Bug 59024

Summary: Tomcat Native uses OPENSSL_VERSION_TEXT for run-time OpenSSL version number instead of SSLeay_version(SSLEAY_VERSION)
Product: Tomcat Native Reporter: Glen K <gkiessling>
Component: LibraryAssignee: Tomcat Developers Mailing List <dev>
Severity: minor    
Priority: P2    
Version: 1.2.4   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Glen K 2016-02-17 22:27:14 UTC
When Tomcat Native is dynamically linked with OpenSSL, the same OpenSSL version number is reported in catalina.out when Tomcat is started up even after the shared OpenSSL libraries are replaced with different versions. For example, if Tomcat Native was built with OpenSSL version 1.0.2d, the following will appear in catalina.out whenever Tomcat is started even if the shared OpenSSL library actually being used is version 1.0.2f:

INFO: OpenSSL successfully initialized (OpenSSL 1.0.2d 9 Jul 2015)

This is because the OPENSSL_VERSION_TEXT macro that's defined in openssl/opensslv.h is used to report the version number instead of the value returned by the SSLeay_version() function defined in crypto.h.

The fix for this is simple: replace "OPENSSL_VERSION_TEXT" in the definition of versionString() in /native/src/ssl.c with "SSLeay_version(SSLEAY_VERSION)" so that it looks like this:

TCN_IMPLEMENT_CALL(jstring, SSL, versionString)(TCN_STDARGS)
    return AJP_TO_JSTRING(SSLeay_version(SSLEAY_VERSION));

I have verified this fix works with Tomcat Native 1.2.4 built on CentOS 6.7.
Comment 1 Rainer Jung 2016-02-18 07:36:20 UTC
Thanks for the report. I have tweaked to change a bit to make it compatible with OpenSSL 1.1.0 as well and I have also changed version() for OpenSSL 1.1.0.

This will be part of the next tcnative release 1.2.5 and - if we release 1.1.x again - also of 1.1.35.

Change revisions are r1731004 + r1731006 (1.2.x) resp. r1731007 (1.1.x).