Hello!
I am trying to set up Tomcat Native using OpenSSL v3.0.2, and running into an error on startup. I have tried a ton of things, searched, read the docs over and over, and cannot get past this. Has anyone had success with this setup? I created a fully working sample project and Dockerfile to demonstrate the issue: https://github.com/claylehman/spring-boot-tomcat-native-openssl3 Thanks! Clay More info below.... Most of the examples and documentation that I have found is for old versions of OpenSSL, but I do see some release notes mentioning OpenSSL v3.0.x so I suspect this is supported to some degree. I am testing this using a docker container for "Oracle Linux Server 8" (specifically FROM openjdk:latest) I am running embedded tomcat from Spring Boot, but I dont suspect that is important for my issue. Notes about the setup steps (in the Dockerfile example): 1) Installed OpenSSL v3.0.2 from source with FIPS enabled. ( https://wiki.openssl.org/index.php/OpenSSL_3.0#Installation_and_Compilation_of_OpenSSL_3.0 ) RUN cd /usr/src \ && wget https://www.openssl.org/source/openssl-3.0.2.tar.gz \ && tar -zxf openssl-3.0.2.tar.gz \ && rm openssl-3.0.2.tar.gz \ && cd openssl-3.0.2 \ && ./config enable-fips && make -j8 && make -j8 install RUN ln -s /usr/local/lib/libcrypto.so.3 /usr/lib64/libcrypto.so.3 \ && ln -s /usr/local/lib/libssl.so.3 /usr/lib64/libssl.so.3 RUN openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so 2) Installed Tomcat Native from source: (https://tomcat.apache.org/native-doc/) RUN microdnf install apr-devel openssl-devel \ && mkdir /usr/lib/tcnative RUN cd /usr/src \ && wget https://dlcdn.apache.org/tomcat/tomcat-connectors/native/1.2.32/source/tomcat-native-1.2.32-src.tar.gz \ && tar -xvf tomcat-native-1.2.32-src.tar.gz \ && rm tomcat-native-1.2.32-src.tar.gz \ && cd tomcat-native-1.2.32-src/native \ && ./configure --with-api=/usr/bin/apr-1-config --with-java-home=/usr/java/latest --with-ssl=yes --prefix=/usr/lib/tcnative \ && make \ && make install 3) Generate a self-signed certificate: RUN openssl req -x509 -newkey rsa:4096 -passout pass:test -keyout testkey.pem -out testcert.pem -sha256 -days 90 -subj '/CN= test.lehmansoftware.com' 4) To enable tomcat native, i pass these parameters: ENTRYPOINT java \ -Dserver.port=8443 \ -Dserver.ssl.enabled=true \ -Djava.library.path="/usr/lib/tcnative/lib" \ -Dserver.ssl.certificate-key-file="/testkey.pem" \ -Dserver.ssl.certificate-file="/testcert.pem" \ -jar app.jar 5) And finally, here is the error message that I receive on application startup trying to use tcnative. cmts-docker-cmts-1 | [2022-04-04 14:49:01.549][${appenders}] WARN [main] core.AprLifecycleListener - The Apache Tomcat Native library failed to load. The error reported was [/usr/lib/tcnative/lib/libtcnative-1.so.0.2.32: /usr/lib/tcnative/lib/libtcnative-1.so.0.2.32: undefined symbol: EVP_PKEY_get_bits] cmts-docker-cmts-1 | java.lang.UnsatisfiedLinkError: /usr/lib/tcnative/lib/libtcnative-1.so.0.2.32: /usr/lib/tcnative/lib/libtcnative-1.so.0.2.32: undefined symbol: EVP_PKEY_get_bits cmts-docker-cmts-1 | at jdk.internal.loader.NativeLibraries.load(Native Method) ~[?:?]
