Building the tomcat-native library from source on a Linux distro with LibreSSL results in the following error during make: src/ssl.c: In function 'Java_org_apache_tomcat_jni_SSL_initialize': src/ssl.c:692:37: error: 'ENGINE_CTRL_CHIL_SET_FORKCHECK' undeclared (first use in this function) ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); ^ src/ssl.c:692:37: note: each undeclared identifier is reported only once for each function it appears in /usr/local/server/src/tomcat-native-1.1.33-src/jni/native/build/rules.mk:206: recipe for target 'src/ssl.lo' failed Suggested fix: Check for LibreSSL, which doesn't have macro ENGINE_CTRL_CHIL_SET_FORKCHECK (or the chil engine, from researching the issue) If it helps, this same issue was found with building Apache HTTPD and resolved: https://bz.apache.org/bugzilla/show_bug.cgi?id=57375 The committed fix can be found here: https://svn.apache.org/viewvc?view=revision&revision=1673900
For the record, I don't think LibreSSL is currently supported. That said, I for one think LibreSSL should *definitely* be supported. Can you give us some details about the build environment? Specifically, what version of LibreSSL?
This looks like an easy enough bug to fix. I'd like to know what we're losing by not setting that particular check. Does anyone know off the top of their head what that flag does? If not, I'll research it.
Thanks for looking into this, Christopher. I'm building this on Void GNU/Linux x86_64, with LibreSSL version 2.2.3 I'm building this against APR version 1.5.2 (which built without issue and works as expected with HTTPD). Here are my configure options for tomcat-native: ./configure --prefix=/usr/local/server/lib/tomcat-native/v1.1.33 \ --sysconfdir=/etc/local/server/lib/tomcat-native/v1.1.33 \ --localstatedir=/var/local/server/lib/tomcat-native/v1.1.33/state/local \ --sharedstatedir=/var/local/server/lib/tomcat-native/v1.1.33/state/shared \ --with-apr=/usr/local/server/lib/apr/v1.5.2 \ --with-java-home=$JAVA_HOME \ --with-ssl=/usr I also tried --with-ssl=/usr/include, but the end result was the same (not that I thought it would make a difference- Apache products have been historically quite good at finding dependencies). Thanks again!
Hi, Is there any update to this issue?
Keep in mind that Tomcat Native requires OpenSSL 1.0.2 but LibreSSL has not fully implemented the 1.0.2 API. The most obvious missing feature is that Java keystores cannot be used.