FREE_CSTRING(engine);
 ssl_init_cleanup(NULL);
 tcn_ThrowAPRException(e, APR_ENOTIMPL);
 return APR_ENOTIMPL;
 }

 So, either the engine cannot be loaded, or we can't call
 ENGINE_set_default, or SSL_TMP_KEYS_INIT fails. I suspect it's not the
 key init that's failing, given that you are trying to use a special
 engine.

 Are you comfortable modifying the code for tcnative? If you are on a
 UNIX platform, (re-)compilation is pretty easy. You can add some code
 to dump-out the state of things while the code executes.

 I noticed at some point (re-reading the thread) that you were using
 SSLCryptoDevice LunaCA but then somehow you and I started using
 LunaCA3. Have you tried with LunaCA (without the 3)?

 When you can get httpd to do this for you, do you have to modify the
 LD_LIBRARY_PATH or put a library anywhere, or does OpenSSL already
 have whatever it needs in order to support the hardware crypto device?

 I'm wondering if the JVM doesn't have the appropriate library
 available for some reason.

 What do you get when you run openssl engine from your command-line
 without any other special circumstances?

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org

 iQIcBAEBCAAGBQJUZreIAAoJEBzwKT+lPKRYbOEP/3ix/d/bWeQVWSjrimLGBosd

Re: APR with PKCS11 support

2014-10-29 Thread Sanaullah

I again started working on SSLEngine with safenet and i need some help, how
to enable the debugging? I configure the engine as LunaCA3.

Listener class=org.apache.catalina.core.AprLifecycleListener
SSLEngine=LunaCA3 /


Here is error log after starting the server.

Oct 29, 2014 1:40:21 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.31 using APR
version 1.5.1.
Oct 29, 2014 1:40:22 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Oct 29, 2014 1:40:22 PM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented
on this platform
at org.apache.tomcat.jni.SSL.initialize(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Oct 29, 2014 1:40:22 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8080]
Oct 29, 2014 1:40:23 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8443]
Oct 29, 2014 1:40:23 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler
[http-apr-8443]
java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is
enabled in the AprLifecycleListener, the AprLifecycleListener has
initialised cor$
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:503)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: java.lang.Exception: Invalid Server SSL Protocol
(error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines)
at org.apache.tomcat.jni.SSLContext.make(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:498)
... 16 more




Regards,
Sanaullah





On Wed, Aug 6, 2014 at 5:12 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sunaullah,

 On 7/26/14, 4:50 AM, Sanaullah wrote:
  I tried that configuration but getting errrors.

 I just want you to know that you haven't been forgotten: I'm on
 vacation for a bit but I'd really like to take a look at this issue
 when I return.

 In the meantime, feel free to check out the tcnative code if you want
 to see what is going

Re: APR with PKCS11 support

2014-08-25 Thread Sanaullah

Hi Chris,

did you get any chance to take a look into the issue ?

Regards,
Sanaullah


On Wed, Aug 6, 2014 at 5:12 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sunaullah,

 On 7/26/14, 4:50 AM, Sanaullah wrote:
  I tried that configuration but getting errrors.

 I just want you to know that you haven't been forgotten: I'm on
 vacation for a bit but I'd really like to take a look at this issue
 when I return.

 In the meantime, feel free to check out the tcnative code if you want
 to see what is going on, or someone else could chime-in and give an
 opinion (or -- *gasp* -- a proposed patch!).

 Thanks,
 - -chris

  NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR
  version 1.4.6. Jul 23, 2014 3:06:40 AM
  org.apache.catalina.core.AprLifecycleListener init INFO: APR
  capabilities: IPv6 [true], sendfile [true], accept filters [false],
  random [true]. Jul 23, 2014 3:06:40 AM
  org.apache.catalina.core.AprLifecycleListener lifecycleEvent
  SEVERE: Failed to initialize the SSLEngine.
  org.apache.tomcat.jni.Error: 70023: This function has not been
  implemented on this platform at
  org.apache.tomcat.jni.SSL.initialize(Native Method) at
  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 
 
 at
 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
 
 at java.lang.reflect.Method.invoke(Method.java:606)
  at
 
 org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
 
 
 at
 
 org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
 
 
 at
 
 org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
 
 
 at
 
 org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
 
 
 at
 
 org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
 
 
 at
  org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at
  org.apache.catalina.startup.Catalina.load(Catalina.java:663) at
  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 
 
 at
 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
 
 at java.lang.reflect.Method.invoke(Method.java:606)
  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
 
 
 
  On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Sanaullah,
 
  On 7/25/14, 9:16 AM, Sanaullah wrote:
  httpd is working with HSM with addition of parameter
  SSLCryptoDevice=LunaCA  but when i try the same parameter in
  tomEE. TomEE don't recognized this parameters.
 
  WARNING: [SetAllPropertiesRule]{Server/Service/Connector}
  Setting property 'SSLCryptoDevice' to 'LunaCA3' did not find
  a matching property.
 
  Any Idea?
 
  Try setting SSLEngine=LunaCA3 instead of SSLEngine=on in your:
 
  Listener class=org.apache.catalina.core.AprLifecycleListener
  SSLEngine=on /
 
  -chris
 
  On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Sanaullah,
 
  On 7/10/14, 4:19 AM, Sanaullah wrote:
  is there a way i can use pkcs11 supported
  SmartCard/token when using APR based SSL Connector in
  tomcat ? PEM encoded certificates and keys are stored
  in smartcard.
 
  I know BIO/NIO connectors supported token/HSM but I am
  looking for APR based connectors?
 
  I'm no expert at such configurations, but since tcnative/APR
  uses OpenSSL for its crypto engine, then it can do anything
  OpenSSL can do. Have you been able to configure e.g. httpd to
  use this kind of setup? If so, there ought to be a way to
  make it happen using Tomcat's APR connector.
 
  -chris
 
  -
 
 
 
 
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail:
  users-h...@tomcat.apache.org
 
 
 
 
  -
 
 
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJT4XLjAAoJEBzwKT+lPKRYmFkP/2/C0lSRB17qjX3F3IC8CCUK
 1ROyaFgdEMQHWtv6Ri9pKSTPhty60W69pDdz4WGTl7AYnrmkuzdaTA8OdG5RxrzM
 iEgmhrj9VRJE8qEwsXkbaVNytcxG1guesygUH8RODOdlA9yfbamkpR8wWqFjXwwp
 8xiFbEr+I6cIMliznEAwD1rtry4u+usFRVPPG892v1h6TLOp0I//TSq/7G4Iwmhs
 9wnK+1acNlC4rAIgNI1fgXv/Rgel3nn9KIQk3y4KM7HGx0BVVOBu+Hl335wMv9N6

Re: APR with PKCS11 support

2014-08-05 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sunaullah,

On 7/26/14, 4:50 AM, Sanaullah wrote:
 I tried that configuration but getting errrors.

I just want you to know that you haven't been forgotten: I'm on
vacation for a bit but I'd really like to take a look at this issue
when I return.

In the meantime, feel free to check out the tcnative code if you want
to see what is going on, or someone else could chime-in and give an
opinion (or -- *gasp* -- a proposed patch!).

Thanks,
- -chris

 NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR
 version 1.4.6. Jul 23, 2014 3:06:40 AM
 org.apache.catalina.core.AprLifecycleListener init INFO: APR
 capabilities: IPv6 [true], sendfile [true], accept filters [false],
 random [true]. Jul 23, 2014 3:06:40 AM
 org.apache.catalina.core.AprLifecycleListener lifecycleEvent 
 SEVERE: Failed to initialize the SSLEngine. 
 org.apache.tomcat.jni.Error: 70023: This function has not been
 implemented on this platform at
 org.apache.tomcat.jni.SSL.initialize(Native Method) at
 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

 
at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

 
at java.lang.reflect.Method.invoke(Method.java:606)
 at 
 org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)

 
at
 org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)

 
at
 org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)

 
at
 org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)

 
at
 org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)

 
at
 org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99) 
 at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at
 org.apache.catalina.startup.Catalina.load(Catalina.java:663) at
 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

 
at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

 
at java.lang.reflect.Method.invoke(Method.java:606)
 at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) 
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
 
 
 
 On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz  
 ch...@christopherschultz.net wrote:
 
 Sanaullah,
 
 On 7/25/14, 9:16 AM, Sanaullah wrote:
 httpd is working with HSM with addition of parameter 
 SSLCryptoDevice=LunaCA  but when i try the same parameter in
 tomEE. TomEE don't recognized this parameters.
 
 WARNING: [SetAllPropertiesRule]{Server/Service/Connector}
 Setting property 'SSLCryptoDevice' to 'LunaCA3' did not find
 a matching property.
 
 Any Idea?
 
 Try setting SSLEngine=LunaCA3 instead of SSLEngine=on in your:
 
 Listener class=org.apache.catalina.core.AprLifecycleListener 
 SSLEngine=on /
 
 -chris
 
 On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz  
 ch...@christopherschultz.net wrote:
 
 Sanaullah,
 
 On 7/10/14, 4:19 AM, Sanaullah wrote:
 is there a way i can use pkcs11 supported
 SmartCard/token when using APR based SSL Connector in
 tomcat ? PEM encoded certificates and keys are stored
 in smartcard.
 
 I know BIO/NIO connectors supported token/HSM but I am 
 looking for APR based connectors?
 
 I'm no expert at such configurations, but since tcnative/APR
 uses OpenSSL for its crypto engine, then it can do anything
 OpenSSL can do. Have you been able to configure e.g. httpd to
 use this kind of setup? If so, there ought to be a way to
 make it happen using Tomcat's APR connector.
 
 -chris
 
 -



 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail:
 users-h...@tomcat.apache.org
 
 
 
 
 -

 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJT4XLjAAoJEBzwKT+lPKRYmFkP/2/C0lSRB17qjX3F3IC8CCUK
1ROyaFgdEMQHWtv6Ri9pKSTPhty60W69pDdz4WGTl7AYnrmkuzdaTA8OdG5RxrzM
iEgmhrj9VRJE8qEwsXkbaVNytcxG1guesygUH8RODOdlA9yfbamkpR8wWqFjXwwp
8xiFbEr+I6cIMliznEAwD1rtry4u+usFRVPPG892v1h6TLOp0I//TSq/7G4Iwmhs
9wnK+1acNlC4rAIgNI1fgXv/Rgel3nn9KIQk3y4KM7HGx0BVVOBu+Hl335wMv9N6
eNoQPe+v7/gfs6iADwG/ROPZcYU+4iRSzZeQjzu5E29NWJs7bD1/CtcxkPK9s9EW
MsXJ7u3CP+OPomtriS/5Vcceb2rS28JtjWbAtnbyu6T4lJmEsLcX4YaTTfBwoWd3
F2X8olHB7P+gPCSKZurkt8uNXOVKdpQgljWfJeqFsEyvyXArwk1OBKYHDBgt8uTE
ML9Jrcs5QDPFDi/3MXgU/QV/OKqCeNVdsntS51NJ8uVE9nTfqgy9e5fcQGJR7hYA

Re: APR with PKCS11 support

2014-07-26 Thread Sanaullah

I tried that configuration but getting errrors.

NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR version
1.4.6.
Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented
on this platform
at org.apache.tomcat.jni.SSL.initialize(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)



On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sanaullah,

 On 7/25/14, 9:16 AM, Sanaullah wrote:
  httpd is working with HSM with addition of parameter
  SSLCryptoDevice=LunaCA  but when i try the same parameter in tomEE.
  TomEE don't recognized this parameters.
 
  WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
  property 'SSLCryptoDevice' to 'LunaCA3' did not find a matching
  property.
 
  Any Idea?

 Try setting SSLEngine=LunaCA3 instead of SSLEngine=on in your:

   Listener
  class=org.apache.catalina.core.AprLifecycleListener
  SSLEngine=on /

 - -chris

  On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz 
  ch...@christopherschultz.net wrote:
 
  Sanaullah,
 
  On 7/10/14, 4:19 AM, Sanaullah wrote:
  is there a way i can use pkcs11 supported SmartCard/token
  when using APR based SSL Connector in tomcat ? PEM encoded
  certificates and keys are stored in smartcard.
 
  I know BIO/NIO connectors supported token/HSM but I am
  looking for APR based connectors?
 
  I'm no expert at such configurations, but since tcnative/APR uses
  OpenSSL for its crypto engine, then it can do anything OpenSSL can
  do. Have you been able to configure e.g. httpd to use this kind of
  setup? If so, there ought to be a way to make it happen using
  Tomcat's APR connector.
 
  -chris
 
  -
 
 
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJT0nI3AAoJEBzwKT+lPKRYIA4P/3KOY/Tq+cLqR/i22DZijqUA
 5mzghWY2UnV0U091piNteVgpQmLf+299//3g1V3E9xpLmuYMsID3bIURKCR3UZp8
 rSO+IAIqs8hupN1uwM+ngQALGFd2BQ+AJWW2lMgzksCWV9OOuABnN2a0QqN1oQPK
 OOI5MjIMrl5O1eLW2IA9Iw/prwCSuvIaxl7v/BRCVYudfzh9unoNmOmhPHpXJ5/c
 KKf9dn3k3Fs2Y1WBzzPWK52YD2ooT6p6XaecsDwix01LNaJLS/sCmxz1riHxMxey
 nlJKY7AiTOYl/ynGeuZFBxy3okzf6ye/yxVMhw+LY/MKC8OpeBC86QWMBSaL/w2s
 6uJPogprWaLqccuKS3Fs+qAr8i5cgREb/mSb5YxG49OGqtf1xqjQr1cvSu08/qx7
 adfq26LjSZok7tnhDV6Fa/RiSJ0p3Be0jvU5XY4n5WMVAqJcc9Z1QomXpxpc+1oU
 KQzVLwIcMTeoyFwEfPKtxjU92Gyk+RlBR/lm/i2QreFXqO3MM2rOvYqKnjol4576
 PRfiH3UbcUTlf6fWLCFB7G58HqTuWIp9eZK2GNY1zh+73pBFNAj7+GA3jnBk68MS
 NMJnu7gdgSviWEow9K2eDb2by3cPyXjHhmkmPkX+3B567ZPs4EPDHmYBu5FhtaNw
 E/iZZ+RLlTWGfUVk2DdJ
 =9d4n
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-07-25 Thread Sanaullah

Hi Chris,

httpd is working with HSM with addition of parameter
SSLCryptoDevice=LunaCA  but when i try the same parameter in tomEE. TomEE
don't recognized this parameters.

WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLCryptoDevice' to 'LunaCA3' did not find a matching property.

Any Idea?

Regards,
Sanaullah






On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sanaullah,

 On 7/10/14, 4:19 AM, Sanaullah wrote:
  is there a way i can use pkcs11 supported SmartCard/token when
  using APR based SSL Connector in tomcat ? PEM encoded certificates
  and keys are stored in smartcard.
 
  I know BIO/NIO connectors supported token/HSM but I am  looking for
  APR based connectors?

 I'm no expert at such configurations, but since tcnative/APR uses
 OpenSSL for its crypto engine, then it can do anything OpenSSL can do.
 Have you been able to configure e.g. httpd to use this kind of setup?
 If so, there ought to be a way to make it happen using Tomcat's APR
 connector.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJTvqXWAAoJEBzwKT+lPKRY91AP/0StCi50JhOl0/cWSKDLoIFp
 fB18Yp1W/M72Km0TktBgpB1vGJry3aEyjaZfqL6rUpkhMouuGLKT3gFw1nNLKzw4
 g0b9ZbV7FJFIjyUNtEIIzD172TX6jf5Huh0dsPWpITqMpWiLdcrx825HGan9iUM1
 pjkdy+NIUcSWveBi2pWlw2GuAe2lMmEPRyAn1E5TuO32RKmivoFAIoobpz9Eho/T
 IdvwKa2zTOhYqhti35Bx9lMFfFP/1j5vwV8DHb8z28xFts3JsK2fEYCSbvW4nbRP
 ASKen6ibIBDlHTqFQzxKjeImmn6m5u1/MPjoE1YOJATkf/HL8M6WQF0JCI10nSzh
 xAwgQYUO77H4B+r6aRAhn0YaPpy3XdOdsjxrQeCF6IRWzwwUOyqWcNroNgiNnXLd
 xgzhxoH5RcMAE2F8941CnrPzqUOsPA18lmqvQUCZ2Qv6hZ8Tfp2Qysciz5Wj7Zn+
 QuFzAZQ85Vb0SbLK+JG9f6L5OUJQZcD2jeVwSHFXy333X0CgCwOQfkLRp13ugmOp
 DIt3Mbt5t1KpvWeNesmAAiAtcgbt9ubrcC+CsX4XE+egZMpc1Nl3uhW9n8GU+sgS
 eWXNVP0liJGQccehw7nHui8xDFcFbquhvWyAaSsDu+8RthL1sySSo+nVYEjni8WY
 eY83nmjfecWeS81bCvqu
 =44eq
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-07-25 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sanaullah,

On 7/25/14, 9:16 AM, Sanaullah wrote:
 httpd is working with HSM with addition of parameter 
 SSLCryptoDevice=LunaCA  but when i try the same parameter in tomEE.
 TomEE don't recognized this parameters.
 
 WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
 property 'SSLCryptoDevice' to 'LunaCA3' did not find a matching
 property.
 
 Any Idea?

Try setting SSLEngine=LunaCA3 instead of SSLEngine=on in your:

  Listener
 class=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /

- -chris

 On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz  
 ch...@christopherschultz.net wrote:
 
 Sanaullah,
 
 On 7/10/14, 4:19 AM, Sanaullah wrote:
 is there a way i can use pkcs11 supported SmartCard/token
 when using APR based SSL Connector in tomcat ? PEM encoded
 certificates and keys are stored in smartcard.
 
 I know BIO/NIO connectors supported token/HSM but I am
 looking for APR based connectors?
 
 I'm no expert at such configurations, but since tcnative/APR uses 
 OpenSSL for its crypto engine, then it can do anything OpenSSL can
 do. Have you been able to configure e.g. httpd to use this kind of
 setup? If so, there ought to be a way to make it happen using
 Tomcat's APR connector.
 
 -chris
 
 -

 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJT0nI3AAoJEBzwKT+lPKRYIA4P/3KOY/Tq+cLqR/i22DZijqUA
5mzghWY2UnV0U091piNteVgpQmLf+299//3g1V3E9xpLmuYMsID3bIURKCR3UZp8
rSO+IAIqs8hupN1uwM+ngQALGFd2BQ+AJWW2lMgzksCWV9OOuABnN2a0QqN1oQPK
OOI5MjIMrl5O1eLW2IA9Iw/prwCSuvIaxl7v/BRCVYudfzh9unoNmOmhPHpXJ5/c
KKf9dn3k3Fs2Y1WBzzPWK52YD2ooT6p6XaecsDwix01LNaJLS/sCmxz1riHxMxey
nlJKY7AiTOYl/ynGeuZFBxy3okzf6ye/yxVMhw+LY/MKC8OpeBC86QWMBSaL/w2s
6uJPogprWaLqccuKS3Fs+qAr8i5cgREb/mSb5YxG49OGqtf1xqjQr1cvSu08/qx7
adfq26LjSZok7tnhDV6Fa/RiSJ0p3Be0jvU5XY4n5WMVAqJcc9Z1QomXpxpc+1oU
KQzVLwIcMTeoyFwEfPKtxjU92Gyk+RlBR/lm/i2QreFXqO3MM2rOvYqKnjol4576
PRfiH3UbcUTlf6fWLCFB7G58HqTuWIp9eZK2GNY1zh+73pBFNAj7+GA3jnBk68MS
NMJnu7gdgSviWEow9K2eDb2by3cPyXjHhmkmPkX+3B567ZPs4EPDHmYBu5FhtaNw
E/iZZ+RLlTWGfUVk2DdJ
=9d4n
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-07-10 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sanaullah,

On 7/10/14, 4:19 AM, Sanaullah wrote:
 is there a way i can use pkcs11 supported SmartCard/token when
 using APR based SSL Connector in tomcat ? PEM encoded certificates
 and keys are stored in smartcard.
 
 I know BIO/NIO connectors supported token/HSM but I am  looking for
 APR based connectors?

I'm no expert at such configurations, but since tcnative/APR uses
OpenSSL for its crypto engine, then it can do anything OpenSSL can do.
Have you been able to configure e.g. httpd to use this kind of setup?
If so, there ought to be a way to make it happen using Tomcat's APR
connector.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTvqXWAAoJEBzwKT+lPKRY91AP/0StCi50JhOl0/cWSKDLoIFp
fB18Yp1W/M72Km0TktBgpB1vGJry3aEyjaZfqL6rUpkhMouuGLKT3gFw1nNLKzw4
g0b9ZbV7FJFIjyUNtEIIzD172TX6jf5Huh0dsPWpITqMpWiLdcrx825HGan9iUM1
pjkdy+NIUcSWveBi2pWlw2GuAe2lMmEPRyAn1E5TuO32RKmivoFAIoobpz9Eho/T
IdvwKa2zTOhYqhti35Bx9lMFfFP/1j5vwV8DHb8z28xFts3JsK2fEYCSbvW4nbRP
ASKen6ibIBDlHTqFQzxKjeImmn6m5u1/MPjoE1YOJATkf/HL8M6WQF0JCI10nSzh
xAwgQYUO77H4B+r6aRAhn0YaPpy3XdOdsjxrQeCF6IRWzwwUOyqWcNroNgiNnXLd
xgzhxoH5RcMAE2F8941CnrPzqUOsPA18lmqvQUCZ2Qv6hZ8Tfp2Qysciz5Wj7Zn+
QuFzAZQ85Vb0SbLK+JG9f6L5OUJQZcD2jeVwSHFXy333X0CgCwOQfkLRp13ugmOp
DIt3Mbt5t1KpvWeNesmAAiAtcgbt9ubrcC+CsX4XE+egZMpc1Nl3uhW9n8GU+sgS
eWXNVP0liJGQccehw7nHui8xDFcFbquhvWyAaSsDu+8RthL1sySSo+nVYEjni8WY
eY83nmjfecWeS81bCvqu
=44eq
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR with PKCS11 support

2014-07-10 Thread Sanaullah

Thanks chris,

I haven't tried such configurations with httpd. I will explore now.

Regards,
Sanaullah


On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Sanaullah,

 On 7/10/14, 4:19 AM, Sanaullah wrote:
  is there a way i can use pkcs11 supported SmartCard/token when
  using APR based SSL Connector in tomcat ? PEM encoded certificates
  and keys are stored in smartcard.
 
  I know BIO/NIO connectors supported token/HSM but I am  looking for
  APR based connectors?

 I'm no expert at such configurations, but since tcnative/APR uses
 OpenSSL for its crypto engine, then it can do anything OpenSSL can do.
 Have you been able to configure e.g. httpd to use this kind of setup?
 If so, there ought to be a way to make it happen using Tomcat's APR
 connector.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJTvqXWAAoJEBzwKT+lPKRY91AP/0StCi50JhOl0/cWSKDLoIFp
 fB18Yp1W/M72Km0TktBgpB1vGJry3aEyjaZfqL6rUpkhMouuGLKT3gFw1nNLKzw4
 g0b9ZbV7FJFIjyUNtEIIzD172TX6jf5Huh0dsPWpITqMpWiLdcrx825HGan9iUM1
 pjkdy+NIUcSWveBi2pWlw2GuAe2lMmEPRyAn1E5TuO32RKmivoFAIoobpz9Eho/T
 IdvwKa2zTOhYqhti35Bx9lMFfFP/1j5vwV8DHb8z28xFts3JsK2fEYCSbvW4nbRP
 ASKen6ibIBDlHTqFQzxKjeImmn6m5u1/MPjoE1YOJATkf/HL8M6WQF0JCI10nSzh
 xAwgQYUO77H4B+r6aRAhn0YaPpy3XdOdsjxrQeCF6IRWzwwUOyqWcNroNgiNnXLd
 xgzhxoH5RcMAE2F8941CnrPzqUOsPA18lmqvQUCZ2Qv6hZ8Tfp2Qysciz5Wj7Zn+
 QuFzAZQ85Vb0SbLK+JG9f6L5OUJQZcD2jeVwSHFXy333X0CgCwOQfkLRp13ugmOp
 DIt3Mbt5t1KpvWeNesmAAiAtcgbt9ubrcC+CsX4XE+egZMpc1Nl3uhW9n8GU+sgS
 eWXNVP0liJGQccehw7nHui8xDFcFbquhvWyAaSsDu+8RthL1sySSo+nVYEjni8WY
 eY83nmjfecWeS81bCvqu
 =44eq
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Connector questions

2013-09-23 Thread Tomcat Random

Ok, thanks for the advice. If it means removing one more layer of
complexity, I'm all for it.

Best,
Alec


On Fri, Sep 20, 2013 at 11:57 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Alec,

 On 9/20/13 2:03 PM, Tomcat Random wrote:
  Chris, Thanks for correcting the misdirected reply.
 
  Do you mean it's not working under load, or you haven't yet tried
  it under load?
 
  I mean I haven't tested it under load yet.
 
  One of the main reasons for choosing APR is is that I was under
  the impression it's good at serving large static files. My site has
  some large swf files - one is ~8mb (it's a game site).
 
  The docs on APR say, When APR is enabled, the HTTP connector will
  use sendfile for handling large static files (all such files will
  be sent asynchronously using high performance kernel level calls),
  and will use a socket poller for keepalive, increasing scalability
  of the server.

 The NIO connector also supports sendfile, and avoids blocking I/O for
 keepalives.

  Your recommendation is NIO is comparable to APR in non-ssl
  performance (as above for large static files) and more stable, and
  it would be better to switch to that?

 I'm suggesting that NIO might be a comparable choice to APR with the
 added benefit of removing some complexity (that of installing a native
 library) to your deployment.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.14 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSPRk7AAoJEBzwKT+lPKRYv5oP/1JZhzlnNfhPI7LLPJKegf5T
 Nk1Hd5DDPLoa58ihhnntQ0le0dOK6x+6LcktoIr1qvP9q2IiBupwF2HRnW4okW9O
 Db3p4vr0/9IioRPCkHpEcG6J+JR0L93SEDucqFpLQCAaR6x9Yc/ziGqO241sPhJD
 5BmEBPBi+Kl+OD+UNhrMpyzNKf/zdmzjJu7oMl97DS6kNmx6gf2rvEwBS2Iec6xV
 NgfzqQ/6faSIsFv5AseHIXmYkZcifyegUYemQt+ZtNs7z9C0rx7Gd1Hh6ls2mjlG
 WD4Y2yILg8WouDZXJXEhGU5Pq65iVCoYPTWTF4tvJS0aU4AYVx5opiSZNeZy6vGl
 UAsX7lpTDgQ/VXfEOHmslvZsHorkOnh6z9CcVDtjcZYf+mFouGy3CXJROTcUizJg
 pzwghiT4jX9xcUWaf13CjuqBMo5SwsSqkkf4HY2vFDBDfn70bIG8k+FdjjTjKjv1
 hZwkGc4Ysc0h0b2vKCYgI78fwydDvdnoNEJ50IONP6coxo4fSdaFCaFCQ/gXKVLG
 puMVkbE5WAkgxFBcM0zms5U9oqAQ2ZnwlGMB6tM1/GvnIQYgAiqqDVgEwm/wbWct
 XYxPIHakMXtJZRPY5lECQzmbHMZX4HnJ/si53lKQ2JeT79JC+Pesox0fNobU2eD1
 K5Wu5Y96NL5F+Frl3wOE
 =9/4N
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Connector questions

2013-09-20 Thread Tomcat Random

Chris, Thanks for correcting the misdirected reply.

Do you mean it's not working under load, or you haven't yet tried it
under load?

I mean I haven't tested it under load yet.

One of the main reasons for choosing APR is is that I was under the
impression it's good at serving large static files. My site has some large
swf files - one is ~8mb (it's a game site).

The docs on APR say, When APR is enabled, the HTTP connector will use
sendfile for handling large static files (all such files will be sent
asynchronously using high performance kernel level calls), and will use a
socket poller for keepalive, increasing scalability of the server.

Your recommendation is NIO is comparable to APR in non-ssl performance (as
above for large static files) and more stable, and it would be better to
switch to that?

Thanks again,
Alec




On Thu, Sep 19, 2013 at 1:56 PM, Jeffrey Janner jeffrey.jan...@polydyne.com
 wrote:

  -Original Message-
  From: Christopher Schultz [mailto:ch...@christopherschultz.net]
  Sent: Thursday, September 19, 2013 12:38 PM
  To: Tomcat Users List
  Cc: Tomcat Random
  Subject: Re: APR Connector questions
 
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA256
 
  Alec,
 
  Please keep discussions on the mailing lists so others can benefit from
  them.
 
  On 9/19/13 12:01 PM, Tomcat Random wrote:
   The answer for am I going to be using SSL is maybe. It's not
   mandatory, but would be nice for an admin area of the site. I already
   built the tcnative stuff and APR is working, but not under load.
 
  Do you mean it's not working under load, or you haven't yet tried it
  under load?
 
   I'm using APR because it was my understanding there was a big
   performance increase when using Tomcat without a proxy/web server in
   front of it. I just have Tomcat with my IP tables redirecting
   80-8080.
 
  APR and NIO performance are comparably to each other, SSL excepted. If
  you are talking about using SSL only for admin access (which is
  usually fairly limited in scope/traffic), then I wouldn't worry about
  the performance difference.
 
  One could argue that any site that requires login should be 100% SSL-
  protected, but I know nothing about your requirements.
 

 +1

   2500 users might not require 2500- simultaneous connections.
   True, and it occurs to me, sort of noobishly, where would you look
  for
   reporting simultaneous connections?
 
  You can use JMX to get lots of information about the connectors.
  You'll have to probe periodically and build-up a trend graph to
  understand your actual traffic.
 
  http://wiki.apache.org/tomcat/FAQ/Monitoring
 
   And once you know that number, back to my original question, how many
   maxthreads/acceptCounts?
 
  The acceptCount is just the TCP backlog. Setting this higher than the
  default is only helpful if you have huge transaction volume bursts and
  your transactions are fairly short. If you can't handle 200
  transactions waiting in the TCP accept queue pretty quickly, it's not
  going to help to raise that number to 1000. If you experience huge
  bursts of traffic that your app can handle with a short delay -- AND if
  you absolutely don't want to give any clients connection refused
  errors -- then raising the acceptCount is appropriate. I haven't seen a
  normal webapp that has ever required changing from the default, but
  my experience may not match the type of business you are in.
 
  As for maxThreads, that depends upon your load, the type of hardware
  you have, the length of your transactions, and the CPU load you expect
  will be required for your webapp. If your webapp is fairly CPU-bound
  (which I've found to be fairly rare) and you have a limited number of
  physical CPUs, raising the maxThreads limit buys you nothing: it may be
  worse than lowering it because you just end up running many threads at
  once and thrash the CPU.
 
  If you have a primarily I/O-bound app (most that I've seen... e.g.
  stuff that uses back-end databases for most requests) than raising the
  maxThreads can serve more requests... but then remember that your
  database must be able to handle the load as well. Having 1000 worker
  threads with a DB connection pool of size=10 means lots of waiting
  threads.
 
   Just how rare are the APR catastrophes?
 
  I don't have much data on frequency of occurrences just what I can
  see in BZ for the Tomcat Connectors project.
 

 Let's just say that over the past 8 or so years, I've yet to have it
 happen to me, and I am supporting dozens of Tomcat instances across a
 half-dozen systems with each Tomcat having 5 or 6 hosts each. Then again,
 I'm running under Windows and the tcnative is built for me by the good guys
 on the Tomcat Dev Team.

   Is it something a tomcat restart can fix?
 
  You don't have a choice: the JVM goes down immediately and you *must*
  restart Tomcat. That's what I meant by catastrophic.
 

 Yes, unfortunately, anything that causes a crash at the native code level

Re: APR Connector questions

2013-09-20 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

On 9/20/13 2:03 PM, Tomcat Random wrote:
 Chris, Thanks for correcting the misdirected reply.
 
 Do you mean it's not working under load, or you haven't yet tried
 it under load?
 
 I mean I haven't tested it under load yet.
 
 One of the main reasons for choosing APR is is that I was under
 the impression it's good at serving large static files. My site has
 some large swf files - one is ~8mb (it's a game site).
 
 The docs on APR say, When APR is enabled, the HTTP connector will
 use sendfile for handling large static files (all such files will
 be sent asynchronously using high performance kernel level calls),
 and will use a socket poller for keepalive, increasing scalability
 of the server.

The NIO connector also supports sendfile, and avoids blocking I/O for
keepalives.

