> Jesse, > > On 6/4/15 12:49 PM, Christopher Schultz wrote: > > Jesse, > > > > On 6/4/15 11:43 AM, Jesse Defer wrote: > >> I am getting the following error from native on Tomcat startup: > >> /usr/local/java/latest7/bin/java: symbol lookup error: > >> /usr/local/apr/lib/libtcnative-1.so.0.1.33: undefined symbol: > >> SSL_CTX_clear_extra_chain_certs > > > >> SSL_CTX_clear_extra_chain_certs does not appear to be part of the > >> RHEL5 distributed OpenSSL 0.9.8. There are no compile > >> warnings/errors from native, > > > >> RHEL5.11 Tomcat 6.0.44 APR 1.5.1 > > > >> Have the OpenSSL version requirements changed? > > > > Are you sure your compile-time and run-time versions of OpenSSL are > > the same? > > > > I'm having trouble finding minimum-version information about > > SSL_CTX_clear_extra_chain_certs. Can you check in openssl.h (and > > whatever else it includes on your system) to see if that function is > > defined? > > > > On my Mac, I've got 0.9.8zd plus 1.0.1j and 1.0.2a. Only the 1.0.1 and > > 1.0.2 versions have that function defined, but it's actually a macro > > pointing to SSL_CTX_ctrl with some default parameters. > > > > So I'm surprised that you're seeing > > SSL_CTX_clear_extra_chain_certs being called a "symbol", since the > > compiler should be replacing it with something else. Well, if it's not > > defined at all, it might assume it's a function with no prototype and > > just assume that at runtime things will work-out. > > Looks like not. > > > > Re-check your compiler logs: I think you'll find a warning about an > > unresolved symbol. Probably with the linker, too. But it will only be > > a warning, depending upon the compiler flags. > > > > sslutils:245 uses that macro: > > > > SSL_CTX_clear_extra_chain_certs(ctx); > > > > Perhaps we need to add a version-check around that, and then define > > the macro as OpenSSL does if necessary. > > > > Can you add a Bugzilla issue for this? Feel free to reference this > > mailing list thread. > > > > -chris > > In the meantime, can you throw this into tcnative.h at the bottom, and re- > build everything? > > #define SSL_CTX_clear_extra_chain_certs(ctx) \ > SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) > > See if that works for you. > > - -chris
It compiled and it doesn't throw the missing symbol errors anymore. Everything seems to work but I will continue to test. I had to add (pulled from openssl 1.0.1): #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 Jesse