On Mon, Oct 7, 2019 at 4:59 PM Mark Thomas <markt@apache.org> wrote:
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove APR connector

+1

> This proposal does not recommend the removal of libtcnative. Only the
> removal of the APR connector, the APR lifecycle listener, and the
> associated native code required to support those components.

Yes, we'd need to keep that library going until at least 9.0.x is EOL.

There is then an argument for a new native library that simply wraps
OpenSSL (or ideally any OpenSSL clone). Project Panama may prove useful:
https://openjdk.java.net/projects/panama/

Fun fact: Graal has a more radical way to replace JNI for accesses to native libraries.
It looks like this: https://cornerwings.github.io/2018/07/graal-native-methods/
So let's forget it, but still fun though.

Rémy


Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org