 Your recommendation is NIO is comparable to APR in non-ssl
 performance (as above for large static files) and more stable, and
 it would be better to switch to that?

I'm suggesting that NIO might be a comparable choice to APR with the
added benefit of removing some complexity (that of installing a native
library) to your deployment.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSPRk7AAoJEBzwKT+lPKRYv5oP/1JZhzlnNfhPI7LLPJKegf5T
Nk1Hd5DDPLoa58ihhnntQ0le0dOK6x+6LcktoIr1qvP9q2IiBupwF2HRnW4okW9O
Db3p4vr0/9IioRPCkHpEcG6J+JR0L93SEDucqFpLQCAaR6x9Yc/ziGqO241sPhJD
5BmEBPBi+Kl+OD+UNhrMpyzNKf/zdmzjJu7oMl97DS6kNmx6gf2rvEwBS2Iec6xV
NgfzqQ/6faSIsFv5AseHIXmYkZcifyegUYemQt+ZtNs7z9C0rx7Gd1Hh6ls2mjlG
WD4Y2yILg8WouDZXJXEhGU5Pq65iVCoYPTWTF4tvJS0aU4AYVx5opiSZNeZy6vGl
UAsX7lpTDgQ/VXfEOHmslvZsHorkOnh6z9CcVDtjcZYf+mFouGy3CXJROTcUizJg
pzwghiT4jX9xcUWaf13CjuqBMo5SwsSqkkf4HY2vFDBDfn70bIG8k+FdjjTjKjv1
hZwkGc4Ysc0h0b2vKCYgI78fwydDvdnoNEJ50IONP6coxo4fSdaFCaFCQ/gXKVLG
puMVkbE5WAkgxFBcM0zms5U9oqAQ2ZnwlGMB6tM1/GvnIQYgAiqqDVgEwm/wbWct
XYxPIHakMXtJZRPY5lECQzmbHMZX4HnJ/si53lKQ2JeT79JC+Pesox0fNobU2eD1
K5Wu5Y96NL5F+Frl3wOE
=9/4N
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Connector questions (was: ARP Connector questions)

2013-09-19 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

Changed subject: it's APR (Apache Portable Runtime), not ARP (which is
something different).

On 9/19/13 11:39 AM, Tomcat Random wrote:
 Tomcat 7.0.42, RHEL6
 
 I've installed the APR connector and have my service.xml configured
 with the only enabled connector being:
 
 !--APR connector native installed -- Connector port=8080
 maxHttpHeaderSize=8192 maxThreads=150 enableLookups=false
 disableUploadTimeout=true acceptCount=100 scheme=http
 secure=false SSLEnabled=false/
 
 1. I'm expecting about 2500 simultaneous visitors. Any thoughts on
 how much I might want to bump up the maxThreads and acceptCount?

The better question is how many simultaneous /requests/ you expect.
2500 users might not require 2500- simultaneous connections.

 2. Does the APR connector work within the Executor thread pools?
 I'm a little unclear on this. Currently the Executor node is
 commented out. Do I want a shared executor for the ARP connector?

Yes, you can use an executor. If you don't specify one, a Connector
will create a default Executor for itself. If you expect to have
multiple connectors and you want them all to share a pool of worker
threads, then you'll want to configure a single Executor and then
reference that from each of your Connectors.

Are you going to be using SSL? If not, you might have slightly better
luck with the NIO connector (APR/OpenSSL has a performance advantage
over JSSE), plus you won't have to build and babysit tcnative, etc.
Problems that occur at the NIO level will likely throw exceptions
while APR can bring-down the whole JVM. It's rare, but when it
happens, it's catastrophic.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSOxwzAAoJEBzwKT+lPKRY2M8QAMqvN5KpOzmhBJbSlzQ770tr
xP8WiIrtloormFI9+XpT6ZJ2c1v5fx/MjlhSjhXKQd6M54pC9MKIXmM4zrpaOtPh
6amiRh7dNJXnYsUXKylw5O8lI4frsxbCnBS5wtXL1zywXL7uXbj37w4GbEzaYkql
5hL7z65/pBIhk9QTCfeUE7gvk1MQNMhkfDgGEHanWmwH3rCBucNjF7O8aUn8OlZy
3guTpvfo2TpPiSA6tpEgTliqR7ZTg19KN8flXtiN1+M/L+OGips1ihOPRYxj4Osc
A51pltqdEyv1cSR3oVyb4xYXCYHjO0kxoDNIpDr+HZp4Xw7bdb+VvXZamyffvOyP
dgs8zRRGsmKpVaPXnKcjdhNlbtCGKppQFuMeYxz975/dVxpHXcr3xmPKg33H31Jd
OnrYvyTjxeP6Y/cj1AYUZYwr+yzg3FBPv8S/O2POy1eZDTPVwr0uKfIlNYl6bzrr
PiEizoq/UYuIK+wst9NZsztAIf70VWmCbN1lW5oz090tXR0yU2xxdFhh3P7yUV/j
LxvQqGshX5uHW1sySGeznluof9t/RPd1938Sx0ML94EHmi+U7Mb+Y7u+jxy4skxT
m58Q3vxTYZrv78ayEfXP7KTdDXGItNwVwbILMpLopQ6oJe0N7ay8bbO5tj29/aR4
oOuFKKtVOXjWpZ+nC1Om
=AjzT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Connector questions

2013-09-19 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

Please keep discussions on the mailing lists so others can benefit
from them.

On 9/19/13 12:01 PM, Tomcat Random wrote:
 The answer for am I going to be using SSL is maybe. It's not
 mandatory, but would be nice for an admin area of the site. I
 already built the tcnative stuff and APR is working, but not under
 load.

Do you mean it's not working under load, or you haven't yet tried it
under load?

 I'm using APR because it was my understanding there was a big 
 performance increase when using Tomcat without a proxy/web server
 in front of it. I just have Tomcat with my IP tables redirecting
 80-8080.

APR and NIO performance are comparably to each other, SSL excepted. If
you are talking about using SSL only for admin access (which is
usually fairly limited in scope/traffic), then I wouldn't worry about
the performance difference.

One could argue that any site that requires login should be 100%
SSL-protected, but I know nothing about your requirements.

 2500 users might not require 2500- simultaneous connections.
 True, and it occurs to me, sort of noobishly, where would you look
 for reporting simultaneous connections?

You can use JMX to get lots of information about the connectors.
You'll have to probe periodically and build-up a trend graph to
understand your actual traffic.

http://wiki.apache.org/tomcat/FAQ/Monitoring

 And once you know that number, back to my original question, how
 many maxthreads/acceptCounts?

The acceptCount is just the TCP backlog. Setting this higher than the
default is only helpful if you have huge transaction volume bursts and
your transactions are fairly short. If you can't handle 200
transactions waiting in the TCP accept queue pretty quickly, it's not
going to help to raise that number to 1000. If you experience huge
bursts of traffic that your app can handle with a short delay -- AND
if you absolutely don't want to give any clients connection refused
errors -- then raising the acceptCount is appropriate. I haven't seen
a normal webapp that has ever required changing from the default,
but my experience may not match the type of business you are in.

As for maxThreads, that depends upon your load, the type of hardware
you have, the length of your transactions, and the CPU load you expect
will be required for your webapp. If your webapp is fairly CPU-bound
(which I've found to be fairly rare) and you have a limited number of
physical CPUs, raising the maxThreads limit buys you nothing: it may
be worse than lowering it because you just end up running many threads
at once and thrash the CPU.

If you have a primarily I/O-bound app (most that I've seen... e.g.
stuff that uses back-end databases for most requests) than raising the
maxThreads can serve more requests... but then remember that your
database must be able to handle the load as well. Having 1000 worker
threads with a DB connection pool of size=10 means lots of waiting
threads.

 Just how rare are the APR catastrophes?

I don't have much data on frequency of occurrences just what I can
see in BZ for the Tomcat Connectors project.

 Is it something a tomcat restart can fix?

You don't have a choice: the JVM goes down immediately and you *must*
restart Tomcat. That's what I meant by catastrophic.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSOzZ/AAoJEBzwKT+lPKRYL+0QAKMQIlr2crCQ35nbop8BvSGl
GpxfNiVhmNdVLwzNIp68xoQQhpYHMcg/ukFLjwaGG6AORlxf39PLFizd0TMKJNtO
EK2ZCRq6X4WXIwTPIaCb0ovbVp3HxIXPs+VxPVaDcxiHSCQN0FoaQFgP35E91rDR
ymgATcj+XXbc8rH5DyRMSPExbzO/5SeBWM65uQLfa2iA/qLCFq8NsrZgvi6QxZjR
O9JX+hWogL1nTPmgyyyXqY1YtIzTpB7F35itCCcccAkbmt4YePb7joQ4pPPX2jvT
aAggfHg9YUWoUuRA4IwCRRBkZiWSc8vkQhwV6vBN7Bw7/pK7x0SmwsBtBeZFkYa2
kxP8BOAVbsZu7ahnqGVIY17ul8FF4lslfRWN2YY4qqNdShUXkcTMiOoQcCU8Y4FL
zPgmIlqUQ2KRP8F9+9/66RCMCv+RS4bxo6Aq+IeEoz0B7peWVLDMLORNc5D6Y2s8
P/0ImtczB/wvEPdKpRVqB2uuDJfOBUD0vFGv3/TH8WXHIJyIiwK+Up3vtFlAEJjm
DLgO7W18mmEum81hrfvt4JXFFCV9kqHhVpFHXXDcARL4qEwp4fI2DaEitj1e5fGk
FIIA/EIx3gU0vjy3yjqccO9WjvHkbotgrJuWgrdPz25VA5ceGqqUaSWxKP4mEooy
nZAhl1oF5Glv3rIyNkjN
=7erg
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Connector questions

2013-09-19 Thread Jeffrey Janner

 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Thursday, September 19, 2013 12:38 PM
 To: Tomcat Users List
 Cc: Tomcat Random
 Subject: Re: APR Connector questions

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Alec,

 Please keep discussions on the mailing lists so others can benefit from
 them.

 On 9/19/13 12:01 PM, Tomcat Random wrote:
  The answer for am I going to be using SSL is maybe. It's not
  mandatory, but would be nice for an admin area of the site. I already
  built the tcnative stuff and APR is working, but not under load.

 Do you mean it's not working under load, or you haven't yet tried it
 under load?

  I'm using APR because it was my understanding there was a big
  performance increase when using Tomcat without a proxy/web server in
  front of it. I just have Tomcat with my IP tables redirecting
  80-8080.

 APR and NIO performance are comparably to each other, SSL excepted. If
 you are talking about using SSL only for admin access (which is
 usually fairly limited in scope/traffic), then I wouldn't worry about
 the performance difference.

 One could argue that any site that requires login should be 100% SSL-
 protected, but I know nothing about your requirements.

+1

  2500 users might not require 2500- simultaneous connections.
  True, and it occurs to me, sort of noobishly, where would you look
 for
  reporting simultaneous connections?

 You can use JMX to get lots of information about the connectors.
 You'll have to probe periodically and build-up a trend graph to
 understand your actual traffic.

 http://wiki.apache.org/tomcat/FAQ/Monitoring

  And once you know that number, back to my original question, how many
  maxthreads/acceptCounts?

 The acceptCount is just the TCP backlog. Setting this higher than the
 default is only helpful if you have huge transaction volume bursts and
 your transactions are fairly short. If you can't handle 200
 transactions waiting in the TCP accept queue pretty quickly, it's not
 going to help to raise that number to 1000. If you experience huge
 bursts of traffic that your app can handle with a short delay -- AND if
 you absolutely don't want to give any clients connection refused
 errors -- then raising the acceptCount is appropriate. I haven't seen a
 normal webapp that has ever required changing from the default, but
 my experience may not match the type of business you are in.

 As for maxThreads, that depends upon your load, the type of hardware
 you have, the length of your transactions, and the CPU load you expect
 will be required for your webapp. If your webapp is fairly CPU-bound
 (which I've found to be fairly rare) and you have a limited number of
 physical CPUs, raising the maxThreads limit buys you nothing: it may be
 worse than lowering it because you just end up running many threads at
 once and thrash the CPU.

 If you have a primarily I/O-bound app (most that I've seen... e.g.
 stuff that uses back-end databases for most requests) than raising the
 maxThreads can serve more requests... but then remember that your
 database must be able to handle the load as well. Having 1000 worker
 threads with a DB connection pool of size=10 means lots of waiting
 threads.

  Just how rare are the APR catastrophes?

 I don't have much data on frequency of occurrences just what I can
 see in BZ for the Tomcat Connectors project.

Let's just say that over the past 8 or so years, I've yet to have it happen to 
me, and I am supporting dozens of Tomcat instances across a half-dozen systems 
with each Tomcat having 5 or 6 hosts each. Then again, I'm running under 
Windows and the tcnative is built for me by the good guys on the Tomcat Dev 
Team.

  Is it something a tomcat restart can fix?

 You don't have a choice: the JVM goes down immediately and you *must*
 restart Tomcat. That's what I meant by catastrophic.

Yes, unfortunately, anything that causes a crash at the native code level is 
going to stop everything.
A restart may not fix the problem, but you can usually at least recover to a 
normal state for a time. At least until whatever specific circumstances that 
caused the crash occur again.

Jeff

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector does not work with SSL for Java 6 clients?

2013-08-25 Thread Jesse Barnum

How come Java 6 can connect to SSL running on Apache without this setting, but 
not to Tomcat running APR/SSL?

On Aug 24, 2013, at 12:15 PM, Michael-O 1983-01...@gmx.net wrote:

 I had this problem months ago too. APR Connector ist fine. The problem with 
 Java 6 is that the URLConnection -- JSSE -- sends a SSLv2Hello and this 
 breaks everything. I have restricted this for Java 6 clients at work. Java 7 
 does not suffer from this because this is disabled by default.

Re: APR connector does not work with SSL for Java 6 clients?

2013-08-25 Thread Michael-O


Am 2013-08-25 14:21, schrieb Jesse Barnum:

How come Java 6 can connect to SSL running on Apache without this
setting, but not to Tomcat running APR/SSL?

On Aug 24, 2013, at 12:15 PM, Michael-O 1983-01...@gmx.net wrote:


I had this problem months ago too. APR Connector ist fine. The
problem with Java 6 is that the URLConnection -- JSSE -- sends a
SSLv2Hello and this breaks everything. I have restricted this for
Java 6 clients at work. Java 7 does not suffer from this because
this is disabled by default.


First, do not top-post please.

1. Did you configure mod_ssl and APR Connector the same way?
2. Did you inspect the traffic with Wireshark? Help me a lot.

Maybe you are running in a cypher mismatch too. What we do use is 
TLSv1 and HIGH:!ADH. Everything below TLSv1 is outdated and 
insecure. Though TLSv1 is (very) old too but it is the best match at the 
moment.


Michael


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector does not work with SSL for Java 6 clients?

2013-08-25 Thread Jesse Barnum

On Aug 25, 2013, at 9:58 AM, Michael-O 1983-01...@gmx.net wrote:

 1. Did you configure mod_ssl and APR Connector the same way?
I'm not sure how to make sure that they are configured identically. The syntax 
in server.xml is not identical to the syntax in apache2.conf. For example, in 
Apache's ssl.conf file, the directive: 
SSLProtocol all -SSLv2

Does not work the same way in server.xml. In my connector element, I tried 
setting an attribute SSLProtocol=all -SSLv2, but that wouldn't parse at 
startup. I've tried SSLProtocol=TLSv1+SSLv3 and SSLProtocol=ALL, and they 
all fail with a connection reset message on the client. I also tried setting 
SSLCipherSuite=HIGH:!ADH as you recommended, as well as 
HIGH:MEDIUM:!aNULL:!MD5 which is the way I have it in Apache (the default 
value), but that didn't make any difference.



 2. Did you inspect the traffic with Wireshark? Help me a lot.
I haven't used Wireshark, although I have called 'System.setProperty( 
javax.net.debug, all )' which seems to give the same results in the Java 
console.

 
 Maybe you are running in a cypher mismatch too. What we do use is TLSv1 and 
 HIGH:!ADH. Everything below TLSv1 is outdated and insecure. Though TLSv1 is 
 (very) old too but it is the best match at the moment.
 
 Michael

--Jesse Barnum, President, 360Works
http://www.360works.com
Product updates and news on http://facebook.com/360Works
(770) 234-9293
== Don't lose your data! http://360works.com/safetynet/ for FileMaker Server ==

Re: APR connector does not work with SSL for Java 6 clients?

