Bug 63671 - libtcnative does not compile with OpenSSL < 1.1.0 and APR w/o threading support
Summary: libtcnative does not compile with OpenSSL < 1.1.0 and APR w/o threading support
Status: RESOLVED FIXED
Alias: None
Product: Tomcat Native
Classification: Unclassified
Component: Library (show other bugs)
Version: unspecified
Hardware: All HP-UX
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-19 09:58 UTC by Michael Osipov
Modified: 2020-04-06 21:28 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2019-08-19 09:58:12 UTC
Compile APR 1.6.x or 1.7.0 without pthreads, try to compile libtcnative with OpenSSL 1.0.2 and that APR version, you get:

> /net/home/osipovmi/opt/build/libtool --silent --mode=compile --tag=CC /opt/aCC/bin/aCC -Ae -g   -DHAVE_CONFIG_H  -DHPUX11 -D_REENTRANT -D_HPUX_SOURCE -D_LARGEFILE64_SOURCE  -I/net/home/osipovmi/opt/include -g -DHAVE_OPENSSL -I/net/home/osipovmi/opt/include  -I./include -I/opt/java8/include -I/opt/java8/include/hpux -I/opt/openssl/include  -I/net/home/osipovmi/opt/include   -o src/ssl.lo -c src/ssl.c && touch src/ssl.lo
> "src/ssl.c", line 62: error #2020: identifier "apr_thread_mutex_t" is undefined
>       apr_thread_mutex_t *mutex;
>       ^
> 
> "src/ssl.c", line 359: warning #2223-D: function "apr_threadkey_private_delete"
>           declared implicitly
>           apr_threadkey_private_delete(thread_exit_key);
>           ^
> 
> "src/ssl.c", line 437: error #2020: identifier "apr_thread_mutex_t" is
>           undefined
>   static apr_thread_mutex_t **ssl_lock_cs;
>          ^
> 
> "src/ssl.c", line 447: warning #2223-D: function "apr_thread_mutex_lock"
>           declared implicitly
>               apr_thread_mutex_lock(ssl_lock_cs[type]);
>               ^
> 
> "src/ssl.c", line 450: warning #2223-D: function "apr_thread_mutex_unlock"
>           declared implicitly
>               apr_thread_mutex_unlock(ssl_lock_cs[type]);
>               ^
> 
> "src/ssl.c", line 478: warning #2223-D: function "apr_os_thread_current"
>           declared implicitly
>       return (unsigned long)(apr_os_thread_current());
>                              ^
> 
> "src/ssl.c", line 486: warning #2223-D: function "apr_threadkey_private_set"
>           declared implicitly
>       apr_threadkey_private_set(NULL, thread_exit_key);
>       ^
> 
> "src/ssl.c", line 490: warning #2223-D: function "apr_threadkey_private_set"
>           declared implicitly
>       apr_threadkey_private_set(thread_exit_key, thread_exit_key);
>       ^
> 
> "src/ssl.c", line 495: warning #2223-D: function "apr_threadkey_private_set"
>           declared implicitly
>       apr_threadkey_private_set(thread_exit_key, thread_exit_key);
>       ^
> 
> "src/ssl.c", line 559: warning #2223-D: function "apr_thread_mutex_create"
>           declared implicitly
>       rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT,
>            ^
> 
> "src/ssl.c", line 559: error #2020: identifier "APR_THREAD_MUTEX_DEFAULT" is
>           undefined
>       rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT,
>                                                     ^
> 
> "src/ssl.c", line 579: warning #2223-D: function "apr_thread_mutex_lock"
>           declared implicitly
>           apr_thread_mutex_lock(l->mutex);
>           ^
> 
> "src/ssl.c", line 582: warning #2223-D: function "apr_thread_mutex_unlock"
>           declared implicitly
>           apr_thread_mutex_unlock(l->mutex);
>           ^
> 
> "src/ssl.c", line 593: warning #2223-D: function "apr_thread_mutex_destroy"
>           declared implicitly
>       rv = apr_thread_mutex_destroy(l->mutex);
>            ^
> 
> "src/ssl.c", line 612: warning #2223-D: function "apr_thread_mutex_create"
>           declared implicitly
>           apr_thread_mutex_create(&(ssl_lock_cs[i]),
>           ^
> 
> "src/ssl.c", line 613: error #2020: identifier "APR_THREAD_MUTEX_DEFAULT" is
>           undefined
>                                   APR_THREAD_MUTEX_DEFAULT, p);
>                                   ^
> 
> "src/ssl.c", line 802: warning #2223-D: function "apr_threadkey_private_create"
>           declared implicitly
>       err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
>             ^
> 
> 4 errors detected in the compilation of "src/ssl.c".
> gmake[1]: *** [/net/home/osipovmi/tomcat-native/native/build/rules.mk:206: src/ssl.lo] Error 1
> gmake[1]: Leaving directory '/net/home/osipovmi/tomcat-native/native'
> gmake: *** [/net/home/osipovmi/tomcat-native/native/build/rules.mk:118: all-recursive] Error 1

