[Bug 57815] New: Successful build against old OpenSSL leads to runtime error when parsing SSLProtocol

Tue, 14 Apr 2015 19:20:29 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=57815

            Bug ID: 57815
           Summary: Successful build against old OpenSSL leads to runtime
                    error when parsing SSLProtocol
           Product: Tomcat Native
           Version: 1.1.33
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: cry...@yahoo.com

Tomcat Native builds against older versions of OpenSSL, but then throws a
runtime error when parsing SSLProtocol. In my case, building Tomcat Native
1.1.33 on CentOS 6.2 against openssl-1.0.0-20.el6.x86_64 leads to the following
exception when parsing SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" in server.xml, even
on latest CentOS 6.6 when linking openssl-1.0.1e-30.el6.8.x86_64.


 java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is
enabled in the AprLifecycleListener, the AprLifecycleListener has initialised
correctly and that a valid SSLProtocol has been specified
        at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532)
        at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:456)
        at
org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:842)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: java.lang.Exception: Invalid Server SSL Protocol
(error:00000000:lib(0):func(0):reason(0))
        at org.apache.tomcat.jni.SSLContext.make(Native Method)
        at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527)
        ... 16 more


I suspect this same circumstance was reported here:
https://mail-archives.apache.org/mod_mbox/tomcat-users/201412.mbox/%3ccapvtzefzzw9l73d0s4b7rgq8dtxzcjkv8oo9smdqox+awxf...@mail.gmail.com%3e

Tomcat Native should probably have either configure or compile checks for
OpenSSL version or for supported protocols, it should dynamically support these
protocols as it dynamically links OpenSSL, or it should have better runtime
error logging.

No such error or exception occurs if I build and run against OpenSSL 1.0.1m on
CentOS 6.2.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to