5:58 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1690651
Bug ID: 1690651
Summary: Tomcat 9.0.13 update incompatible with tomcat-native
Product: Fedora
Version: 29
OS: Linux
Status: NEW
Component: tomcat
Severity: high
Assignee: ivan.afonichev(a)gmail.com
Reporter: lumetili(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Target Milestone: ---
Classification: Fedora
Description of problem:
When Tomcat is updated to version 9.0.13 from the 9.0.10 release initially
included with Fedora, TLS (-> OpenSSL, Tomcat Native) stops working due to a
library version issue...
Version-Release number of selected component (if applicable):
tomcat 9.0.13
tomcat-native
How reproducible:
Always
Steps to Reproduce:
1. Update from Tomcat 9.0.10 (Fedora 29 base version) to Tomcat 9.0.13
2. Start Tomcat
3. Errors in logs and TLS doesn't work
Actual results:
Tomcat unreachable with TLS
Expected results:
TLS should work
Additional info:
Relevant log output after update:
systemd[1]: Started Apache Tomcat Web Application Container.
...
server[6394]: 19-Mar-2019 19:24:32.550 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older version
[1.2.17] of the APR based Apache Tomcat Native library is installed, while
Tomcat recommends a minimum version of [1.2.18]
server[6394]: 19-Mar-2019 19:24:32.553 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based
Apache Tomcat Native library [1.2.17] using APR version [1.6.5].
server[6394]: 19-Mar-2019 19:24:32.553 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities:
IPv6 [true], sendfile [true], accept filters [false], random [true].
server[6394]: 19-Mar-2019 19:24:32.554 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
server[6394]: 19-Mar-2019 19:24:32.557 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1b FIPS 26 Feb 2019]
...
When handling requests:
server[1555]: 18-Mar-2019 03:03:17.915 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["https-openssl-nio-8443"]
server[1555]: 18-Mar-2019 03:03:17.918 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in 4162 ms
server[1555]: 18-Mar-2019 03:03:18.980 SEVERE [https-openssl-nio-8443-exec-4]
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
server[1555]: java.lang.UnsatisfiedLinkError:
org.apache.tomcat.jni.SSL.renegotiatePending(J)I
server[1555]: at org.apache.tomcat.jni.SSL.renegotiatePending(Native
Method)
server[1555]: at
org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021)
server[1555]: at
org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457)
server[1555]: at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
server[1555]: at
org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440)
server[1555]: at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211)
server[1555]: at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394)
server[1555]: at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
server[1555]: at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
server[1555]: at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
server[1555]: at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
server[1555]: at java.lang.Thread.run(Thread.java:748)
Workaround: downgrade Tomcat to 9.0.10
--
You are receiving this mail because:
You are on the CC list for the bug.
1:13 p.m.
New subject: [Bug 1690651] Tomcat 9.0.13 update incompatible with tomcat-native
https://bugzilla.redhat.com/show_bug.cgi?id=1690651
Coty Sutherland <csutherl(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |WORKSFORME
Last Closed| |2019-09-26 18:13:04
--- Comment #1 from Coty Sutherland <csutherl(a)redhat.com> ---
TLS works find with the following packages in use:
# rpm -qa tomcat tomcat-native openssl apr
tomcat-9.0.21-2.fc30.noarch
tomcat-native-1.2.21-1.fc30.x86_64
openssl-1.1.1c-6.fc30.x86_64
apr-1.6.5-3.fc30.x86_64
--
You are receiving this mail because:
You are on the CC list for the bug.
1672
days inactive
1863
days old
java-sig-commits@lists.fedoraproject.org
1 comments
1 participants
participants (1)
-
bugzilla@redhat.com