I have verified this on HP-UX, but this will be an issue on any OS where the threading support has been disable for some reason.

If libtcnative requires threading support for these muteces, check at configure time for:

> ./apr.h:#define APR_HAS_THREADS           0

and additionally fail at compile time with #ifndef and #error.
Comment 1 Michael Osipov 2020-04-06 11:49:37 UTC
Fix in 1.2.24 and onwards.
Comment 2 Mark Thomas 2020-04-06 15:24:53 UTC
I think INVALID would have been a better resolution here. OpenSSL 1.1.0 and earlier are no longer supported.

There are probably still OpenSSL 1.1.0 and earlier specific workarounds in the Tomcat Native code base. We should be removing that cruft rather than continuing to fix build issues with unsupported OpenSSL versions.
Comment 3 George Stanchev 2020-04-06 16:14:06 UTC
Would keeping 1.0.1 for the FIPS support be incentive not to deprecate/remove support for 1.0.1 completely?
Comment 4 Mark Thomas 2020-04-06 16:25:01 UTC
It is 1.0.2 that is required for FIPS support (and 1.0.2 is currently the minimum required OpenSSL version for Tomcat Native).

Yes, that is a good reason not to start removing the support for 1.0.2/1.1.0 just yet.

We need to factor in the timing of OpenSSL 3.0 as we figure out what we want to do with the APR/Native connector in Tomcat 10 and the impact that has on a possible Tomcat Native 2.0
Comment 5 Michael Osipov 2020-04-06 20:17:25 UTC
(In reply to Mark Thomas from comment #2)
> I think INVALID would have been a better resolution here. OpenSSL 1.1.0 and
> earlier are no longer supported.
> 
> There are probably still OpenSSL 1.1.0 and earlier specific workarounds in
> the Tomcat Native code base. We should be removing that cruft rather than
> continuing to fix build issues with unsupported OpenSSL versions.

I concur because many OS vendors still bundle 1.0.2 and provide fixes to those. Only upstream is not supported anymore. E.g., default OpenSSL on RHEL 7 is still 1.0.2, as sad as it sounds.
Comment 6 Michael Osipov 2020-04-06 21:28:37 UTC
(In reply to Michael Osipov from comment #5)
> (In reply to Mark Thomas from comment #2)
> > I think INVALID would have been a better resolution here. OpenSSL 1.1.0 and
> > earlier are no longer supported.
> > 
> > There are probably still OpenSSL 1.1.0 and earlier specific workarounds in
> > the Tomcat Native code base. We should be removing that cruft rather than
> > continuing to fix build issues with unsupported OpenSSL versions.
> 
> I concur because many OS vendors still bundle 1.0.2 and provide fixes to
> those. Only upstream is not supported anymore. E.g., default OpenSSL on RHEL
> 7 is still 1.0.2, as sad as it sounds.

Here is the ref: https://access.redhat.com/discussions/4285911

I think that a potentional libtcnative 2.0 can drop pre-1.1.1 support.