Pier et. al.
I hope that someone more enlightened can assist me with this one as I'm
totally flummoxed
by this - this applies to Solaris threads being used within mod_webapp (but
not directly)...
I have succesfully (yay!) built mod_webapp (and apr) using the native SUN C
compiler on Solaris
2.8. I am now attempting to add my own provider to the mix and am hitting an
odd problem that I
need explained to me )or hit on the head with a stick - which ever is less
painful ;-)
B.T.W. My 'provider' is an interface between apache and an IIOP (CORBA)
connector that allows apache to converse with
tomcat (using an IIOP java connector). (works champion on NT!).
Unfortunately I don't have a single-threaded version of the CORBA orb
libraries - only multi-threaded
are available. Note that from Apache's point of view this shouldn't be a
problem as there only is one
client per apache child - no callbacks are made between the client and
server so the execution thread being used
by apache should be the only one that invokes the (client) object reference.
Unfortunately, due to the mechanism involved in binding to a corba object,
the client lib spawns a bunch
of thread so handle the looking up and resolving of the object reference. It
is here that my problem occurs.
The CORBA api call launches 5 or so threads a this point (mainly to service
a try/retry object discovery role)
and, for every call to thr_create() that's performed by the 'connect' code,
I get the following message written to the
apache log (things in <> paraphrased by me):
[<apache timestamp>][notice] child pid <pidnum> exit signal Abort(6)
thr_create: Inappropriate ioctl for device
thr_create: Inappropriate ioctl for device
thr_create: Inappropriate ioctl for device
...
I thought it might be that I hadn't put -lthread in the link line but that's
even nastier - Apache doesn't even
manage to startup if I do that.
So - can anyone please! offer any advice on :
a) what the above could mean
b) any suggestions on using multi-threading apps (in a single threaded
fashion) within mod_Webapp or apache.
Thanks,
Thom
p.s. Note that this isn't a problem per se with the mod_webapp connector -
more an issue with the use of threading
within Apache - so can anyone advise where i should post this request if not
here?
-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 5:03 PM
To: [EMAIL PROTECTED]
Subject: Re: Standalone SSL Problem (was: Re: [DOC] TC4 Status)
On Mon, 30 Jul 2001, Christopher Cain wrote:
> (Two different mails snipped and referenced below :-)
>
> "Craig R. McClanahan" wrote:
> >
> > Yes, that should be "conf/server/lib". Alternatively (and the way I run
> > it), you can put these three JAR files in $JAVA_HOME/jre/lib/ext.
>
> A few things here. First, it is unnecessary, then, to have the JSSE jars
> in the Tomcat hierarchy if they are installed extensions (/jre/lib/ext)?
>
That is correct. That's the way my setup works.
> Second, and just out of curiousity, the "server/lib" directory appears
> to have moved up to the $TCHOME rather than underneath the "conf"
> subdirectory. Was that a typo on your part, or does the container
> actually search that path (in which case one would now have to manually
> create it)?
>
Yes, the above is a typo -- it's really "$CATALINA_HOME/server/lib".
> > Just uncommenting the 8443 connector example in the standard
> > conf/server.xml works for me.
>
> But I still need to point it to my keystore, right? Basically, I
> uncommented the section and added "keystoreFile" and "keystorePass"
> attributes to the Connector tag. The second Http connector section now
> reads this:
>
> <Connector className="org.apache.catalina.connector.http.HttpConnector"
> port="8443" minProcessors="5" maxProcessors="75"
> enableLookups="true" acceptCount="10" debug="0"
> scheme="https" secure="true"
> keystoreFile="/usr/local/tomcat/conf/my.keystore"
> keystorePass="mypass">
> <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
> clientAuth="false" protocol="TLS"/>
> </Connector>
>
> Again, all I changed was to add the two keystore attribs.
>
I didn't, because the defaults work for me:
keystoreFile - Default is ".keystore" in the user home directory
of the user that is running Tomcat.
keystorePass - "changeit" (as the docco in server.xml tells you to do
You can, of course, override these values as you have done, if you have
done something different.
> > You also have to set up your JSSE environment according to the
> > instructions immediately above this connector entry.
>
> I think so. I have JSSE 1.0.2, with the 3 jars in jre/lib/ext (and also
> in the system classpath, although not that Catalina cares, of course). I
> have the "com.sun.net.ssl..." provider in the security file (I assume
> the pecking order doesn't matter). My keystore was generated with:
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore
> -keypasswd thepassword -storepasswd thepassword
>
The shouldn't you set keystorePass to "thepassword" instead of "mypass"?
> Key and store passwords are the same. "my.keystore" is in the tomcat
> conf directory and world-readable.
>
> > What do your log files say?
