SSL and native libraries
fastbob Mar 5, 2008 1:14 AMHopefully I have the correct forum section. While I've researched the issue a bit, I can't claim to fully understand what's going on.
On Windows XP, using JBoss 4.2.2 (no modifications) and Sun jdk 1.6, we enabled SSL by uncommenting the SSL connector in service.xml:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}" maxThreads="100" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/my.keystore" keystorePass="something" sslProtocol = "TLS" />
This seemed to be handled fine during startup - no native library found but startup continued and SSL worked:
05:47:06,150 INFO [NativeServerConfig] JBoss Web Services - Native 05:47:06,150 INFO [NativeServerConfig] jbossws-native-2.0.1.SP2 (build=200710210837) 05:47:06,941 INFO [Embedded] Catalina naming disabled 05:47:07,281 INFO [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Java\jdk1.6.0\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\Java\jdk1.6.0\bin;C:\Java\apache-ant-1.7.0\bin;C:\Java\jikes_1.22\bin;C:\Java\maven-2.0.7\bin;c:\tools\cygwin\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\cvsnt;C:\Program Files\MySQL\MySQL Server 5.0\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\ 05:47:07,352 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8080 05:47:08,083 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8443 05:47:08,093 INFO [AjpProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009
On Fedora8 Linux, we copied the same JBoss directory to the system (same Sun jdk 1.6). However, the log showed the following during startup:
03:22:19,508 INFO [NativeServerConfig] JBoss Web Services - Native 03:22:19,508 INFO [NativeServerConfig] jbossws-native-2.0.1.SP2 (build=200710210837) 03:22:20,310 INFO [Embedded] Catalina naming disabled 03:22:20,462 WARN [Connector] Property debug not found on the protocol handler. 03:22:20,466 WARN [Connector] Property clientAuth not found on the protocol handler. 03:22:20,466 WARN [Connector] Property keystoreFile not found on the protocol handler. 03:22:20,467 WARN [Connector] Property keystorePass not found on the protocol handler. 03:22:20,747 INFO [AprLifecycleListener] Loaded Apache Tomcat Native library 1.1.10. 03:22:20,751 INFO [AprLifecycleListener] APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 03:22:21,092 INFO [Http11AprProtocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8080 03:22:21,094 ERROR [Http11AprProtocol] Error initializing endpoint java.lang.Exception: No Certificate file specified at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:683) ...
So it appears that on Fedora the native library was loaded, but then the properties of the SSL connector were not loaded. Startup eventually failed due to the port being in use:
03:23:12,305 INFO [Http11AprProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080 03:23:12,383 ERROR [Http11AprProtocol] Error starting endpoint java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:611) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:716) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
I'm not clear what we need to change in the configuration to get things working on Linux. It seems like removing the native library would work against better performance. Any pointers would be appreciated. Thanks.
Bob