2013-08-25 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jesse,

On 8/25/13 1:08 PM, Jesse Barnum wrote:
 On Aug 25, 2013, at 9:58 AM, Michael-O 1983-01...@gmx.net wrote:
 
 1. Did you configure mod_ssl and APR Connector the same way?
 I'm not sure how to make sure that they are configured
 identically. The syntax in server.xml is not identical to the
 syntax in apache2.conf. For example, in Apache's ssl.conf file, the
 directive: SSLProtocol all -SSLv2
 
 Does not work the same way in server.xml. In my connector element,
 I tried setting an attribute SSLProtocol=all -SSLv2, but that 
 wouldn't parse at startup. I've tried SSLProtocol=TLSv1+SSLv3
 and SSLProtocol=ALL, and they all fail with a connection reset
 message on the client. I also tried setting
 SSLCipherSuite=HIGH:!ADH as you recommended, as well as
 HIGH:MEDIUM:!aNULL:!MD5 which is the way I have it in Apache (the
 default value), but that didn't make any difference.

Try posting both your httpd.conf and server.xml configurations (i.e. the
relevant stuff, not the whole thing).

You might want to review
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html --
specifically the SSLProtocol attribute which lists the acceptable
values. Hint: your attempts above are not supported.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSGkylAAoJEBzwKT+lPKRYQmIP/R08IFCNU7HqBWUjfBiWQY7u
xT/25q8XALJSk/qe0JT3Cw2y+xtbknM4NFZMle/6SersuHZpM8w2FWr7Xesqj42n
pUxhT8/7STtsJrqPgk6Y9HoY9iQOS2UgVBh2pg6001orjZJGhHlZ0I4kllu8MlSd
0AndQdAjolHKnC3E1azhx5jNNujnL7qfIZ5xUtg1v5iietcGcnThKzKeGex9coE2
msDJTBFjDOH0KwU7Kri5j9AoT4mrRihPGWTQoQC7ml5UgCc6nnq2V0x0iIIv2x3x
QS6CXVRL5K2rIU9WnCNYX7HUT/PvreUu0/UKM6V+5YdxY6iCdp0iIgtRiLtq/1WK
FJu5d/241tKaiaXw0cYdN1caU5crovFdM/gYf7dqmPntGM8rW3fnQQyCfH6epSaR
JfhytitMnEBr2hI2EQRZUSFq6iM1qn/NHj8mVUhFK2YwSWOwMyvz+syEWzCAb/5D
z4uL90UloK3etCQH/ep0dpHKCmISlyXRDprdqP42/qMCAa48ejr+3rLQH8Jp74Qv
iqnEdNyccnnpwZp4fZXRxAoU/pSaFAQ1A527/Tjw4a8PkJwKgKoJGLDe/O0b6YHf
ZnoOJqKzPjhyZw/WBs8eg0daJAjJHYsYfPpFSnLyFEIH7AxqTvA702WyDOrYaShH
GoFWn67XT+MZpGocEtwP
=Dvf8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector does not work with SSL for Java 6 clients?

2013-08-24 Thread Michael-O


Am 2013-08-24 18:10, schrieb Jesse Barnum:

I am trying to use SSL with Tomcat and an APR connector. This is
hosted on Ubuntu 13.04. I can make changes to the server, but not to
the existing Java client.

For some reason, whenever a Java 6 client connects to the Tomcat
server using SSL, it is not able to connect - the connection is reset
by the server. However, the exact same Java code can connect to the
same server on a different port hosted by Apache with SSL. In
addition, non-Java code (like curl) can connect to the Tomcat SSL
connection. I also tested with Java 7 and it works.

I have gotten this to work in Java 6 by forcing the Java client to
use the TLSv1 protocol (-Dhttps.protocols=TLSv1). However, this is
not a practical solution, because I cannot release an update at this
time for our Java clients.

Since this works with Apache on the server, it seems to me that I
should be able to make some sort of configuration change on the
server to also work with Tomcat, without needing to change the Java
clients.

In summary: * Java 6 connecting to Tomcat APR with SSL = FAIL * Java
7 connecting to Tomcat APR with SSL = good * curl connecting to
Tomcat APR with SSL = good

* Java 6 connecting to Apache SSL = good * Java 7 connecting to
Apache SSL = good * curl connecting to Apache SSL = good [...]



I had this problem months ago too. APR Connector ist fine. The problem 
with Java 6 is that the URLConnection -- JSSE -- sends a SSLv2Hello and 
this breaks everything. I have restricted this for Java 6 clients at 
work. Java 7 does not suffer from this because this is disabled by default.


Michael

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR does not understand this error code: proxy: read response failed

2011-12-14 Thread GSH


Hi Jakob

I'm experiencing exact same problem.

Could you help me with the solution ? Since the thread is older I'm assuming
that you may have nailed it and found a solution.

Regards,
Gaurav

Jakob Ericsson wrote:
 
 Hi,
 
 We are experiencing issues with AJP-communication between the httpd
 and Tomcat 6. This is communication between httpd and tomcat on
 localhost.
 
 Most of the requests work great in our performance tests but quite
 randomly we see this error in httpd error.log:
 ...
 [Wed Mar 18 21:47:09 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 21:47:09 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 21:47:09 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 ...
 
 This result in a 500 (or sometimes 503) response code to the user.
 As you can see in our log (larger log excerpt further down in mail),
 it occurs quite randomly. There are no traces of error in our Tomcat
 logs.
 
 
 Any idea what kind of error this is?
 
 Can we tune; httpd, tomcat or Windows to get rid of this problem?
 
 
 
 Our setup
 
 Sun JVM 1.6.0.12 (64-bit)
 Windows 2003 Server 64-bit (no firewall)
 Apache 2.2.11 (64-bit)
 Tomcat 6.0.18 (Native tomcat lib installed)
 
 
 Interesting stuff in httpd.conf
 
 ServerRoot D:/Apache/Apache2.2
 PidFile logs/httpd.pid
 Timeout 3600
 
 KeepAlive On
 MaxKeepAliveRequests 600
 KeepAliveTimeout 15
 
 IfModule mpm_winnt.c
 ThreadsPerChild 1000
 MaxRequestsPerChild  0
 /IfModule
 
 Listen 80
 
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
 
 ...
 
 ProxyRequests Off
 
 ProxyPass /server-status !
 ProxyPass /s/ !
 ProxyPass /favicon.ico !
 ProxyPass / ajp://localhost:40010/ min=20 smax=30 ttl=120 max=199
 timeout=60
 
 
 
 
 Log from our latest performance test
 
 [Wed Mar 18 18:42:09 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 18:42:09 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 18:42:09 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 18:55:55 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 18:55:55 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 18:55:55 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 19:08:09 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 19:08:09 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 19:08:09 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 19:29:50 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 19:29:50 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 19:29:50 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 20:00:26 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 20:00:26 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 20:00:26 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 20:47:46 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 20:47:46 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 20:47:46 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 21:07:13 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 21:07:13 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 21:07:13 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 21:42:03 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 21:42:03 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 21:42:03 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)
 [Wed Mar 18 21:47:09 2009] [error] (70014)End of file found:
 ajp_ilink_receive() can't receive header
 [Wed Mar 18 21:47:09 2009] [error] ajp_read_header: ajp_ilink_receive
 failed
 [Wed Mar 18 21:47:09 2009] [error] (120006)APR does not understand
 this error code: proxy: read response failed from 127.0.0.1:40010
 (localhost)

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-21 Thread Pid *

On 21 Nov 2011, at 02:44, Eric Kemp cruisingat90...@gmail.com wrote:

 Below is my entire server.xml (minus commented lines)

 ?xml version='1.0' encoding='utf-8'?
 Server port=8005 shutdown=SecretCommand

 Listener
 className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /

 Listener
 className=org.apache.catalina.core.JasperListener /

 Listener
 className=org.apache.catalina.core.JreMemoryLeakPreventionListener /

 Listener
 className=org.apache.catalina.mbeans.ServerLifecycleListener /

 Listener
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /

 GlobalNamingResources

  Resource name=UserDatabase auth=Container
  type=org.apache.catalina.UserDatabase
  description=User database that can be updated and saved
  factory=org.apache.catalina.users.MemoryUserDatabaseFactory
  pathname=conf/tomcat-users.xml /

 /GlobalNamingResources

 Service name=Catalina

  Connector
  port=8080
  protocol=HTTP/1.1
  connectionTimeout=2
  URIEncoding=UTF-8
  redirectPort=8443 /

  !-- Adding the connector below causes the Socket bind failed: [98]
 Address already in use error to appear in catalina.out... and https
 does not work. --

What happens if you use 8444 instead?


p

  Connector
  port=8443
  protocol=org.apache.coyote.http11.Http11AprProtocol
  maxThreads=150
  scheme=https
  secure=true
  clientAuth=false
  sslProtocol=TLS
  SSLEnabled=true
  SSLCertificateKeyFile=/etc/apache2/ssl/myDomain.com.key
  SSLCACertificateFile=/etc/apache2/ssl/myDomain.com.ca.crt /

  Engine name=Catalina defaultHost=localhost

   Realm
   className=org.apache.catalina.realm.UserDatabaseRealm
   resourceName=UserDatabase/

   Host
   name=localhost
   appBase=webapps
   unpackWARs=true
   autoDeploy=true
   xmlValidation=false
   xmlNamespaceAware=false
   /Host

  /Engine
 /Service
 /Server


 Thanks



 On Sun, Nov 20, 2011 at 4:18 PM, Caldarale, Charles R
 chuck.caldar...@unisys.com wrote:
 From: Eric Kemp [mailto:cruisingat90...@gmail.com]
 Subject: Re: APR SSL error: Socket bind failed: [98] Address already in 
 use

 Any other ideas would still be appreciated.

 As others have noted, the conflict is likely on some port other than 8443.  
 Post your entire server.xml, preferably with comments removed, so we can see 
 all of the ports declared there.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
 MATERIAL and is thus for use only by the intended recipient. If you received 
 this in error, please contact the sender and delete the e-mail and its 
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-21 Thread Konstantin Kolinko

2011/11/21 Eric Kemp cruisingat90...@gmail.com:
 Below is my entire server.xml (minus commented lines)


Good to know.

Can you post the logs? (catalina.date.log file). Clear them first
then try starting Tomcat.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-21 Thread Jeremy

I understand you want to use APR, but just for troubleshooting purposes,
try using the same server.xml but changing the SSL connector from

protocol=org.apache.coyote.http11.Http11AprProtocol

to

protocol=org.apache.coyote.http11.Http11NioProtocol

If that works, then your problem is with APR, most likely with the
installation rather than a bug in APR itself.  I'd try recompiling APR (and
installing the recompiled version).

=Jeremy=

On Sun, Nov 20, 2011 at 6:44 PM, Eric Kemp cruisingat90...@gmail.comwrote:

 Below is my entire server.xml (minus commented lines)

 ?xml version='1.0' encoding='utf-8'?
 Server port=8005 shutdown=SecretCommand

  Listener
  className=org.apache.catalina.core.AprLifecycleListener
  SSLEngine=on /


[snip]


  Service name=Catalina

  Connector
  port=8080
  protocol=HTTP/1.1
  connectionTimeout=2
  URIEncoding=UTF-8
  redirectPort=8443 /

  !-- Adding the connector below causes the Socket bind failed: [98]
 Address already in use error to appear in catalina.out... and https
 does not work. --
   Connector
  port=8443
  protocol=org.apache.coyote.http11.Http11AprProtocol
  maxThreads=150
  scheme=https
  secure=true
  clientAuth=false
  sslProtocol=TLS
  SSLEnabled=true
   SSLCertificateKeyFile=/etc/apache2/ssl/myDomain.com.key
  SSLCACertificateFile=/etc/apache2/ssl/myDomain.com.ca.crt /

  Engine name=Catalina defaultHost=localhost

   Realm
   className=org.apache.catalina.realm.UserDatabaseRealm
   resourceName=UserDatabase/

   Host
   name=localhost
   appBase=webapps
   unpackWARs=true
   autoDeploy=true
   xmlValidation=false
   xmlNamespaceAware=false
   /Host

  /Engine
  /Service
 /Server


 Thanks

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-21 Thread Eric Kemp

Problem resolved!  Thanks so much for all the helpful hints.  I had
been going to the end of the catalina.out file and seeing this error
message in the last ~60 lines of text, and thought it represented the
latest restart errors.  What I failed to notice, was that there WERE
previous errors above the clean looking lines.  They indicated
tomcat was unable to read the certificate files.  A quick chmod
fixed that, and now SSL works.  Clear them first was what got me to
see what I had been missing.  Thanks again.


On Mon, Nov 21, 2011 at 5:54 AM, Konstantin Kolinko
knst.koli...@gmail.com wrote:
 2011/11/21 Eric Kemp cruisingat90...@gmail.com:
 Below is my entire server.xml (minus commented lines)


 Good to know.

 Can you post the logs? (catalina.date.log file). Clear them first
 then try starting Tomcat.

 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-20 Thread Pid *

On 19 Nov 2011, at 18:44, Eric Kemp cruisingat90...@gmail.com wrote:

 Summary: I'm looking for ideas on how to resolve this Address already
 in use error when configuring SSL in Tomcat APR.

 Environment:
 Running Apache Tomcat/6.0.24
 on OS is Ubuntu 10.04.2 LTS
 with JVM 1.7.0_01-b08

 //
 // Prior to configuring SSL, and after starting Tomcat I run netstat
 -tulpn and see that port 8443 is not used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address   Foreign Address
 State   PID/Program name
 tcp0  0 127.0.0.1:3306  0.0.0.0:*
 LISTEN  29002/mysqld
 tcp0  0 0.0.0.0:22  0.0.0.0:*
 LISTEN  2136/sshd
 tcp6   0  0 127.0.0.1:8005  :::*
 LISTEN  12796/java
 tcp6   0  0 :::8080 :::*
 LISTEN  12796/java
 tcp6   0  0 :::22   :::*
 LISTEN  2136/sshd
 udp0  0 0.0.0.0:68  0.0.0.0:*
 2087/dhclient3

 //
 // I stop Tomcat, and add the following to my server.xml file:
 //
 Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /
 Connector port=8443
   protocol=org.apache.coyote.http11.Http11AprProtocol
   maxThreads=150
   scheme=https
   secure=true
   clientAuth=false
   sslProtocol=TLS
   SSLEnabled=true
   SSLCertificateKeyFile=/etc/apache2/ssl/myUniqueDomain.com.key
   SSLCACertificateFile=/etc/apache2/ssl/myUniqueDomain.com.ca.crt /

 //
 // I restart Tomcat, and see the following in the catalina.out file:

How are you start/stop/restarting Tomcat - bin/script or service?

After calling stop, are you sure Tomcat has actually stopped?


p



 //
 SEVERE: Error starting endpoint
 java.lang.Exception: Socket bind failed: [98] Address already in use
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
at 
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
at org.apache.catalina.connector.Connector.start(Connector.java:1080)
at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start
 SEVERE: Catalina.start:
 LifecycleException:  service.getName(): Catalina;  Protocol handler
 start failed: java.lang.Exception: Socket bind failed: [98] Address
 already in use
at org.apache.catalina.connector.Connector.start(Connector.java:1087)
at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 //
 // Running netstat -tulpn I see that port 8443 is now being used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address   Foreign Address
 State   PID/Program name
 tcp0  0 127.0.0.1:3306  0.0.0.0:*
 LISTEN  29002/mysqld
 tcp0  0 0.0.0.0:22  0.0.0.0:*
 LISTEN  2136/sshd
 tcp6   0  0 127.0.0.1:8005  :::*
 LISTEN  10696/java
 tcp6   0  0 :::8080 :::*
 LISTEN  10696/java
 tcp6   0  0 :::22   :::*
 LISTEN  2136/sshd
 tcp6   0  0 :::8443 :::*
 LISTEN  10696/java
 udp0  0 0.0.0.0:68  0.0.0.0:*
 2087/dhclient3

 If I change Connector port=8443 to Connector port=8445, I get
 the same error message, and netstat -tulpn shows:
 tcp6   0  0 :::8445 :::*
 LISTEN  10696/java

 I have also tried adding the following to my server.xml as an
 attribute to Connector  and still get the same error:

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-20 Thread Igor Cicimov

Isnt 8005 shutdown port for tomcat? I can see sshd bound to that port
already.
On Nov 20, 2011 6:33 PM, Konstantin Kolinko knst.koli...@gmail.com
wrote:

 2011/11/19 Eric Kemp cruisingat90...@gmail.com:
  Summary: I'm looking for ideas on how to resolve this Address already
  in use error when configuring SSL in Tomcat APR.
 
