tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Cannot rid of expired Certificate ...
Date Mon, 23 Jan 2012 10:46:02 GMT
Andrew Erskine wrote:
> Not sure what APR is ?
To save someone else the time :

See :

In essence, "APR" is a software library which contains a number of TCP-socket-related 
functions which /can/ be used by software applications (such as Apache httpd and Tomcat),

as a replacement for similar platform-specific functions, to provide more uniformity.

In the case of Tomcat : by default, Tomcat, for its Connectors, uses the network-related 
functions provided by the Java JVM (e.g., to open a listening socket for a Connector). 
However, if Tomcat detects the availability of the APR library when it starts, it will 
switch to using this library instead.
The APR implementation is supposed to be more efficient and faster.

The importance of this, in the current context, is that there is a difference regarding 
SSL (HTTPS) : the standard JVM functions use the Java JVM's implementation of SSL, while 
APR functions use the OpenSSL library.  This matters because the relevant Connector 
attributes are different in each case (and also probably where the software looks for 
"things" like keystore etc..).

You can see if on your system Tomcat has found (and is using) the APR library or not, by 
examining the Tomcat logfiles : at startup, Tomcat will print a warning if it did not find


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message