Bug 1690651 - Tomcat 9.0.13 update incompatible with tomcat-native
Summary: Tomcat 9.0.13 update incompatible with tomcat-native
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: tomcat
Version: 29
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Ivan Afonichev
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-19 22:58 UTC by me
Modified: 2019-09-26 18:13 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-26 18:13:04 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description me 2019-03-19 22:58:28 UTC
Description of problem:
When Tomcat is updated to version 9.0.13 from the 9.0.10 release initially included with Fedora, TLS (-> OpenSSL, Tomcat Native) stops working due to a library version issue...

Version-Release number of selected component (if applicable):
tomcat 9.0.13
tomcat-native 

How reproducible:
Always

Steps to Reproduce:
1. Update from Tomcat 9.0.10 (Fedora 29 base version) to Tomcat 9.0.13
2. Start Tomcat
3. Errors in logs and TLS doesn't work

Actual results:
Tomcat unreachable with TLS

Expected results:
TLS should work

Additional info:

Relevant log output after update:
systemd[1]: Started Apache Tomcat Web Application Container.
...
server[6394]: 19-Mar-2019 19:24:32.550 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older version [1.2.17] of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [1.2.18]
server[6394]: 19-Mar-2019 19:24:32.553 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.6.5].
server[6394]: 19-Mar-2019 19:24:32.553 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
server[6394]: 19-Mar-2019 19:24:32.554 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
server[6394]: 19-Mar-2019 19:24:32.557 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1b FIPS  26 Feb 2019]
...

When handling requests:

server[1555]: 18-Mar-2019 03:03:17.915 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-8443"]
server[1555]: 18-Mar-2019 03:03:17.918 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 4162 ms
server[1555]: 18-Mar-2019 03:03:18.980 SEVERE [https-openssl-nio-8443-exec-4] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
server[1555]:  java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
server[1555]:         at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method)
server[1555]:         at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021)
server[1555]:         at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457)
server[1555]:         at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
server[1555]:         at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440)
server[1555]:         at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211)
server[1555]:         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394)
server[1555]:         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
server[1555]:         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
server[1555]:         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
server[1555]:         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
server[1555]:         at java.lang.Thread.run(Thread.java:748)

Workaround: downgrade Tomcat to 9.0.10

Comment 1 Coty Sutherland 2019-09-26 18:13:04 UTC
TLS works find with the following packages in use:

# rpm -qa tomcat tomcat-native openssl apr
tomcat-9.0.21-2.fc30.noarch
tomcat-native-1.2.21-1.fc30.x86_64
openssl-1.1.1c-6.fc30.x86_64
apr-1.6.5-3.fc30.x86_64


Note You need to log in before you can comment on or make changes to this bug.