  Environment:
   Running Apache Tomcat/6.0.24

 That one is old. Maybe you can upgrade to 6.0.33?

   on OS is Ubuntu 10.04.2 LTS
   with JVM 1.7.0_01-b08

 There were severe issues with 1.7.0, such as Loop unroll optimization
 causes incorrect result. I do not know whether all of them are fixed
 in 7u1.
 http://tomcat.markmail.org/thread/oghpdg2whkrpnk7w

 Anyway, maybe you can try running with Java 6?

  //
  // I restart Tomcat, and see the following in the catalina.out file:
  //
  SEVERE: Error starting endpoint
  java.lang.Exception: Socket bind failed: [98] Address already in use
 at
 org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
 at
 org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
 at
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
 at
 org.apache.catalina.connector.Connector.start(Connector.java:1080)
 at
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
 at
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:601)
 at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 What INFO messages are before this one?
 Maybe you can post your entire server.xml (without comments and passwords)?


 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-20 Thread Pid *

On 20 Nov 2011, at 12:49, Igor Cicimov icici...@gmail.com wrote:

 Isnt 8005 shutdown port for tomcat? I can see sshd bound to that port
 already.

I think that's the line above...
There is a java process holding 8005


 On Nov 20, 2011 6:33 PM, Konstantin Kolinko knst.koli...@gmail.com
 wrote:

 2011/11/19 Eric Kemp cruisingat90...@gmail.com:
 Summary: I'm looking for ideas on how to resolve this Address already
 in use error when configuring SSL in Tomcat APR.

 Environment:
 Running Apache Tomcat/6.0.24

 That one is old. Maybe you can upgrade to 6.0.33?

 on OS is Ubuntu 10.04.2 LTS
 with JVM 1.7.0_01-b08

 There were severe issues with 1.7.0, such as Loop unroll optimization
 causes incorrect result. I do not know whether all of them are fixed
 in 7u1.
 http://tomcat.markmail.org/thread/oghpdg2whkrpnk7w

 Anyway, maybe you can try running with Java 6?

 //
 // I restart Tomcat, and see the following in the catalina.out file:
 //
 SEVERE: Error starting endpoint
 java.lang.Exception: Socket bind failed: [98] Address already in use
   at
 org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
   at
 org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
   at
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
   at
 org.apache.catalina.connector.Connector.start(Connector.java:1080)
   at
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
   at
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:601)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 What INFO messages are before this one?
 Maybe you can post your entire server.xml (without comments and passwords)?


 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-20 Thread Eric Kemp

Changing from jdk1.7.0_01 to 1.6.0_20 still results in the same error.

I use the following commands to stop and start Tomcat:
sudo /etc/init.d/tomcat6 stop
sudo /etc/init.d/tomcat6 start

I have verified that the Tomcat process DOES shut down when initiating
a stop command via ps -ef | grep java only showing the current
grep command.

Ubuntu's apt-get put me at this current level (of Tomcat 6.0.24 and
APR from 1.1.19-1) which I assumed would be fine.  I'll see about
trying to upgrade to Tomcat 6.0.33 and possibly APR 1.1.20-1.

Any other ideas would still be appreciated.

Thanks


On Sun, Nov 20, 2011 at 5:09 AM, Pid * p...@pidster.com wrote:
 On 19 Nov 2011, at 18:44, Eric Kemp cruisingat90...@gmail.com wrote:

 Summary: I'm looking for ideas on how to resolve this Address already
 in use error when configuring SSL in Tomcat APR.

 Environment:
 Running Apache Tomcat/6.0.24
 on OS is Ubuntu 10.04.2 LTS
 with JVM 1.7.0_01-b08

 //
 // Prior to configuring SSL, and after starting Tomcat I run netstat
 -tulpn and see that port 8443 is not used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address
 State       PID/Program name
 tcp        0      0 127.0.0.1:3306          0.0.0.0:*
 LISTEN      29002/mysqld
 tcp        0      0 0.0.0.0:22              0.0.0.0:*
 LISTEN      2136/sshd
 tcp6       0      0 127.0.0.1:8005          :::*
 LISTEN      12796/java
 tcp6       0      0 :::8080                 :::*
 LISTEN      12796/java
 tcp6       0      0 :::22                   :::*
 LISTEN      2136/sshd
 udp        0      0 0.0.0.0:68              0.0.0.0:*
         2087/dhclient3

 //
 // I stop Tomcat, and add the following to my server.xml file:
 //
 Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /
 Connector port=8443
           protocol=org.apache.coyote.http11.Http11AprProtocol
           maxThreads=150
           scheme=https
           secure=true
           clientAuth=false
           sslProtocol=TLS
           SSLEnabled=true
           SSLCertificateKeyFile=/etc/apache2/ssl/myUniqueDomain.com.key
           SSLCACertificateFile=/etc/apache2/ssl/myUniqueDomain.com.ca.crt 
 /

 //
 // I restart Tomcat, and see the following in the catalina.out file:

 How are you start/stop/restarting Tomcat - bin/script or service?

 After calling stop, are you sure Tomcat has actually stopped?


 p



 //
 SEVERE: Error starting endpoint
 java.lang.Exception: Socket bind failed: [98] Address already in use
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
        at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
        at 
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
        at org.apache.catalina.connector.Connector.start(Connector.java:1080)
        at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start
 SEVERE: Catalina.start:
 LifecycleException:  service.getName(): Catalina;  Protocol handler
 start failed: java.lang.Exception: Socket bind failed: [98] Address
 already in use
        at org.apache.catalina.connector.Connector.start(Connector.java:1087)
        at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 //
 // Running netstat -tulpn I see that port 8443 is now being used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address
 State       PID/Program name
 tcp        0      0 127.0.0.1:3306          0.0.0.0:*
 LISTEN      29002/mysqld
 tcp        0      0 0.0.0.0:22              0.0.0.0:*
 LISTEN      2136/sshd
 tcp6       0      0

RE: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-20 Thread Caldarale, Charles R

 From: Eric Kemp [mailto:cruisingat90...@gmail.com] 
 Subject: Re: APR SSL error: Socket bind failed: [98] Address already in use

 Any other ideas would still be appreciated.

As others have noted, the conflict is likely on some port other than 8443.  
Post your entire server.xml, preferably with comments removed, so we can see 
all of the ports declared there.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-20 Thread Eric Kemp

Below is my entire server.xml (minus commented lines)

?xml version='1.0' encoding='utf-8'?
Server port=8005 shutdown=SecretCommand

 Listener
 className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /

 Listener
 className=org.apache.catalina.core.JasperListener /

 Listener
 className=org.apache.catalina.core.JreMemoryLeakPreventionListener /

 Listener
 className=org.apache.catalina.mbeans.ServerLifecycleListener /

 Listener
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /

 GlobalNamingResources

  Resource name=UserDatabase auth=Container
  type=org.apache.catalina.UserDatabase
  description=User database that can be updated and saved
  factory=org.apache.catalina.users.MemoryUserDatabaseFactory
  pathname=conf/tomcat-users.xml /

 /GlobalNamingResources

 Service name=Catalina

  Connector
  port=8080
  protocol=HTTP/1.1
  connectionTimeout=2
  URIEncoding=UTF-8
  redirectPort=8443 /

  !-- Adding the connector below causes the Socket bind failed: [98]
Address already in use error to appear in catalina.out... and https
does not work. --
  Connector
  port=8443
  protocol=org.apache.coyote.http11.Http11AprProtocol
  maxThreads=150
  scheme=https
  secure=true
  clientAuth=false
  sslProtocol=TLS
  SSLEnabled=true
  SSLCertificateKeyFile=/etc/apache2/ssl/myDomain.com.key
  SSLCACertificateFile=/etc/apache2/ssl/myDomain.com.ca.crt /

  Engine name=Catalina defaultHost=localhost

   Realm
   className=org.apache.catalina.realm.UserDatabaseRealm
   resourceName=UserDatabase/

   Host
   name=localhost
   appBase=webapps
   unpackWARs=true
   autoDeploy=true
   xmlValidation=false
   xmlNamespaceAware=false
   /Host

  /Engine
 /Service
/Server


Thanks



On Sun, Nov 20, 2011 at 4:18 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
 From: Eric Kemp [mailto:cruisingat90...@gmail.com]
 Subject: Re: APR SSL error: Socket bind failed: [98] Address already in use

 Any other ideas would still be appreciated.

 As others have noted, the conflict is likely on some port other than 8443.  
 Post your entire server.xml, preferably with comments removed, so we can see 
 all of the ports declared there.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
 MATERIAL and is thus for use only by the intended recipient. If you received 
 this in error, please contact the sender and delete the e-mail and its 
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-19 Thread Talal Rabaa

Looks like you have another service (not necessarily Tomcat) running on port 98.

On 2011-11-19, at 1:44 PM, Eric Kemp wrote:

 Summary: I'm looking for ideas on how to resolve this Address already
 in use error when configuring SSL in Tomcat APR.
 
 Environment:
 Running Apache Tomcat/6.0.24
 on OS is Ubuntu 10.04.2 LTS
 with JVM 1.7.0_01-b08
 
 //
 // Prior to configuring SSL, and after starting Tomcat I run netstat
 -tulpn and see that port 8443 is not used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address   Foreign Address
 State   PID/Program name
 tcp0  0 127.0.0.1:3306  0.0.0.0:*
 LISTEN  29002/mysqld
 tcp0  0 0.0.0.0:22  0.0.0.0:*
 LISTEN  2136/sshd
 tcp6   0  0 127.0.0.1:8005  :::*
 LISTEN  12796/java
 tcp6   0  0 :::8080 :::*
 LISTEN  12796/java
 tcp6   0  0 :::22   :::*
 LISTEN  2136/sshd
 udp0  0 0.0.0.0:68  0.0.0.0:*
 2087/dhclient3
 
 //
 // I stop Tomcat, and add the following to my server.xml file:
 //
 Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /
 Connector port=8443
   protocol=org.apache.coyote.http11.Http11AprProtocol
   maxThreads=150
   scheme=https
   secure=true
   clientAuth=false
   sslProtocol=TLS
   SSLEnabled=true
   SSLCertificateKeyFile=/etc/apache2/ssl/myUniqueDomain.com.key
   SSLCACertificateFile=/etc/apache2/ssl/myUniqueDomain.com.ca.crt /
 
 //
 // I restart Tomcat, and see the following in the catalina.out file:
 //
 SEVERE: Error starting endpoint
 java.lang.Exception: Socket bind failed: [98] Address already in use
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
at 
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
at org.apache.catalina.connector.Connector.start(Connector.java:1080)
at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
 
 Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start
 SEVERE: Catalina.start:
 LifecycleException:  service.getName(): Catalina;  Protocol handler
 start failed: java.lang.Exception: Socket bind failed: [98] Address
 already in use
at org.apache.catalina.connector.Connector.start(Connector.java:1087)
at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
 
 //
 // Running netstat -tulpn I see that port 8443 is now being used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address   Foreign Address
 State   PID/Program name
 tcp0  0 127.0.0.1:3306  0.0.0.0:*
 LISTEN  29002/mysqld
 tcp0  0 0.0.0.0:22  0.0.0.0:*
 LISTEN  2136/sshd
 tcp6   0  0 127.0.0.1:8005  :::*
 LISTEN  10696/java
 tcp6   0  0 :::8080 :::*
 LISTEN  10696/java
 tcp6   0  0 :::22   :::*
 LISTEN  2136/sshd
 tcp6   0  0 :::8443 :::*
 LISTEN  10696/java
 udp0  0 0.0.0.0:68  0.0.0.0:*
 2087/dhclient3
 
 If I change Connector port=8443 to Connector port=8445, I get
 the same error message, and netstat -tulpn shows:
 tcp6   0  0 :::8445 :::*
 LISTEN  10696/java
 
 I have also tried adding the following to my server.xml as an
 attribute to Connector  and still get the same error:
 SSLCertificateFile=/etc/apache2/ssl/domain.com.crt
 
 It appears as if

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-19 Thread Eric Kemp

I've seen several places where people say [98] is the error message
number - not the port number.  Also, I'm not doing anything with port
98.

Thanks


On Sat, Nov 19, 2011 at 8:03 PM, Talal Rabaa ara...@gmail.com wrote:
 Looks like you have another service (not necessarily Tomcat) running on port 
 98.

 On 2011-11-19, at 1:44 PM, Eric Kemp wrote:

 Summary: I'm looking for ideas on how to resolve this Address already
 in use error when configuring SSL in Tomcat APR.

 Environment:
 Running Apache Tomcat/6.0.24
 on OS is Ubuntu 10.04.2 LTS
 with JVM 1.7.0_01-b08

 //
 // Prior to configuring SSL, and after starting Tomcat I run netstat
 -tulpn and see that port 8443 is not used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address
 State       PID/Program name
 tcp        0      0 127.0.0.1:3306          0.0.0.0:*
 LISTEN      29002/mysqld
 tcp        0      0 0.0.0.0:22              0.0.0.0:*
 LISTEN      2136/sshd
 tcp6       0      0 127.0.0.1:8005          :::*
 LISTEN      12796/java
 tcp6       0      0 :::8080                 :::*
 LISTEN      12796/java
 tcp6       0      0 :::22                   :::*
 LISTEN      2136/sshd
 udp        0      0 0.0.0.0:68              0.0.0.0:*
         2087/dhclient3

 //
 // I stop Tomcat, and add the following to my server.xml file:
 //
 Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /
 Connector port=8443
           protocol=org.apache.coyote.http11.Http11AprProtocol
           maxThreads=150
           scheme=https
           secure=true
           clientAuth=false
           sslProtocol=TLS
           SSLEnabled=true
           SSLCertificateKeyFile=/etc/apache2/ssl/myUniqueDomain.com.key
           SSLCACertificateFile=/etc/apache2/ssl/myUniqueDomain.com.ca.crt 
 /

 //
 // I restart Tomcat, and see the following in the catalina.out file:
 //
 SEVERE: Error starting endpoint
 java.lang.Exception: Socket bind failed: [98] Address already in use
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
        at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
        at 
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
        at org.apache.catalina.connector.Connector.start(Connector.java:1080)
        at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start
 SEVERE: Catalina.start:
 LifecycleException:  service.getName(): Catalina;  Protocol handler
 start failed: java.lang.Exception: Socket bind failed: [98] Address
 already in use
        at org.apache.catalina.connector.Connector.start(Connector.java:1087)
        at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

 //
 // Running netstat -tulpn I see that port 8443 is now being used:
 //
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address
 State       PID/Program name
 tcp        0      0 127.0.0.1:3306          0.0.0.0:*
 LISTEN      29002/mysqld
 tcp        0      0 0.0.0.0:22              0.0.0.0:*
 LISTEN      2136/sshd
 tcp6       0      0 127.0.0.1:8005          :::*
 LISTEN      10696/java
 tcp6       0      0 :::8080                 :::*
 LISTEN      10696/java
 tcp6       0      0 :::22                   :::*
 LISTEN      2136/sshd
 tcp6       0      0 :::8443                 :::*
 LISTEN      10696/java
 udp        0      0 0.0.0.0:68              0.0.0.0:*
         2087/dhclient3

 If I change Connector port=8443 to Connector port=8445, I get
 the same error message, and netstat -tulpn shows:
 tcp6       0      0 :::8445

Re: APR SSL error: Socket bind failed: [98] Address already in use

2011-11-19 Thread Konstantin Kolinko

2011/11/19 Eric Kemp cruisingat90...@gmail.com:
 Summary: I'm looking for ideas on how to resolve this Address already
 in use error when configuring SSL in Tomcat APR.

 Environment:
  Running Apache Tomcat/6.0.24

That one is old. Maybe you can upgrade to 6.0.33?

  on OS is Ubuntu 10.04.2 LTS
  with JVM 1.7.0_01-b08

There were severe issues with 1.7.0, such as Loop unroll optimization
causes incorrect result. I do not know whether all of them are fixed
in 7u1.
http://tomcat.markmail.org/thread/oghpdg2whkrpnk7w

Anyway, maybe you can try running with Java 6?

