Hi, I'm attempting to use Tomcat APR/Native SSL connectors with openssl and a custom engine corresponding to an HSM provider (AWS CLoudHSM) TOmcat version :7.0.88APR Version: 1.5.2Tomcat Native Library Version:1.2.16OS: Linux (Amazon Linux) 4.14.33-51.34.amzn1.x86_64Java Version : 1.8.0_171-b11 The APRLifeCycle Listener in server.xml is set as follows:<Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> -<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="cloudhsm"/> ............
But I get the exception below:INFO: Loaded APR based Apache Tomcat Native library 1.2.16 using APR version 1.5.2.May 19, 2018 8:26:51 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventINFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].May 19, 2018 8:26:51 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventSEVERE: Failed to initialize the SSLEngine.org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:286) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:137) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at org.apache.catalina.startup.Catalina.load(Catalina.java:654) at org.apache.catalina.startup.Catalina.load(Catalina.java:679) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) ....... I've set the native .so libraries from the HSM provider under /usr/lib64 which is on the Tomcat java.library.path (since the APR and native libraries are in the same path) BTW I'm able to use openssl on the same machine from the command-line with the -engine cloudhsm option. Is there something else that is needed or missing to get this working? I noticed another theread in this forum asking a similar question but the resolution was not present - http://grokbase.com/t/tomcat/users/147asb8xhd/apr-with-pkcs11-support Thanks,Elizabeth