>
> First of all, the silent failure bit I mentioned this morning was simply
> my own goofiness. No message was thrown on the command line, and there
> were no errors in the catalina_log... file, but I somehow missed the
> "catalina.out" file (my only defense is that it was 2:00am at the time
> :-) Below is the stack trace from that file.
>
> PATHETIC DISCLAIMER:
>
> I haven't tried to track it down yet, as I just now discovered this log
> file. Although nothing jumps out at me from viewing the calling stack,
> it may well be something braindead. I suppose this is technically a bit
> of dev-list abuse now, but I am still familiarizing myself with the 4.0
> codebase and am not yet up to speed on the container startup process. If
> nothing appears obvious from my setup and/or stack trace, feel free to
> call me a bum and tell me to track it down my own damn self. I simply
> couldn't resist an invitation such as "What do your log files say" =)
> (Although on the upshot, I can definitely promise you a "Standalone SSL
> Configuration and Troubleshooting" doc once this is all said and done.)
>
Looks like the kind of problem you will have if the classes are BOTH in
the system extensions directory AND in the Tomcat hierarchy. You really
don't want to do that.
> - Christopher
>
> P.S. TC4 takes about 2 minutes to start up on my P133 Redhat 7.1 box
> with 256M of RAM. Is that normal or excessive? I'll definitely track
> that one down myself, I just want to know if that is out of the ordinary
> and therefore something I should even check into. I know for a fact that
> "javac" compilations are almost surrealistically slow on that machine,
> so maybe it has something to do with that. *shrug*
>
The largest time consumer in the Tomcat code is creating multiple
SAXParserFactory instances in XmlMapper, which is apparently pretty
expensive. There's already an enhancement request logged to reuse the
first one you create instead, which we'll get to at some point.
Tomcat 4 on my system (800mHz, 512mb) starts up with just the standard
apps in less than 5 seconds. Of course, if you've got an app with
load-on-startup servlets that take a long time (such as Cocoon), then it's
not really Tomcat's fault anyway :-).
> Anyway, thanks a ton for the SSL assistance!
>
Craig
> ----------------------
>
> Starting service Tomcat-Standalone
> Apache Tomcat/4.0-b6
> initProxy: java.security.NoSuchAlgorithmException: Class
> com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
> not a SSLContext
> java.security.NoSuchAlgorithmException: Class
> com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
> not a SSLContext
> at com.sun.net.ssl.b.a([DashoPro-V1.2-120198])
> at com.sun.net.ssl.SSLContext.getInstance([DashoPro-V1.2-120198])
> at
>
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocketFact
ory.java:385)
> at
>
org.apache.catalina.net.SSLServerSocketFactory.initialize(SSLServerSocketFac
tory.java:328)
> at
>
org.apache.catalina.net.SSLServerSocketFactory.createSocket(SSLServerSocketF
actory.java:281)
> at
>
org.apache.catalina.connector.http.HttpConnector.open(HttpConnector.java:905
)
> at
>
org.apache.catalina.connector.http.HttpConnector.start(HttpConnector.java:10
78)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:360)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:458)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:737)
> at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
> at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
> at java.lang.reflect.Method.invoke(Native Method)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
> Catalina.start: LifecycleException: HttpConnector[8443].open:
> java.io.IOException: java.security.NoSuchAlgorithmException: Class
> com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
> not a SSLContext
> LifecycleException: HttpConnector[8443].open: java.io.IOException:
> java.security.NoSuchAlgorithmException: Class
> com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
> not a SSLContext
> at
>
org.apache.catalina.connector.http.HttpConnector.start(HttpConnector.java:10
80)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:360)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:458)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:737)
> at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
> at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
> at java.lang.reflect.Method.invoke(Native Method)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
> ----- Root Cause -----
> java.io.IOException: java.security.NoSuchAlgorithmException: Class
> com.sun.net.ssl.internal.ssl.SSLContextImpl configured for SSLContext
> not a SSLContext
> at
>
org.apache.catalina.net.SSLServerSocketFactory.initProxy(SSLServerSocketFact
ory.java:409)
> at
>
org.apache.catalina.net.SSLServerSocketFactory.initialize(SSLServerSocketFac
tory.java:328)
> at
>
org.apache.catalina.net.SSLServerSocketFactory.createSocket(SSLServerSocketF
actory.java:281)
> at
>
org.apache.catalina.connector.http.HttpConnector.open(HttpConnector.java:905
)
> at
>
org.apache.catalina.connector.http.HttpConnector.start(HttpConnector.java:10
78)
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:360)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:458)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:737)
> at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
> at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
> at java.lang.reflect.Method.invoke(Native Method)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
> Stopping service Tomcat-Standalone
>