 //
 // I restart Tomcat, and see the following in the catalina.out file:
 //
 SEVERE: Error starting endpoint
 java.lang.Exception: Socket bind failed: [98] Address already in use
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
        at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
        at 
 org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
        at org.apache.catalina.connector.Connector.start(Connector.java:1080)
        at 
 org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
 org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

What INFO messages are before this one?
Maybe you can post your entire server.xml (without comments and passwords)?


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector pollTime defaults are strange in tomcat6/7

2011-08-01 Thread Darius D.

My goal with this thread was to rise awareness with APR connector poll time
defaults, as some users will not really bother investigating why their
servers have such high context switches / timer interrupts. There is no
problem here as Tomcat is working fine with defaults.

There should be no harm by setting it to 100 microseconds, as NIO
connectors are using 1000ms as default selectorTimeout ( same epoll inside )
and working just fine.

Christopher Schultz-2 wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Darius,

On 7/18/2011 2:23 PM, Darius D. wrote:
Does Tomcat APR really needs pollTime set so low by default? I
thought timeout is meant for some sort of book keeping, where is all
connections in FD set are idle, no events come for timeout period -
you force timeout and do bookkeeping - on a busy system you will get
events anyway cause of socket traffic. Also connection timeout is 60s
by default, so ending connection @ 2ms precision is not enhancing
latency in any way.

Seems like a reasonable question.

P.S. There exists perfect workaround in latest Tomcat7, using
protocol=org.apache.coyote.http11.Http11NioProtocol and
protocol=org.apache.coyote.ajp.AjpNioProtocol for AJP will do away
with all unneeded context switches.

Yes, switching from APR connector to another one certainly does
alleviate any issues you are experiencing by using the APR connector.
This isn't really a workaround. :)

On the other hand, a better workaround would be to set these values
appropriately for your environment. What's stopping you from setting the
pollTime to, as you suggest, 10 microseconds? That isn't really a
workaround, either: it's proper configuration.

It's probably worth discussing what the defaults should be, but there's
a perfectly reasonable course of action for you at this point: change
the configuration.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4tw8UACgkQ9CaO5/Lv0PDJ2ACeNAYeMDPWDw9jyjtXz2J82O9z
5b0An0a1E4LPyrIVcREaBqt+deRvVsOa
=bJY5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

--
View this message in context:
http://old.nabble.com/APR-connector-pollTime-defaults-are-strange-in-tomcat6-7-tp32085364p32173790.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector pollTime defaults are strange in tomcat6/7

2011-07-25 Thread Marvin Addison

 Does Tomcat APR really needs pollTime set so low by default?

Anyone care to comment on this point?  I'm interested in this
discussion as a user of Linux+APR connectors.  While we don't yet run
on a tickless kernel, I'm considering trying to measure the impact on
our systems as well, but some insight on the rationale for the
defaults would be helpful.

M

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector pollTime defaults are strange in tomcat6/7

2011-07-25 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Darius,

On 7/18/2011 2:23 PM, Darius D. wrote:
 Does Tomcat APR really needs pollTime set so low by default? I
 thought timeout is meant for some sort of book keeping, where is all
 connections in FD set are idle, no events come for timeout period -
 you force timeout and do bookkeeping - on a busy system you will get
 events anyway cause of socket traffic. Also connection timeout is 60s
 by default, so ending connection @ 2ms precision is not enhancing
 latency in any way.

Seems like a reasonable question.

 P.S. There exists perfect workaround in latest Tomcat7, using 
 protocol=org.apache.coyote.http11.Http11NioProtocol and 
 protocol=org.apache.coyote.ajp.AjpNioProtocol for AJP will do away
 with all unneeded context switches.

Yes, switching from APR connector to another one certainly does
alleviate any issues you are experiencing by using the APR connector.
This isn't really a workaround. :)

On the other hand, a better workaround would be to set these values
appropriately for your environment. What's stopping you from setting the
pollTime to, as you suggest, 10 microseconds? That isn't really a
workaround, either: it's proper configuration.

It's probably worth discussing what the defaults should be, but there's
a perfectly reasonable course of action for you at this point: change
the configuration.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4tw8UACgkQ9CaO5/Lv0PDJ2ACeNAYeMDPWDw9jyjtXz2J82O9z
5b0An0a1E4LPyrIVcREaBqt+deRvVsOa
=bJY5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR connector pollTime defaults are strange in tomcat6/7

2011-07-22 Thread Darius D.

Darius D. wrote:

Does Tomcat APR really needs pollTime set so low by default? I thought
timeout is meant for some sort of book keeping, where is all connections
in FD set are idle, no events come for timeout period - you force
timeout and do bookkeeping - on a busy system you will get events anyway
cause of socket traffic. Also connection timeout is 60s by default, so
ending connection @ 2ms precision is not enhancing latency in any way.

I think defaults should be increased to something reasonable like 100ms
(pollTime =10) to avoid unneeded wakeups (and wakeups are bad, cause
they cause context switch, and context switches pollute caches, TLB
buffers and on modern servers burn electricity by forcing CPUs from low C
states )

I guess there is no interest in efficiency and reducing overhead with APR
connectors? Overhead is quite substantial. Consider the following - on a
lightly loaded system we were seeing ~1.8k timer interrups and context
switches with Linux 2.6.39 kernel and latest Tomcat 7 + 1.20 TCNative + APR.
And its easy to see where from they are coming - 3 connector (AJP 8009,
HTTP, HTTPS) , all APR, all 2000 microseconds PollTime. So we were getting
~500x3 context switches from all those epoll_wait(...,2ms) calls. And they
were just burning CPU and polluting caches.

After switching to NIO connectors on same system and same load CS and
interrupts are down to ~600.
( note that to reproduce this you need a system with NO_HZ kernel and HPET
to actually get a epoll_wait timeout of 2000us instead of ~1/HZ (10ms on
100HZ kernel ) minimum on normal kernels )

I have attached screenshot from munin irq stats display.
http://old.nabble.com/file/p32115035/irqstats-week.png irqstats-week.png

So results are pretty obviuos.
--
View this message in context:
http://old.nabble.com/APR-connector-pollTime-defaults-are-strange-in-tomcat6-7-tp32085364p32115035.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Native library on tomcat 6

2011-06-30 Thread ccastle


Hello.

I have the same problem, except that in the log it is not specified what
library is needed. This are the messages in the log:

30-jun-2011 15:13:03 org.apache.coyote.http11.Http11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
30-jun-2011 15:13:04 org.apache.catalina.core.StandardService stop
INFO: Parando servicio Catalina
30-jun-2011 15:13:04 org.apache.coyote.http11.Http11Protocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
30-jun-2011 15:13:04 org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: Failed shutdown of Apache Portable Runtime
30-jun-2011 15:16:01 org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/java/jdk1.6/jre/lib/i386/server:/usr/java/jdk1.6/jre/lib/i386:/usr/java/jdk1.6/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
30-jun-2011 15:16:01 org.apache.coyote.http11.Http11Protocol init
INFO: Inicializando Coyote HTTP/1.1 en puerto http-8080
30-jun-2011 15:16:01 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 281 ms
30-jun-2011 15:16:02 org.apache.catalina.core.StandardService start
INFO: Arrancando servicio Catalina
30-jun-2011 15:16:02 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.0
30-jun-2011 15:16:02 org.apache.catalina.core.StandardHost start
INFO: Desactivada la validación XML
30-jun-2011 15:16:02 org.apache.catalina.loader.WebappClassLoader
validateJarFile
INFO:
validateJarFile(/opt/tomcat6/webapps/Recaudacion/WEB-INF/lib/servlet-api.jar)
- jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class:
javax/servlet/Servlet.class
30-jun-2011 15:16:02 org.apache.coyote.http11.Http11Protocol start
INFO: Arrancando Coyote HTTP/1.1 en puerto http-8080
30-jun-2011 15:16:02 org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
30-jun-2011 15:16:02 org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/41  config=null
30-jun-2011 15:16:02 org.apache.catalina.startup.Catalina start
INFO: Server startup in 847 ms


The bolded part of the message is the error I have. Besides, I'm trying to
use tomcat 6 with a Project that was compiled on tomcat 5.5.7, I can't see
the jsp pages.

Could you help me with this plis?

Thankyou!

Christopher Schultz-2 wrote:
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 lmk,
 
 On 6/19/2009 9:59 AM, lmk wrote:
 I complied apr sources, I dont used binnaries.
 
 If you compiled apr, you're not done: you actually need libtcnative-1.so
 as well as apr. The APR connector is a little misleading in its naming
 because it's libtcnative.so that is required, not libapr.so.
 
 You can find tcnative in your Tomcat distro under
 CATALINA_HOME/bin/tomcat-native.tar.gz
 
 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iEYEARECAAYFAko/1BAACgkQ9CaO5/Lv0PCangCbBvsOD69tpdPieboAxoOgcEK2
 TdwAoKWtCfA1oRaoFE2iOffyzJ/d4EwB
 =uhFj
 -END PGP SIGNATURE-
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://old.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p31967678.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Native library on tomcat 6

2011-06-30 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

To whom it may concern,

On 6/30/2011 4:21 PM, ccastle wrote:
 I have the same problem [where APR won't load], except that in the log it is 
 not specified what
 library is needed.

You don't need to read the logs to see what library is needed, you need
to read the documentation:
http://tomcat.apache.org/tomcat-7.0-doc/apr.html

 This are the messages in the log:

 The bolded part of the message is the error I have.

Text styles do not come across plain text mailing list posts.

I don't see any error messages at all. Perhaps you are talking about
this INFO message:

 INFO: The Apache Tomcat Native library which allows optimal performance in
 production environments was not found on the java.library.path:
 /usr/java/jdk1.6/jre/lib/i386/server:/usr/java/jdk1.6/jre/lib/i386:/usr/java/jdk1.6/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib

Are you actually intending to use APR? If you are trying to use APR and
it's not working, then you should tell us what you have done so far.

If you don't care about APR or have no idea what I'm talking about and
are only posting to the list because of the above message, you can
safely ignore the message or disable the AprLifecycleListener in
server.xml to get rid of that message.

 Besides, I'm trying to use tomcat 6 with a Project that was compiled
 on tomcat 5.5.7, I can't see the jsp pages.

Please post to the list under a separate subject if you have another,
unrelated problem.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4M3WIACgkQ9CaO5/Lv0PD6IgCgom3sUXhIKdrHQCFKHWmH5tc1
URQAnjEU4JTDwTi+11NdtmpzzbD9igMa
=mFx7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR and async request

2010-12-21 Thread spring

OK; I've got it...

when I change the Connector from HTTP/1.1 to
org.apache.coyote.http11.Http11NioProtocol is works.
Sounds a bit logical (Non-Blocking and async) but can someone please
explain?

Thank you


 when I disable APR by removing the tcnative-1.dll or by removing the APR
 listener from server.xml async requests do not work anymore. I get
 immediately after the request an empty response body with status 200.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR and async request

2010-12-21 Thread Mark Thomas

On 21/12/2010 13:07, spr...@gmx.eu wrote:
 OK; I've got it...
 
 when I change the Connector from HTTP/1.1 to
 org.apache.coyote.http11.Http11NioProtocol is works.
 Sounds a bit logical (Non-Blocking and async) but can someone please
 explain?

You'll need to explain what you mean by async requests before anyone can
answer that.

Mark

 
 Thank you
 
 
 when I disable APR by removing the tcnative-1.dll or by removing the APR
 listener from server.xml async requests do not work anymore. I get
 immediately after the request an empty response body with status 200.
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR and async request

2010-12-21 Thread spring

I mean the new servlet 3.0 capabilities:

startAsync() and the resulting AsyncContext:

request.startAsync()
AsyncContext#getResponse()

sample:

HttpServletResponse res = (HttpServletResponse)ac.getResponse();
res.setStatus(200);
res.setHeader(X-Foo, bar);
res.setContentType(application/xml);
PrintWriter w = res.getWriter();
w.println(foo/);
w.flush();
ac.complete();

It seem that the response object is some what damaged, the code does not
fail, but the client only receives status 200, no body and no custom headers
send via Response#setHeader(X-..., ...).

Thank you!

 -Original Message-
 From: Mark Thomas [mailto:ma...@apache.org] 
 Sent: Dienstag, 21. Dezember 2010 14:10
 To: Tomcat Users List
 Subject: Re: APR and async request
 
 On 21/12/2010 13:07, spr...@gmx.eu wrote:
  OK; I've got it...
  
  when I change the Connector from HTTP/1.1 to
  org.apache.coyote.http11.Http11NioProtocol is works.
  Sounds a bit logical (Non-Blocking and async) but can someone please
  explain?
 
 You'll need to explain what you mean by async requests before 
 anyone can
 answer that.
 
 Mark
 
  
  Thank you
  
  
  when I disable APR by removing the tcnative-1.dll or by 
 removing the APR
  listener from server.xml async requests do not work anymore. I get
  immediately after the request an empty response body with 
 status 200.
  
  
  
 -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
  
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR and async request

2010-12-21 Thread Mark Thomas

On 21/12/2010 15:09, spr...@gmx.eu wrote:
 I mean the new servlet 3.0 capabilities:
 
 startAsync() and the resulting AsyncContext:
 
 request.startAsync()
 AsyncContext#getResponse()
 
 sample:
 
 HttpServletResponse res = (HttpServletResponse)ac.getResponse();
 res.setStatus(200);
 res.setHeader(X-Foo, bar);
 res.setContentType(application/xml);
 PrintWriter w = res.getWriter();
 w.println(foo/);
 w.flush();
 ac.complete();
 
 It seem that the response object is some what damaged, the code does not
 fail, but the client only receives status 200, no body and no custom headers
 send via Response#setHeader(X-..., ...).

That should work with all connectors and there are a fair number of test
cases that check that it does. If you have a simple, reproducible test
case then please open a bugzilla issue.

Mark

 
 Thank you!
 
 -Original Message-
 From: Mark Thomas [mailto:ma...@apache.org] 
 Sent: Dienstag, 21. Dezember 2010 14:10
 To: Tomcat Users List
 Subject: Re: APR and async request

 On 21/12/2010 13:07, spr...@gmx.eu wrote:
 OK; I've got it...

 when I change the Connector from HTTP/1.1 to
 org.apache.coyote.http11.Http11NioProtocol is works.
 Sounds a bit logical (Non-Blocking and async) but can someone please
 explain?

 You'll need to explain what you mean by async requests before 
 anyone can
 answer that.

 Mark


 Thank you


 when I disable APR by removing the tcnative-1.dll or by 
 removing the APR
 listener from server.xml async requests do not work anymore. I get
 immediately after the request an empty response body with 
 status 200.



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR/Native: when to use it?

2010-12-03 Thread André Warnier


David Dabbs wrote:

Would it provide better performance for AJP connector processing?


Not at all.  The comparison you have been pointed to refers to HTTP connectors.
AJP is another (different) protocol, and has a different connector.




Thanks,

David

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Sent: Thursday, December 02, 2010 3:09 PM

To: Tomcat Users List
Subject: RE: APR/Native: when to use it?

From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] 
Subject: APR/Native: when to use it?


Is it always advisable to use APR if tomcat is the main 
web server?


No.

Does it provide better performance for core tomcat engine 
or do you need to write code to take advantage of it?


That's not really an or situation.  Depending on your circumstances, it
may or may not provide better performance (also dependent on what you happen
to mean by performance).  You never need to write code to take advantage
of it.


What are the pros and cons of using it? Are there cons?


Look here:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Connector%20Compari
son

Will it provide better performance for SSL connectors?  


Pretty much always.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR/Native: when to use it?

2010-12-03 Thread Mark Thomas

On 03/12/2010 09:35, André Warnier wrote:
 David Dabbs wrote:
 Would it provide better performance for AJP connector processing?
 
 Not at all.  The comparison you have been pointed to refers to HTTP
 connectors.
 AJP is another (different) protocol, and has a different connector.

The AJP connector comes in two flavours. BIO and APR. Is there a
performance difference? Yes. What will it be in your environment? No
idea, you;'ll have to test it.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR/Native: when to use it?

2010-12-02 Thread Caldarale, Charles R

 From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] 
 Subject: APR/Native: when to use it?

 Is it always advisable to use APR if tomcat is the main 
 web server?

No.

 Does it provide better performance for core tomcat engine 
 or do you need to write code to take advantage of it?

That's not really an or situation.  Depending on your circumstances, it may 
or may not provide better performance (also dependent on what you happen to 
mean by performance).  You never need to write code to take advantage of it.

