'Tomcat 7.0.88 APR/Native with PKCS11 support'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Tomcat 7.0.88 APR/Native with PKCS11 support
From:       shanthi thomas <elizatom () yahoo ! com ! INVALID>
Date:       2018-05-19 20:36:20
Message-ID: 1572870256.3192394.1526762180679 () mail ! yahoo ! com
[Download RAW message or body]


Hi,     I'm attempting to use Tomcat APR/Native SSL connectors with openssl and a \
custom engine corresponding to an HSM provider (AWS CLoudHSM)   TOmcat version \
:7.0.88APR Version: 1.5.2Tomcat Native   Library Version:1.2.16OS: Linux (Amazon \
Linux) 4.14.33-51.34.amzn1.x86_64Java Version :  1.8.0_171-b11 The APRLifeCycle \
Listener in server.xml   is set as follows:<Server port="8005" shutdown="SHUTDOWN">   \
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />   <!-- \
Security listener. Documentation at /docs/config/listeners.html   <Listener \
className="org.apache.catalina.security.SecurityListener" />   -->   <!--APR library \
loader. Documentation at /docs/apr.html -->   -<Listener \
                className="org.apache.catalina.core.AprLifecycleListener" \
                SSLEngine="cloudhsm"/>
............


But I get the exception below:INFO: Loaded APR based Apache Tomcat Native library \
1.2.16 using APR version 1.5.2.May 19, 2018 8:26:51 PM \
org.apache.catalina.core.AprLifecycleListener lifecycleEventINFO: APR capabilities: \
IPv6 [true], sendfile [true], accept filters [false], random [true].May 19, 2018 \
8:26:51 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventSEVERE: Failed \
to initialize the SSLEngine.org.apache.tomcat.jni.Error: 70023: This function has not \
been implemented on this platform            at \
org.apache.tomcat.jni.SSL.initialize(Native Method)            at \
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)            at \
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)         \
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) \
at java.lang.reflect.Method.invoke(Method.java:498)            at \
java.lang.reflect.Method.invoke(Method.java:498)            at \
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:286) \
at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:137) \
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) \
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)   \
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388)    \
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)            at \
org.apache.catalina.startup.Catalina.load(Catalina.java:654)            at \
org.apache.catalina.startup.Catalina.load(Catalina.java:679)            at \
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)            at \
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)         \
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) \
at java.lang.reflect.Method.invoke(Method.java:498)            ....... I've set the \
native .so libraries from the HSM provider under /usr/lib64 which is on the Tomcat \
java.library.path (since the APR and native libraries are in the same path)

BTW I'm able to use openssl on the same machine from the command-line with the \
-engine cloudhsm option.   Is there something else that is needed or missing to get \
this working? I noticed another theread in this forum asking a similar question but \
the resolution was not present -  \
http://grokbase.com/t/tomcat/users/147asb8xhd/apr-with-pkcs11-support \
Thanks,Elizabeth



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic