A new direct OpenSSL integration into Tomcat.
Right now, TLS/SSL encryption in Tomcat is managed in two ways. By the usage of the Java Secure Socket Extension(JSSE) API and by Tomcat native(tc-native) through APR and OpenSSL. Netty uses as well tc-native for providing is own OpenSSL implementation under Netty, called tc-netty.
This project will integrate OpenSLL into Tomcat but without depending of big projects like Tomcat native, APR or Netty. For integrating OpenSSL, we will use as most as possible the code from Tomcat and follow the same architecture as the JSSE implementation into Tomcat.
Our OpenSSL implementation will be available through the connector Nio2. In consequence, when using the Nio2 connector, users will have the choice between the JSSE implementation and OpenSSL.
NOTE: project in active development and can change a lot.
Currently, it is implemeneted under Tomcat 8.0.21 with some little changes in Tomcat.
A more detailed explanation can be found in the wiki
Ant is used for managing this project.
For building the Java part, you will need the source code of Tomcat 8.0.21. After downloading it, you need to build it. When it is done, clone this repository, build it and build again Tomcat.
For building the C part, you will need to have openssl and apr already installed.
When building this project, some files will be copied to the Tomcat source code. The configuration of Tomcat under output/build/conf
will be changed and the generated JAR's project will be added to the Tomcat's classpath.
- Build Tomcat 8.0.21
- Configure the file
build.properties
to indicate where Tomcat, OpenSSL and APR is located - Build the native C extension:
cd src/main/c
./configure --with-apr=apr_install_path --with-ssl=openssl_install_path
make
- Read BUILDING
- Run
ant deploy
, it will:
- Copy some java files to Tomcat
- Build the Java files of this project
- Generate the JAR
- Copy the JAR to
output/build/lib
of Tomcat - Change the configuration of
output/build/conf/server.xml
to use the Nio2 connector with our OpenSSL implementation
- In Tomcat run
ant deploy
again, for compiling the modified/added files - In this project. run
ant run
to start Tomcat
The code under org.apache.tomcat.tomcatopenssl.jni.*
is copied as is from the tc-netty. But the build system is copied from tc-native. To compile it you need to follow the instructions provided here: https://github.com/facenord-sud/tomcat-openssl/blob/master/src/main/c/BUILDING
The code uner io.netty.*
is copied from netty