Bug 58434

Summary: Make Fails Against LibreSSL
Product: Tomcat Native Reporter: Antonio Malcolm <antonio.malcolm>
Component: LibraryAssignee: Tomcat Developers Mailing List <dev>
Severity: normal CC: antonio.malcolm
Priority: P2    
Version: 1.1.33   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Antonio Malcolm 2015-09-21 06:32:35 UTC
Building the tomcat-native library from source on a Linux distro with LibreSSL results in the following error during make:

src/ssl.c: In function 'Java_org_apache_tomcat_jni_SSL_initialize':
src/ssl.c:692:37: error: 'ENGINE_CTRL_CHIL_SET_FORKCHECK' undeclared (first use in this function)
                     ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
src/ssl.c:692:37: note: each undeclared identifier is reported only once for each function it appears in
/usr/local/server/src/tomcat-native-1.1.33-src/jni/native/build/rules.mk:206: recipe for target 'src/ssl.lo' failed

Suggested fix: Check for LibreSSL, which doesn't have macro ENGINE_CTRL_CHIL_SET_FORKCHECK (or the chil engine, from researching the issue)

If it helps, this same issue was found with building Apache HTTPD and resolved:

The committed fix can be found here:
Comment 1 Christopher Schultz 2015-09-21 23:57:54 UTC
For the record, I don't think LibreSSL is currently supported.

That said, I for one think LibreSSL should *definitely* be supported.

Can you give us some details about the build environment? Specifically, what version of LibreSSL?
Comment 2 Christopher Schultz 2015-09-21 23:59:43 UTC
This looks like an easy enough bug to fix. I'd like to know what we're losing by not setting that particular check. Does anyone know off the top of their head what that flag does?

If not, I'll research it.
Comment 3 Antonio Malcolm 2015-09-22 00:16:13 UTC
Thanks for looking into this, Christopher.

I'm building this on Void GNU/Linux x86_64, with LibreSSL version 2.2.3
I'm building this against APR version 1.5.2 (which built without issue and works as expected with HTTPD).

Here are my configure options for tomcat-native:

./configure --prefix=/usr/local/server/lib/tomcat-native/v1.1.33 \
--sysconfdir=/etc/local/server/lib/tomcat-native/v1.1.33 \
--localstatedir=/var/local/server/lib/tomcat-native/v1.1.33/state/local \
--sharedstatedir=/var/local/server/lib/tomcat-native/v1.1.33/state/shared \
--with-apr=/usr/local/server/lib/apr/v1.5.2 \
--with-java-home=$JAVA_HOME \

I also tried --with-ssl=/usr/include, but the end result was the same (not that I thought it would make a difference- Apache products have been historically quite good at finding dependencies).

Thanks again!
Comment 4 Antonio Malcolm 2016-06-12 19:13:28 UTC
Is there any update to this issue?
Comment 5 Mark Thomas 2017-08-23 17:40:08 UTC
Keep in mind that Tomcat Native requires OpenSSL 1.0.2 but LibreSSL has not fully implemented the 1.0.2 API.

The most obvious missing feature is that Java keystores cannot be used.