 What are the pros and cons of using it? Are there cons?

Look here:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Connector%20Comparison

 Will it provide better performance for SSL connectors?  

Pretty much always.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR/Native: when to use it?

2010-12-02 Thread Aggarwal, Ajay

Thanks for your quick response, but I still don't know when should I use
APR. That comparison table doesn't help me much (perhaps my ignorance
here).

-Original Message-

 Is it always advisable to use APR if tomcat is the main 
 web server?

No.

 Does it provide better performance for core tomcat engine 
 or do you need to write code to take advantage of it?

That's not really an or situation.  Depending on your circumstances,
it may or may not provide better performance (also dependent on what you
happen to mean by performance).  You never need to write code to take
advantage of it.

 What are the pros and cons of using it? Are there cons?

Look here:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Connector%20Com
parison

 Will it provide better performance for SSL connectors?  

Pretty much always.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR based tomcat native library not found

2010-10-13 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

To whom it may concern,

On 10/12/2010 11:00 AM, efftronics wrote:
 I am running apache tomcat 6.0.18 , java 1.6 on windows xp platform.
 I copied tcnative-1.dll  and openssl.exe(1.1.14 version) in
  C:\apache-tomcat-6.0.18\bin . But i when i run 
 startup.bat it showing that APR based tcnative library not found.

It should also dump the value for the system property java.library.path.
What value does it show there?

Note that Tomcat 6.0.18 is over 2 years old. Consider upgrading to the
latest.

 I also tried with 1.1.8,1.1.0,1.1.19,1.1.20 APR libraries but there
 is no use.Plaease help me.Which version i have to use.Please provide
 the link.

http://tomcat.apache.org/tomcat-6.0-doc/apr.html

Note the following, directly from the above link:

Windows binaries are provided for tcnative-1, which is a statically
compiled .dll which includes OpenSSL and APR.

That means you don't need openssl.exe at all unless you have chosen to
use separate, dynamically linked .dll files. It looks like you're doing
a little of both. If you use separate .dlls, you need: tcnative.dll,
apr.dll, and some kind of openssl library (it's unclear if you need
openssl.exe or something else).

The binaries I find for 1.1.20 say they were built against APR 1.3.9 and
OpenSSL 0.9.8k.

So, it sounds like you need to:

1. Use the OpenSSL version that is expected (0.9.8k instead of whatever
1.1.14 is)

2. Add the APR .dll

3. Double-check your java.library.path and make sure the .dll files are
in there somewhere (or change your java.library.path)

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAky1/LQACgkQ9CaO5/Lv0PDOnwCfciNI61IEMvq4g7dzDbt0bYDg
1NkAnj3qT3rTNL/6n8/KTMZI9kmpK72y
=sWhT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-20 Thread André Warnier

Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dale,

On 7/19/2010 7:42 PM, Dale Ogilvie wrote:

Reasons to use httpd being what?

Here are a few ideas:

1. Load balancing
2. Use of mixed Java and non-Java webapps (PHP, Perl, etc.)
3. Use of multiple Tomcat instances behind a single web server

If I thought about it, I could come up with a few more.

4. Imperative/beneficial use of one of the multiple Apache built-in or add-on modules
which exist for Apache, and where comparable ready-made Tomcat valves, filters,
applications do not (yet) exist or are not as mature.

(ref : http://httpd.apache.org/docs/2.2/mod/)

5. Situations where running java webapps under a servlet engine is not the main
focus/purpose/interest of a website, but things like 2. above are.
I'll enclose in that the situations where the main area of competence of the people
developing or managing the website is not Java.

To round this off, I'd say that the right tool for a job does not depend only on the
intrinsic qualities of the tool itself. It also depends on many other local
circumstances, of which the availability of people with the appropriate competences is
probably the most important.
From a relative outsider's point of view, I would compare Apache httpd and Tomcat as
follows :

To achieve anything other than relatively trivial with Tomcat, at some point you'll need
to become very competent with Java. Being competent with Java is a lifetime occupation,
not because of the language itself, but because achieving anything worthwhile with it
requires learning about many, many class libraries and their API's.

(Anyone challenging the above ?)

In comparison Apache httpd has, built-in, many features that just require configuration,
and already has many ready-to-use add-on modules which just require to be plugged-in and
configured, without having to do any programming at all.

This may suit sysadmins types better than developer types.

In both cases, some knowledge of the HTTP protocol is a must, and a good knowledge of HTTP
is a tremendous help.
To achieve a certain goal, if you have a choice, choose whatever you are more comfortable
with.

Technically, I think that Christopher's earlier benchmarks showed that Tomcat can serve
simple static content at least as well as Apache httpd.
Using Apache httpd as a front-end to Tomcat introduces some overhead, but with a correct
configuration this overhead will be insignificant in most real-world situations, compared
to what can be achieved (in terms of unnecessary overhead) by bad coding in the
applications themselves, whether they are running under Tomcat or under Apache.
To connect Apache with Tomcat, you can use either mod_jk or mod_proxy_ajp (or just
mod_proxy_http). Again, each one has its advantages and inconvenients, and you should
mainly choose whichever you feel more comfortable with. The difference in performance
between these solutions will likely be insignificant, compared to the mistakes in
configuration and in the applications.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-20 Thread Pid

On 19/07/2010 22:21, Tony Anecito wrote:
 Hi Pid
 
 First off I get a little red x in the upper left hand corner of the web page.

Excellent technical description of the problem.  Is it the response
status 404 or a 500, I wonder?


 Yep I agree maybe an upgrade to the latest Tomcat and APR might accomplish 
 fixing the problem but silly me I like to understand an issue before I 
 upgrade.

I didn't say it would, but silly me I like to advise people to stay
current, to gain the benefit of bug and security fixes.


 APR==httpd at least that is what the Apache Web site says and the acronym I 
 put 
 up on the title page is about. The Apache Web server group disavow any 
 knowledge 
 of APR since they say the Tomcat Group developed to to replace Apache Web 
 Server.

It's been explained elsewhere in the thread that this is incorrect, but
I'm curious to know where you read that the HTTPD 'group' disavowed APR?


 What little info I could find seems to indicate APR uses the ROOT directory  
 under Webapps for html based apps.
 
 I will probably go back to Apache Web server as a separate tier. I was trying 
 to 
 get better performance using APR + Tomcat and saw some but not enough to 
 justify 
 the advantages of a seperate tier.


I can't seem to see whether your original problem has actually been
resolved or not, did you manage to determine what was happening or not?


p


 Best Regards,
 -Tony
 
 
 
 - Original Message 
 From: Pid p...@pidster.com
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Mon, July 19, 2010 3:05:41 PM
 Subject: Re: APR  Tomcat...
 
 On 19/07/2010 19:44, Tony Anecito wrote:
 Hi All,

 I have been having odd issues with APR  Tomcat (6.0.20) since I set it up a 
 while ago. I am seeing:
 
 Time for an upgrade.
 
 1. Sometimes on the first try to get images from a page where the images are 
 assigned a sub domain via a host tag I get a red x. Hitting refresh seems to 
 retrieve the images. The images are in a subfolder off of the ROOT folder of 
 tomcat.
 
 Can you reproduce the problem?
 
 What does the client actually see?
 
 You can use a browser tool to find out, e.g. Firebug in Firefox.
 Fiddler, ieHttpHeaders in IE, the built-in developer tools in Safari/Chrome.
 
 What does the server actually send?  You didn't state your OS (tsk) but
 there are tools available for most OS which will allow you to monitor
 network traffic at the server. (e.g. Wireshark).
 
 2. I get a file not found off of another folder where the file is a jnlp 
 file.


 So is there any type of directory tag (allow, deny ect) I should be using 
 for 
 the sub folders off or ROOT? When I used Apache Web server I set those up 
 but 
 then I was not using a Host tag either. But for APR I did not set up any 
 type 
 directory tags.
 
 No there isn't.  Tomcat != Apache HTTPD.
 
 Security permissions are set in the ROOT/WEB-INF/web.xml, as per the
 Servlet Spec.
 
 
 p
 
 If I need the directory tags where would I put them?

 Thanks,
 -Tony


   

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

 
 
   




signature.asc
Description: OpenPGP digital signature

Re: APR Tomcat...

2010-07-20 Thread Tony Anecito

The red x is the standard way in an html page to indicate something is wrong 
but 
no 404 or other status code is displayed otherwise I would have mentioned it.
Simple google indicated many reasons why it might occur.

As I mentioned in another email I plan to switch back to Apache Web Server and 
there recently has been very good explantions on this email group why to do so. 
As I mentioned I used APR for performance which it did a good job for me but 
other considerations come into play at this point so no need to drag up old 
emails from the Apache group regarding APR.

Regards,
-Tony



- Original Message 
From: Pid p...@pidster.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Tue, July 20, 2010 10:11:39 AM
Subject: Re: APR  Tomcat...

On 19/07/2010 22:21, Tony Anecito wrote:
 Hi Pid
 
 First off I get a little red x in the upper left hand corner of the web page.

Excellent technical description of the problem.  Is it the response
status 404 or a 500, I wonder?


 Yep I agree maybe an upgrade to the latest Tomcat and APR might accomplish 
 fixing the problem but silly me I like to understand an issue before I 
upgrade.

I didn't say it would, but silly me I like to advise people to stay
current, to gain the benefit of bug and security fixes.


 APR==httpd at least that is what the Apache Web site says and the acronym I 
 put 

 up on the title page is about. The Apache Web server group disavow any 
knowledge 

 of APR since they say the Tomcat Group developed to to replace Apache Web 
 Server.

It's been explained elsewhere in the thread that this is incorrect, but
I'm curious to know where you read that the HTTPD 'group' disavowed APR?


 What little info I could find seems to indicate APR uses the ROOT directory  
 under Webapps for html based apps.
 
 I will probably go back to Apache Web server as a separate tier. I was trying 
to 

 get better performance using APR + Tomcat and saw some but not enough to 
justify 

 the advantages of a seperate tier.


I can't seem to see whether your original problem has actually been
resolved or not, did you manage to determine what was happening or not?


p


 Best Regards,
 -Tony
 
 
 
 - Original Message 
 From: Pid p...@pidster.com
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Mon, July 19, 2010 3:05:41 PM
 Subject: Re: APR  Tomcat...
 
 On 19/07/2010 19:44, Tony Anecito wrote:
 Hi All,

 I have been having odd issues with APR  Tomcat (6.0.20) since I set it up a 
 while ago. I am seeing:
 
 Time for an upgrade.
 
 1. Sometimes on the first try to get images from a page where the images are 
 assigned a sub domain via a host tag I get a red x. Hitting refresh seems to 
 retrieve the images. The images are in a subfolder off of the ROOT folder of 
 tomcat.
 
 Can you reproduce the problem?
 
 What does the client actually see?
 
 You can use a browser tool to find out, e.g. Firebug in Firefox.
 Fiddler, ieHttpHeaders in IE, the built-in developer tools in Safari/Chrome.
 
 What does the server actually send?  You didn't state your OS (tsk) but
 there are tools available for most OS which will allow you to monitor
 network traffic at the server. (e.g. Wireshark).
 
 2. I get a file not found off of another folder where the file is a jnlp 
file.


 So is there any type of directory tag (allow, deny ect) I should be using 
 for 

 the sub folders off or ROOT? When I used Apache Web server I set those up 
 but 

 then I was not using a Host tag either. But for APR I did not set up any 
 type 

 directory tags.
 
 No there isn't.  Tomcat != Apache HTTPD.
 
 Security permissions are set in the ROOT/WEB-INF/web.xml, as per the
 Servlet Spec.
 
 
 p
 
 If I need the directory tags where would I put them?

 Thanks,
 -Tony


      

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

 
 
      




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-20 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chuck,

On 7/19/2010 11:50 PM, Caldarale, Charles R wrote:
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Subject: Re: APR  Tomcat...

 My tests show that use of sendFile is dramatically faster 
 than without.

 Was that vs BIO or NIO?  As I recall, there is no sendFile capability in BIO, 
 so both NIO and APR should beat that.

BIO = JIO, right? Too many TLAs.

The NIO and APR connectors support sendFile, but the blocking, vanilla
Java connector does not. sendFile, in both the NIO and APR connectors,
gives a significant performance improvement. So, you're right, it's not
APR's magic, but the magic of sendFile in either case.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxF4mYACgkQ9CaO5/Lv0PDnAQCggQqYH8rZ4MgWs96fAaoI0KXW
NPsAoLkQepKjXBNJ4RdzYnGjt5m8Eh/j
=rEM7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-20 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tony,

On 7/20/2010 12:35 AM, Tony Anecito wrote:
 Interesting. I saw that when a static file was around 21K or below a dramatic 
 improvement in recorded time in the log for APR. I have not tried with 
 regular 
 Apache Web Server to see what I get.

I should get off my ass and publish my benchmarking results. These
Tomcat knuckleheads keep releasing new versions, and I feel like I
should repeat my tests with the latest version. :(

Soon. Maybe.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxF4qQACgkQ9CaO5/Lv0PCaEgCfePU71YPyDFCPi8dhXyQa+WWZ
haIAn3x04yVH94WKjRyRvaAlFis3C+QV
=E0HG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-20 Thread Tony Anecito

Do not worry my friends did not believe me till I sent the before/after logs 
even then they argued about physics and the speed of light :-) Where is 
Einstein 
when you need him?

-Tony



- Original Message 
From: Christopher Schultz ch...@christopherschultz.net
To: Tomcat Users List users@tomcat.apache.org
Sent: Tue, July 20, 2010 11:53:40 AM
Subject: Re: APR  Tomcat...

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tony,

On 7/20/2010 12:35 AM, Tony Anecito wrote:
 Interesting. I saw that when a static file was around 21K or below a dramatic 
 improvement in recorded time in the log for APR. I have not tried with 
 regular 

 Apache Web Server to see what I get.

I should get off my ass and publish my benchmarking results. These
Tomcat knuckleheads keep releasing new versions, and I feel like I
should repeat my tests with the latest version. :(

Soon. Maybe.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxF4qQACgkQ9CaO5/Lv0PCaEgCfePU71YPyDFCPi8dhXyQa+WWZ
haIAn3x04yVH94WKjRyRvaAlFis3C+QV
=E0HG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-20 Thread Caldarale, Charles R

 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Subject: Re: APR  Tomcat...

  Was that vs BIO or NIO?  As I recall, there is no sendFile 
  capability in BIO, so both NIO and APR should beat that.

 BIO = JIO, right? Too many TLAs.

The Tomcat doc refers to the original Connector implementation as BIO, not 
JIO.  Using JIO is ambiguous, since both BIO and JIO are pure Java.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

Re: APR Tomcat...

2010-07-19 Thread Pid

On 19/07/2010 19:44, Tony Anecito wrote:
 Hi All,
 
 I have been having odd issues with APR  Tomcat (6.0.20) since I set it up a 
 while ago. I am seeing:

Time for an upgrade.

 1. Sometimes on the first try to get images from a page where the images are 
 assigned a sub domain via a host tag I get a red x. Hitting refresh seems to 
 retrieve the images. The images are in a subfolder off of the ROOT folder of 
 tomcat.

Can you reproduce the problem?

What does the client actually see?

You can use a browser tool to find out, e.g. Firebug in Firefox.
Fiddler, ieHttpHeaders in IE, the built-in developer tools in Safari/Chrome.

What does the server actually send?  You didn't state your OS (tsk) but
there are tools available for most OS which will allow you to monitor
network traffic at the server. (e.g. Wireshark).

 2. I get a file not found off of another folder where the file is a jnlp file.
 
 
 So is there any type of directory tag (allow, deny ect) I should be using for 
 the sub folders off or ROOT? When I used Apache Web server I set those up but 
 then I was not using a Host tag either. But for APR I did not set up any type 
 directory tags.

No there isn't.  Tomcat != Apache HTTPD.

Security permissions are set in the ROOT/WEB-INF/web.xml, as per the
Servlet Spec.


p

 If I need the directory tags where would I put them?
 
 Thanks,
 -Tony
 
 
   
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




signature.asc
Description: OpenPGP digital signature

Re: APR Tomcat...

2010-07-19 Thread Tony Anecito

Hi Pid

First off I get a little red x in the upper left hand corner of the web page.

Yep I agree maybe an upgrade to the latest Tomcat and APR might accomplish 
fixing the problem but silly me I like to understand an issue before I upgrade.

APR==httpd at least that is what the Apache Web site says and the acronym I put 
up on the title page is about. The Apache Web server group disavow any 
knowledge 
of APR since they say the Tomcat Group developed to to replace Apache Web 
Server.

What little info I could find seems to indicate APR uses the ROOT directory  
under Webapps for html based apps.

I will probably go back to Apache Web server as a separate tier. I was trying 
to 
get better performance using APR + Tomcat and saw some but not enough to 
justify 
the advantages of a seperate tier.

Best Regards,
-Tony



- Original Message 
From: Pid p...@pidster.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Mon, July 19, 2010 3:05:41 PM
Subject: Re: APR  Tomcat...

On 19/07/2010 19:44, Tony Anecito wrote:
 Hi All,
 
 I have been having odd issues with APR  Tomcat (6.0.20) since I set it up a 
 while ago. I am seeing:

Time for an upgrade.

 1. Sometimes on the first try to get images from a page where the images are 
 assigned a sub domain via a host tag I get a red x. Hitting refresh seems to 
 retrieve the images. The images are in a subfolder off of the ROOT folder of 
 tomcat.

Can you reproduce the problem?

What does the client actually see?

You can use a browser tool to find out, e.g. Firebug in Firefox.
Fiddler, ieHttpHeaders in IE, the built-in developer tools in Safari/Chrome.

What does the server actually send?  You didn't state your OS (tsk) but
there are tools available for most OS which will allow you to monitor
network traffic at the server. (e.g. Wireshark).

 2. I get a file not found off of another folder where the file is a jnlp file.
 
 
 So is there any type of directory tag (allow, deny ect) I should be using for 
 the sub folders off or ROOT? When I used Apache Web server I set those up but 
 then I was not using a Host tag either. But for APR I did not set up any type 
 directory tags.

No there isn't.  Tomcat != Apache HTTPD.

Security permissions are set in the ROOT/WEB-INF/web.xml, as per the
Servlet Spec.


p

 If I need the directory tags where would I put them?
 
 Thanks,
 -Tony
 
 
      
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-19 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tony,

On 7/19/2010 5:21 PM, Tony Anecito wrote:
 First off I get a little red x in the upper left hand corner of the web page.

For the whole page? I thought this was an image problem.

 Yep I agree maybe an upgrade to the latest Tomcat and APR might accomplish 
 fixing the problem but silly me I like to understand an issue before I 
 upgrade.

Upgrading is a good idea, but is unlikely to magically fix everything.
I'm unaware of any huge bugs in Tomcat 6.0.20 like web server doesn't
work at all.

 APR==httpd at least that is what the Apache Web site says and the acronym I 
 put 
 up on the title page is about. The Apache Web server group disavow any 
 knowledge 
 of APR since they say the Tomcat Group developed to to replace Apache Web 
 Server.

APR != httpd

The Tomcat Group neither developed APR nor did they do it to undercut
anything the httpd group is doing. On the contrary, libapr is a project
to help many other projects, including httpd itself.

http://apr.apache.org/
http://apr.apache.org/projects.html
http://en.wikipedia.org/wiki/Apache_Portable_Runtime

 What little info I could find seems to indicate APR uses the ROOT directory  
 under Webapps for html based apps.

APR does nothing of the sort. APR essentially provides two major
capabilities to Tomcat:

1. SSL services using OpenSSL library instead of Java-based SSL
2. Sendfile services to serve static content directly from
disk-to-socket with minimal overhead

Both of these features are configured on a Connector in Tomcat and
will work with any webapp deployed into the container. It has nothing to
do with ROOT or any other specific webapp.

 I will probably go back to Apache Web server as a separate tier. I was trying 
 to 
 get better performance using APR + Tomcat and saw some but not enough to 
 justify 
 the advantages of a seperate tier.

Apache httpd + Tomcat will always be slower than simply using Tomcat +
APR/sendfile because of the overhead involved in forwarding the requests
back and forth. The only exception might be a site which is almost
exclusively static content and only one or two dynamic resources. In
that case, I might ask why that person was using Java in the first place ;)

There certainly are reasons to use Apache httpd out in front of Tomcat,
but performance isn't one of them.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxEyOAACgkQ9CaO5/Lv0PD+ngCdGoi80vMKrjB7UMP9kQKyLaS3
X/UAnjslqqAnc7796Xr14ic5cDEckPYl
=vtNH
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-19 Thread Tony Anecito

For each image I would get a small red x. When I hit refresh and it then 
display 
them.

Comments like this on Confluence web site for example explain:

After a bit of Googling came across this:
Apache Portable Runtime to provide superior scalability, performance for 
Tomcat 6.
There are comments that when using the APR Tomcat will server static content on 
par with Apache (httpd) server speeds - though I haven't been able to 
personally 
verify this just yet.
 
Or from the Tomcat site itself http://tomcat.apache.org/tomcat-5.5-doc/apr.html:
 
Tomcat can use the Apache Portable Runtime to provide superior scalability, 
performance, and better integration with native server technologies. The Apache 
Portable Runtime is a highly portable library that is at the heart of Apache 
HTTP Server 2.x. APR has many uses, including access to advanced IO 
functionality (such as sendfile, epoll and OpenSSL), OS level functionality 
(random number generation, system status, etc), and native process handling 
(shared memory, NT pipes and Unix sockets). 

These features allows making Tomcat a general purpose webserver, will enable 
much better integration with other native web technologies, and overall make 
Java much more viable as a full fledged webserver platform rather than simply 
a 
backend focused technology. 

So as to say the Tomcat group did not want to compete why build the APR?

In either case it does not matter for me but I do appreciate the feedback.

Regards,
-Tony


- Original Message 
From: Christopher Schultz ch...@christopherschultz.net
To: Tomcat Users List users@tomcat.apache.org
Sent: Mon, July 19, 2010 3:51:28 PM
Subject: Re: APR  Tomcat...

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tony,

On 7/19/2010 5:21 PM, Tony Anecito wrote:
 First off I get a little red x in the upper left hand corner of the web page.

For the whole page? I thought this was an image problem.

 Yep I agree maybe an upgrade to the latest Tomcat and APR might accomplish 
 fixing the problem but silly me I like to understand an issue before I 
upgrade.

Upgrading is a good idea, but is unlikely to magically fix everything.
I'm unaware of any huge bugs in Tomcat 6.0.20 like web server doesn't
work at all.

 APR==httpd at least that is what the Apache Web site says and the acronym I 
 put 

 up on the title page is about. The Apache Web server group disavow any 
knowledge 

 of APR since they say the Tomcat Group developed to to replace Apache Web 
 Server.

APR != httpd

The Tomcat Group neither developed APR nor did they do it to undercut
anything the httpd group is doing. On the contrary, libapr is a project
to help many other projects, including httpd itself.

http://apr.apache.org/
http://apr.apache.org/projects.html
http://en.wikipedia.org/wiki/Apache_Portable_Runtime

 What little info I could find seems to indicate APR uses the ROOT directory  
 under Webapps for html based apps.

APR does nothing of the sort. APR essentially provides two major
capabilities to Tomcat:

1. SSL services using OpenSSL library instead of Java-based SSL
2. Sendfile services to serve static content directly from
disk-to-socket with minimal overhead

Both of these features are configured on a Connector in Tomcat and
will work with any webapp deployed into the container. It has nothing to
do with ROOT or any other specific webapp.

 I will probably go back to Apache Web server as a separate tier. I was trying 
to 

 get better performance using APR + Tomcat and saw some but not enough to 
justify 

 the advantages of a seperate tier.

Apache httpd + Tomcat will always be slower than simply using Tomcat +
APR/sendfile because of the overhead involved in forwarding the requests
back and forth. The only exception might be a site which is almost
exclusively static content and only one or two dynamic resources. In
that case, I might ask why that person was using Java in the first place ;)

There certainly are reasons to use Apache httpd out in front of Tomcat,
but performance isn't one of them.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxEyOAACgkQ9CaO5/Lv0PD+ngCdGoi80vMKrjB7UMP9kQKyLaS3
X/UAnjslqqAnc7796Xr14ic5cDEckPYl
=vtNH
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-19 Thread Dale Ogilvie

 
Reasons to use httpd being what? We historically have used httpd and
mod_proxy_ajp, but less being more I'm considering a tomcat only setup. 

The reason we used httpd in the past was httpd serves static content
better.

One other reason that comes to mind is httpd url rewrite support,
assuming tomcat can't help in this area. Any others?

Dale

/still hoping my tomcat download license doesn't get revoked before
tomcat 7 is released/

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Tuesday, 20 July 2010 9:51 a.m.
To: Tomcat Users List
Subject: Re: APR  Tomcat...

There certainly are reasons to use Apache httpd out in front of Tomcat,
but performance isn't one of them.

- -chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-19 Thread Tony Anecito

I used APR for performance reasons. I was running Apache Web Server and Tomcat 
on the same physical windows server. I mentioned what configuration might be 
faster and was told APR native with Tomcat and it was faster. I might have gone 
from 1.5 to 1.0 milliseconds for JAXWS requests.

The disadvantages are such as when Tomcat is taken down so does your static 
content. Apache Web Server is probably updated more frequently than APR Native. 
I am guessing better security for Apache Web Server versus APR and probably 
more 
that the Tomcat and Apache Web Server teams can agree upon such as load 
balancing.

So APR Native was an experiment for me not a final solution. Time to go back to 
reality.

Thanks,
-Tony



- Original Message 
From: Dale Ogilvie dale.ogil...@trimble.co.nz
To: Tomcat Users List users@tomcat.apache.org
Sent: Mon, July 19, 2010 5:42:39 PM
Subject: RE: APR  Tomcat...


Reasons to use httpd being what? We historically have used httpd and
mod_proxy_ajp, but less being more I'm considering a tomcat only setup. 

The reason we used httpd in the past was httpd serves static content
better.

One other reason that comes to mind is httpd url rewrite support,
assuming tomcat can't help in this area. Any others?

Dale

/still hoping my tomcat download license doesn't get revoked before
tomcat 7 is released/

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Tuesday, 20 July 2010 9:51 a.m.
To: Tomcat Users List
Subject: Re: APR  Tomcat...

There certainly are reasons to use Apache httpd out in front of Tomcat,
but performance isn't one of them.

- -chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-19 Thread Richard Maynard

Next experiment can be Varnish in front of Tomcat with APR :) 

I'm having a lot of fun with it with mostly stateless apps and to optimize some 
test projects, but haven't had an opportunity to deploy it in any large 
configuration. It provides a lot of great features and can really be used to 
tune the heck out of static and semi-static content!

--
Richard Maynard

-Original Message-
From: Tony Anecito [mailto:adanec...@yahoo.com] 
Sent: Monday, July 19, 2010 7:42 PM
To: Tomcat Users List
Subject: Re: APR  Tomcat...

I used APR for performance reasons. I was running Apache Web Server and Tomcat 
on the same physical windows server. I mentioned what configuration might be 
faster and was told APR native with Tomcat and it was faster. I might have gone 
from 1.5 to 1.0 milliseconds for JAXWS requests.

The disadvantages are such as when Tomcat is taken down so does your static 
content. Apache Web Server is probably updated more frequently than APR Native. 
I am guessing better security for Apache Web Server versus APR and probably 
more 
that the Tomcat and Apache Web Server teams can agree upon such as load 
balancing.

So APR Native was an experiment for me not a final solution. Time to go back to 
reality.

Thanks,
-Tony



- Original Message 
From: Dale Ogilvie dale.ogil...@trimble.co.nz
To: Tomcat Users List users@tomcat.apache.org
Sent: Mon, July 19, 2010 5:42:39 PM
Subject: RE: APR  Tomcat...


Reasons to use httpd being what? We historically have used httpd and
mod_proxy_ajp, but less being more I'm considering a tomcat only setup. 

The reason we used httpd in the past was httpd serves static content
better.

One other reason that comes to mind is httpd url rewrite support,
assuming tomcat can't help in this area. Any others?

Dale

/still hoping my tomcat download license doesn't get revoked before
tomcat 7 is released/

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Tuesday, 20 July 2010 9:51 a.m.
To: Tomcat Users List
Subject: Re: APR  Tomcat...

There certainly are reasons to use Apache httpd out in front of Tomcat,
but performance isn't one of them.

- -chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is 
prohibited.
If you receive this transmission in error, please notify us immediately by 
e-mail
at ab...@rackspace.com, and delete the original message.
Your cooperation is appreciated.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-19 Thread Caldarale, Charles R

 From: Tony Anecito [mailto:adanec...@yahoo.com]
 Subject: Re: APR  Tomcat...

 So as to say the Tomcat group did not want to compete 
 why build the APR?

Tomcat people did not create it - APR has been around for years.  It's part of 
many products (e.g., subversion).

What the Tomcat group did was provide a JNI interface to APR to allow its use 
with Tomcat directly, primarily because OpenSSL is much faster than the pure 
Java SSE equivalent.  APR provides no significant benefits for unencrypted 
content.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-19 Thread Caldarale, Charles R

 From: Dale Ogilvie [mailto:dale.ogil...@trimble.co.nz]
 Subject: RE: APR  Tomcat...

 Reasons to use httpd being what?

Serving PHP and as a poor man's load balancer, for starters.

 The reason we used httpd in the past was httpd serves 
 static content better.

Which hasn't been true for some years.

 One other reason that comes to mind is httpd url rewrite support,

The equivalent for Tomcat is here:
http://www.tuckey.org/urlrewrite/

 /still hoping my tomcat download license doesn't get 
 revoked before tomcat 7 is released/

Too late: Tomcat 7 has been released - albeit still beta.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-19 Thread Caldarale, Charles R

 From: Tony Anecito [mailto:adanec...@yahoo.com]
 Subject: Re: APR  Tomcat...

 The disadvantages are such as when Tomcat is taken down 
 so does your static content.

So why are you taking Tomcat down?  Doctor, doctor, it hurts when I do this!

 I am guessing better security for Apache Web Server 
 versus APR

You're right - you're guessing.  There's no evidence to support that conjecture.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-19 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chuck,

On 7/19/2010 9:57 PM, Caldarale, Charles R wrote:
 From: Tony Anecito [mailto:adanec...@yahoo.com]
 Subject: Re: APR  Tomcat...

 So as to say the Tomcat group did not want to compete 
 why build the APR?

 Tomcat people did not create it - APR has been around for years.
 It's part of many products (e.g., subversion).

 What the Tomcat group did was provide a JNI interface to APR to allow
 its use with Tomcat directly, primarily because OpenSSL is much
 faster than the pure Java SSE equivalent.  APR provides no
 significant benefits for unencrypted content.

My tests show that use of sendFile is dramatically faster than without.
I did not benchmark SSL.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxFGgYACgkQ9CaO5/Lv0PCMCQCgt4f7Banncs4EqYkSE23Uk7CA
k58An1LIVEB4vtipQpkLdkvIfjuzi50y
=1ya/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: APR Tomcat...

2010-07-19 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dale,

On 7/19/2010 7:42 PM, Dale Ogilvie wrote:
 Reasons to use httpd being what?

Here are a few ideas:

1. Load balancing
2. Use of mixed Java and non-Java webapps (PHP, Perl, etc.)
3. Use of multiple Tomcat instances behind a single web server

If I thought about it, I could come up with a few more.

 We historically have used httpd and
 mod_proxy_ajp, but less being more I'm considering a tomcat only setup. 

Tomcat-only is a great setup when you have a non-complicated
environment. If you can do it, I'd say go for it. Fewer attack
vectors, fewer packages to keep up-to-date, etc. Just remember to use
APR+sendFile ;) Or even NIO+sendFile.

 The reason we used httpd in the past was httpd serves static content
 better.

That reason is no longer valid with a proper configuration.

 One other reason that comes to mind is httpd url rewrite support,
 assuming tomcat can't help in this area. Any others?

tuckey's urlrewrite, though mod_rewrite is much more chainsawy than
urlrewrite.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxFGwIACgkQ9CaO5/Lv0PAtCgCfQhy1SRwitWFe/YIcPYLLhp/G
l3EAn1Xl0vj98K8+uLCR/XBN5W5fGs7Q
=+w6j
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: APR Tomcat...

2010-07-19 Thread Caldarale, Charles R

 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Subject: Re: APR  Tomcat...

 My tests show that use of sendFile is dramatically faster 
 than without.

Was that vs BIO or NIO?  As I recall, there is no sendFile capability in BIO, 
so both NIO and APR should beat that.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

1 2 >

1 - 100 of 197 matches

Mail list logo