[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: Tomcat 7.0.88 APR/Native with PKCS11 support
From: shanthi thomas <elizatom () yahoo ! com ! INVALID>
Date: 2018-05-19 20:36:20
Message-ID: 1572870256.3192394.1526762180679 () mail ! yahoo ! com
[Download RAW message or body]
Hi, I'm attempting to use Tomcat APR/Native SSL connectors with openssl and a \
custom engine corresponding to an HSM provider (AWS CLoudHSM) TOmcat version \
:7.0.88APR Version: 1.5.2Tomcat Native Library Version:1.2.16OS: Linux (Amazon \
Linux) 4.14.33-51.34.amzn1.x86_64Java Version : 1.8.0_171-b11 The APRLifeCycle \
Listener in server.xml is set as follows:<Server port="8005" shutdown="SHUTDOWN"> \
<Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <!-- \
Security listener. Documentation at /docs/config/listeners.html <Listener \
className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library \
loader. Documentation at /docs/apr.html --> -<Listener \
className="org.apache.catalina.core.AprLifecycleListener" \
SSLEngine="cloudhsm"/>
............
But I get the exception below:INFO: Loaded APR based Apache Tomcat Native library \
1.2.16 using APR version 1.5.2.May 19, 2018 8:26:51 PM \
org.apache.catalina.core.AprLifecycleListener lifecycleEventINFO: APR capabilities: \
IPv6 [true], sendfile [true], accept filters [false], random [true].May 19, 2018 \
8:26:51 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventSEVERE: Failed \
to initialize the SSLEngine.org.apache.tomcat.jni.Error: 70023: This function has not \
been implemented on this platform at \
org.apache.tomcat.jni.SSL.initialize(Native Method) at \
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at \
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) \
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) \
at java.lang.reflect.Method.invoke(Method.java:498) at \
java.lang.reflect.Method.invoke(Method.java:498) at \
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:286) \
at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:137) \
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) \
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) \
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388) \
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101) at \
org.apache.catalina.startup.Catalina.load(Catalina.java:654) at \
org.apache.catalina.startup.Catalina.load(Catalina.java:679) at \
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at \
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) \
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) \
at java.lang.reflect.Method.invoke(Method.java:498) ....... I've set the \
native .so libraries from the HSM provider under /usr/lib64 which is on the Tomcat \
java.library.path (since the APR and native libraries are in the same path)
BTW I'm able to use openssl on the same machine from the command-line with the \
-engine cloudhsm option. Is there something else that is needed or missing to get \
this working? I noticed another theread in this forum asking a similar question but \
the resolution was not present - \
http://grokbase.com/t/tomcat/users/147asb8xhd/apr-with-pkcs11-support \
Thanks,Elizabeth
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic