Compile APR 1.6.x or 1.7.0 without pthreads, try to compile libtcnative with OpenSSL 1.0.2 and that APR version, you get: > /net/home/osipovmi/opt/build/libtool --silent --mode=compile --tag=CC /opt/aCC/bin/aCC -Ae -g -DHAVE_CONFIG_H -DHPUX11 -D_REENTRANT -D_HPUX_SOURCE -D_LARGEFILE64_SOURCE -I/net/home/osipovmi/opt/include -g -DHAVE_OPENSSL -I/net/home/osipovmi/opt/include -I./include -I/opt/java8/include -I/opt/java8/include/hpux -I/opt/openssl/include -I/net/home/osipovmi/opt/include -o src/ssl.lo -c src/ssl.c && touch src/ssl.lo > "src/ssl.c", line 62: error #2020: identifier "apr_thread_mutex_t" is undefined > apr_thread_mutex_t *mutex; > ^ > > "src/ssl.c", line 359: warning #2223-D: function "apr_threadkey_private_delete" > declared implicitly > apr_threadkey_private_delete(thread_exit_key); > ^ > > "src/ssl.c", line 437: error #2020: identifier "apr_thread_mutex_t" is > undefined > static apr_thread_mutex_t **ssl_lock_cs; > ^ > > "src/ssl.c", line 447: warning #2223-D: function "apr_thread_mutex_lock" > declared implicitly > apr_thread_mutex_lock(ssl_lock_cs[type]); > ^ > > "src/ssl.c", line 450: warning #2223-D: function "apr_thread_mutex_unlock" > declared implicitly > apr_thread_mutex_unlock(ssl_lock_cs[type]); > ^ > > "src/ssl.c", line 478: warning #2223-D: function "apr_os_thread_current" > declared implicitly > return (unsigned long)(apr_os_thread_current()); > ^ > > "src/ssl.c", line 486: warning #2223-D: function "apr_threadkey_private_set" > declared implicitly > apr_threadkey_private_set(NULL, thread_exit_key); > ^ > > "src/ssl.c", line 490: warning #2223-D: function "apr_threadkey_private_set" > declared implicitly > apr_threadkey_private_set(thread_exit_key, thread_exit_key); > ^ > > "src/ssl.c", line 495: warning #2223-D: function "apr_threadkey_private_set" > declared implicitly > apr_threadkey_private_set(thread_exit_key, thread_exit_key); > ^ > > "src/ssl.c", line 559: warning #2223-D: function "apr_thread_mutex_create" > declared implicitly > rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT, > ^ > > "src/ssl.c", line 559: error #2020: identifier "APR_THREAD_MUTEX_DEFAULT" is > undefined > rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT, > ^ > > "src/ssl.c", line 579: warning #2223-D: function "apr_thread_mutex_lock" > declared implicitly > apr_thread_mutex_lock(l->mutex); > ^ > > "src/ssl.c", line 582: warning #2223-D: function "apr_thread_mutex_unlock" > declared implicitly > apr_thread_mutex_unlock(l->mutex); > ^ > > "src/ssl.c", line 593: warning #2223-D: function "apr_thread_mutex_destroy" > declared implicitly > rv = apr_thread_mutex_destroy(l->mutex); > ^ > > "src/ssl.c", line 612: warning #2223-D: function "apr_thread_mutex_create" > declared implicitly > apr_thread_mutex_create(&(ssl_lock_cs[i]), > ^ > > "src/ssl.c", line 613: error #2020: identifier "APR_THREAD_MUTEX_DEFAULT" is > undefined > APR_THREAD_MUTEX_DEFAULT, p); > ^ > > "src/ssl.c", line 802: warning #2223-D: function "apr_threadkey_private_create" > declared implicitly > err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit, > ^ > > 4 errors detected in the compilation of "src/ssl.c". > gmake[1]: *** [/net/home/osipovmi/tomcat-native/native/build/rules.mk:206: src/ssl.lo] Error 1 > gmake[1]: Leaving directory '/net/home/osipovmi/tomcat-native/native' > gmake: *** [/net/home/osipovmi/tomcat-native/native/build/rules.mk:118: all-recursive] Error 1 I have verified this on HP-UX, but this will be an issue on any OS where the threading support has been disable for some reason. If libtcnative requires threading support for these muteces, check at configure time for: > ./apr.h:#define APR_HAS_THREADS 0 and additionally fail at compile time with #ifndef and #error.
Fix in 1.2.24 and onwards.
I think INVALID would have been a better resolution here. OpenSSL 1.1.0 and earlier are no longer supported. There are probably still OpenSSL 1.1.0 and earlier specific workarounds in the Tomcat Native code base. We should be removing that cruft rather than continuing to fix build issues with unsupported OpenSSL versions.
Would keeping 1.0.1 for the FIPS support be incentive not to deprecate/remove support for 1.0.1 completely?
It is 1.0.2 that is required for FIPS support (and 1.0.2 is currently the minimum required OpenSSL version for Tomcat Native). Yes, that is a good reason not to start removing the support for 1.0.2/1.1.0 just yet. We need to factor in the timing of OpenSSL 3.0 as we figure out what we want to do with the APR/Native connector in Tomcat 10 and the impact that has on a possible Tomcat Native 2.0
(In reply to Mark Thomas from comment #2) > I think INVALID would have been a better resolution here. OpenSSL 1.1.0 and > earlier are no longer supported. > > There are probably still OpenSSL 1.1.0 and earlier specific workarounds in > the Tomcat Native code base. We should be removing that cruft rather than > continuing to fix build issues with unsupported OpenSSL versions. I concur because many OS vendors still bundle 1.0.2 and provide fixes to those. Only upstream is not supported anymore. E.g., default OpenSSL on RHEL 7 is still 1.0.2, as sad as it sounds.
(In reply to Michael Osipov from comment #5) > (In reply to Mark Thomas from comment #2) > > I think INVALID would have been a better resolution here. OpenSSL 1.1.0 and > > earlier are no longer supported. > > > > There are probably still OpenSSL 1.1.0 and earlier specific workarounds in > > the Tomcat Native code base. We should be removing that cruft rather than > > continuing to fix build issues with unsupported OpenSSL versions. > > I concur because many OS vendors still bundle 1.0.2 and provide fixes to > those. Only upstream is not supported anymore. E.g., default OpenSSL on RHEL > 7 is still 1.0.2, as sad as it sounds. Here is the ref: https://access.redhat.com/discussions/4285911 I think that a potentional libtcnative 2.0 can drop pre-1.1.1 support.