-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jesse,
On 6/4/15 12:49 PM, Christopher Schultz wrote:
> Jesse,
>
> On 6/4/15 11:43 AM, Jesse Defer wrote:
>> I am getting the following error from native on Tomcat startup:
>> /usr/local/java/latest7/bin/java: symbol lookup error:
>> /usr/local/apr/lib/libtcnative-1.so.0.1.33: undefined symbol:
>> SSL_CTX_clear_extra_chain_certs
>
>> SSL_CTX_clear_extra_chain_certs does not appear to be part of
>> the RHEL5 distributed OpenSSL 0.9.8. There are no compile
>> warnings/errors from native,
>
>> RHEL5.11 Tomcat 6.0.44 APR 1.5.1
>
>> Have the OpenSSL version requirements changed?
>
> Are you sure your compile-time and run-time versions of OpenSSL
> are the same?
>
> I'm having trouble finding minimum-version information about
> SSL_CTX_clear_extra_chain_certs. Can you check in openssl.h (and
> whatever else it includes on your system) to see if that function
> is defined?
>
> On my Mac, I've got 0.9.8zd plus 1.0.1j and 1.0.2a. Only the 1.0.1
> and 1.0.2 versions have that function defined, but it's actually a
> macro pointing to SSL_CTX_ctrl with some default parameters.
>
> So I'm surprised that you're seeing
> SSL_CTX_clear_extra_chain_certs being called a "symbol", since the
> compiler should be replacing it with something else. Well, if it's
> not defined at all, it might assume it's a function with no
> prototype and just assume that at runtime things will work-out.
> Looks like not.
>
> Re-check your compiler logs: I think you'll find a warning about
> an unresolved symbol. Probably with the linker, too. But it will
> only be a warning, depending upon the compiler flags.
>
> sslutils:245 uses that macro:
>
> SSL_CTX_clear_extra_chain_certs(ctx);
>
> Perhaps we need to add a version-check around that, and then
> define the macro as OpenSSL does if necessary.
>
> Can you add a Bugzilla issue for this? Feel free to reference this
> mailing list thread.
>
> -chris
In the meantime, can you throw this into tcnative.h at the bottom, and
re-build everything?
#define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
See if that works for you.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVcIIeAAoJEBzwKT+lPKRYwdkP/3o1G+EtRRXMse5UI7+a2cU7
aRXcOQciDa9qbyDOFsNRWwayZuvK6yfE4JRXFfsBKlJ50Ec1alJd4dzqXz+BDsTx
Q457uI07tr5pLZ+WMpUhlricmpGwD95b+UKWNrZX19D2ZZEHuhRuKwXsC2rSTq8D
bhYxjihgbMQxRozfjfw9NbMnQ1ZJAHLm7TiTp9JbkSQKmYxQ3SnQ9QtTkLII8+yF
WfOT7Y3bBeGpUPFN+/C335qAUQDkcx2iVlHUJfKeHIiy2XRv27D3/tkQM/9taAvD
Xt5J1hjqKFmAn0IELHd/TEzeMiDPCKheE7UDURSgVTbg8zcHvzMQANRzg7b/DLBm
XOTT9GAhJd8+ApqlfMuZidv6rxCcLsG7BZPXbnIYh6J0d21vjVGQCvPo0oCBi3/3
ymbZAkHzl1otfA7+fNyqG4oOOehCjGmwkev2qmrzyVTXRI2axFpWuDGbYTatGrWW
6wGTIBlJxhUCSxW4rK1kQEgWueyNTbG/Y/pHG7G4fdOYwsxRlT0MgRTj2CY/fvsS
BmuCysD9VBuXMiWzc0V1Ixf19pBzX10qDlSBNPPpaeC36KJhAwwZDdEiDOFf+UtG
NAGMy8Ig8zCPxXr4Guci7ps4MKKbbl5Zq5ND5hAqJxn/xqVBqRLh/lZDIks5Ozp3
7m3pDF3uM5n9sCzjBYjD
=xQfW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
