-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jesse,
On 6/4/15 11:43 AM, Jesse Defer wrote: > I am getting the following error from native on Tomcat startup: > /usr/local/java/latest7/bin/java: symbol lookup error: > /usr/local/apr/lib/libtcnative-1.so.0.1.33: undefined symbol: > SSL_CTX_clear_extra_chain_certs > > SSL_CTX_clear_extra_chain_certs does not appear to be part of the > RHEL5 distributed OpenSSL 0.9.8. There are no compile > warnings/errors from native, > > RHEL5.11 Tomcat 6.0.44 APR 1.5.1 > > Have the OpenSSL version requirements changed? Are you sure your compile-time and run-time versions of OpenSSL are the same? I'm having trouble finding minimum-version information about SSL_CTX_clear_extra_chain_certs. Can you check in openssl.h (and whatever else it includes on your system) to see if that function is defined? On my Mac, I've got 0.9.8zd plus 1.0.1j and 1.0.2a. Only the 1.0.1 and 1.0.2 versions have that function defined, but it's actually a macro pointing to SSL_CTX_ctrl with some default parameters. So I'm surprised that you're seeing SSL_CTX_clear_extra_chain_certs being called a "symbol", since the compiler should be replacing it with something else. Well, if it's not defined at all, it might assume it's a function with no prototype and just assume that at runtime things will work-out. Looks like not. Re-check your compiler logs: I think you'll find a warning about an unresolved symbol. Probably with the linker, too. But it will only be a warning, depending upon the compiler flags. sslutils:245 uses that macro: SSL_CTX_clear_extra_chain_certs(ctx); Perhaps we need to add a version-check around that, and then define the macro as OpenSSL does if necessary. Can you add a Bugzilla issue for this? Feel free to reference this mailing list thread. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVcIGMAAoJEBzwKT+lPKRYw08P/icdrYqC64xnIkSLoXr7JIqb 6hB2efkSbGT9QMZRAcfLyV8rD0m+qdj9X2qh+Bak2kMpvSjZ6lhTgo+NcVY9Ns0a FddZg/tXzl8qmoK1V7RsT0/zJ8lguWZ2uLbZw+aTZMBHyI1Co6Hy8owglKFQrePs HreWGDtEHFjhZsqHE8DlNjl+usXC0gNHTNn8V2orlyk0zrfLyoaBeD0fpwlMRy3m KhJ5y6KvlXmP0pjqJyWeddJiDoEWALnIooewddJJ/B5XfHkC5P4OIQZ0jtFYpC+D fLFV5INK8RKcwI9bPezWJ8glnKr9xZvz/l6fb+cDbliMYaOePA/33sFbvC7ZoC2/ CYzexNUBd2642+4ttdPSW67ifmex6WRoam9AHbSTA0Y8UGOEuRTlNp3i7k+IVs0u ywi1AeTx+D/v/VUgoY8++WT30Il8NcldJStOhlz2/zYOCLdtWRTiBzAoSBCpqerh 9AluB7glhYerjYLRJ8aSxfr6o3jESORi6MqgL9Bn2gXmWmvUCCs93W2xAMrXI8IH CYrjcLVcPTWgrZ+arwhEO57VTyIyGmbA/0pSJhSBpIv6kJ54Xq1aHm62zXb90RZ+ Rimal9N3p/fB5pIc/I0fiW4gRhY2S2MIksM+e3sq1CmPQYDVEZTr73XZoj+M6u0a G167bznhuNZz7PAG1/fA =UDm6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
