Re: (tomcat) branch main updated: Add unit tests for PQC features

Mon, 18 May 2026 15:06:24 -0700 

All,

On 5/15/26 12:09 PM, Rémy Maucherat wrote:

On Fri, May 15, 2026 at 6:03 PM Mark Thomas <[email protected]> wrote:


On 15/05/2026 16:50, Dimitris Soumis wrote:

https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/util/openssl/openssl_h.java#L82

Maybe LibreSSL is loaded which doesn't support PQC?


Almost. It was the usual multiple inter-related errors making debugging
more difficult than usual.

The sytem OpenSSL 3.0.x was being picked up. That was adding a lot of
noise. Then OpenSSL master needed slightly different settings to OpenSSL
3.x. The following fixed the OpenSSL version issues (running in the IDE
- equivalent settings would be required in build.properties)

-Dtomcat.test.openssl.path=/home/mark/repos/openssl/build-master/bin/openssl
-Djava.library.path=/home/mark/libs/tomcat-native-2.0.14-openssl-master/lib:/home/mark/repos/openssl/build-master/lib64
-Dorg.apache.tomcat.util.openssl.USE_SYSTEM_LOAD_LIBRARY=true

And with those in place I could switch between Native 2.0.14 and 2.0.x
and OpenSSL 3.5.6 and master and get consistent errors. The errors look
like an OpenSSL + Native + PQC bug that the tests are now exposing. That
isn't fixed yet but I feel I am making progress.


This happened to me before (unfortunately ...).

Here's the build.properties I use to test the various impls with the testsuite:
#runtests.librarypath=-Djava.library.path=/home/remm/Work/tomcat/openssl
#runtests.librarypath=-Djava.library.path=/home/remm/Work/libressl-3.5.0/ssl/.libs:/home/remm/Work/libressl-3.5.0/crypto/.libs
#runtests.librarypath=-Djava.library.path=/home/remm/Work/libressl-3.3.6/ssl/.libs:/home/remm/Work/libressl-3.3.6/crypto/.libs
#runtests.librarypath=-Djava.library.path=/home/remm/Work/libressl-4.0.0/ssl/.libs:/home/remm/Work/libressl-4.0.0/crypto/.libs
#runtests.librarypath=-Djava.library.path=/home/remm/Work/boringssl/build
#openssl.ffm.1=-Dorg.apache.tomcat.util.openssl.USE_SYSTEM_LOAD_LIBRARY=true

I also have:
#openssl.ffm.2=-Dorg.apache.tomcat.util.openssl.CRYPTO_LIBRARY_NAME=crypto
but I don't remember why.

I've struggled with this as well during testing. Here is the (relevant 
part of the) build.properties file I end up building (dynamically) 
during testing:


# TODO: This is specifically for MacOS
openssl.ffm.1=-Dorg.apache.tomcat.util.openssl.USE_SYSTEM_LOAD_LIBRARY=true
openssl.ffm.2=-Dorg.apache.tomcat.util.openssl.LIBRARY_NAME=ssl
java-ffm.home=
test.openssl.unimplemeneted=IDEA
test.openssl.loc=/opt/homebrew/Cellar/openssl@3/3.6.1/bin/openssl
test.apr.loc=....../apache-tomcat-10.1.55-src/output/build/bin/native

-chris


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


























					Reply via email to