tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shanthi thomas <eliza...@yahoo.com.INVALID>
Subject Tomcat 7.0.88 APR/Native with PKCS11 support
Date Sat, 19 May 2018 20:36:20 GMT
Hi,   I'm attempting to use Tomcat APR/Native SSL connectors with openssl and a custom engine
corresponding to an HSM provider (AWS CLoudHSM) 
TOmcat version :7.0.88APR Version: 1.5.2Tomcat Native  Library Version:1.2.16OS: Linux (Amazon
Linux) 4.14.33-51.34.amzn1.x86_64Java Version : 1.8.0_171-b11
The APRLifeCycle Listener in server.xml  is set as follows:<Server port="8005" shutdown="SHUTDOWN"> 
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />  <!--
Security listener. Documentation at /docs/config/listeners.html  <Listener className="org.apache.catalina.security.SecurityListener"
/>  -->  <!--APR library loader. Documentation at /docs/apr.html -->  -<Listener
className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="cloudhsm"/>
............


But I get the exception below:INFO: Loaded APR based Apache Tomcat Native library 1.2.16 using
APR version 1.5.2.May 19, 2018 8:26:51 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventINFO:
APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].May
19, 2018 8:26:51 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventSEVERE: Failed
to initialize the SSLEngine.org.apache.tomcat.jni.Error: 70023: This function has not been
implemented on this platform        at org.apache.tomcat.jni.SSL.initialize(Native Method) 
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
      at java.lang.reflect.Method.invoke(Method.java:498)        at java.lang.reflect.Method.invoke(Method.java:498) 
      at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:286) 
      at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:137) 
      at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) 
      at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) 
      at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388) 
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)       
at org.apache.catalina.startup.Catalina.load(Catalina.java:654)        at org.apache.catalina.startup.Catalina.load(Catalina.java:679) 
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
      at java.lang.reflect.Method.invoke(Method.java:498)        .......
I've set the native .so libraries from the HSM provider under /usr/lib64 which is on the Tomcat
java.library.path (since the APR and native libraries are in the same path)

BTW I'm able to use openssl on the same machine from the command-line with the -engine cloudhsm
option. 
Is there something else that is needed or missing to get this working?
I noticed another theread in this forum asking a similar question but the resolution was not
present - http://grokbase.com/t/tomcat/users/147asb8xhd/apr-with-pkcs11-support
Thanks,Elizabeth


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message