| ================================================================================ |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ================================================================================ |
| |
| Linux / Unix / OSX (dynamic linking) |
| ==================================== |
| |
| 1. Prerequisites |
| |
| Install OpenSSL version 3.0.0 or higher |
| Install APR version 1.7.0 or higher. |
| Download and expand the source package or use an git checkout |
| |
| > cd native |
| |
| 2. Configure build environment |
| |
| Note: This step is only required if you are building from an git checkout. It |
| is not required when building from a source package. |
| |
| > sh buildconf --with-apr=apr_source_location. |
| |
| 3. Build |
| |
| > configure --with-apr=apr_install_location --with-ssl=openssl_install_location |
| > make |
| |
| This should produce a file named libtcnative-2.so |
| |
| |
| Linux / Unix / OSX (static linking) |
| =================================== |
| |
| 1. Build static version of OpenSSL 3.0.0 or later |
| |
| > ./Configure --prefix=~/natives/openssl enable-fips |
| > make |
| > make install |
| |
| 2. Build static version of APR 1.7.0 or later |
| |
| > ./configure --prefix=~/natives/apr |
| > make |
| > make install |
| |
| Note: APR builds both static and dynamic libraries by default. |
| |
| 3. Ensure the static APR library is used |
| |
| Edit the ~/natives/apr/lib/libapr-1.la file and comment or delete the |
| following sections: dlname='...' and library_names='...' |
| This is needed so that libtool picks the static version of the library. |
| |
| 4. Build tc-native |
| |
| > ./configure --with-apr=~/natives/apr --with-ssl=~/natives/openssl --prefix=~/natives/tomcat |
| > make |
| > make install |
| |
| |
| Windows |
| ======= |
| |
| 1. Prerequisites |
| |
| These steps assume a suitable build environment has been set up. |
| https://cwiki.apache.org/confluence/display/TOMCAT/Common+Native+Build+Environment |
| |
| 2. Obtain tc-native source |
| |
| Download and expand the source package or use an git checkout |
| |
| 3. Build APR |
| |
| Unpack the APR source distribution into native\srclib\apr |
| |
| > c:\cmsc\setenv.bat x86 |
| > nmake -f NMAKEmakefile BUILD_CPU=x86 APR_DECLARE_STATIC=1 |
| |
| > c:\cmsc\setenv.bat x64 |
| > nmake -f NMAKEmakefile BUILD_CPU=x64 APR_DECLARE_STATIC=1 |
| |
| 4. Build OpenSSL |
| |
| > cd ..\openssl |
| |
| Unpack the OpenSSL 3.0.x source distribution in this directory |
| |
| Apply openssl-msvcrt-3.0.x.patch. Note that you may need to skip and/or use an offset to get the patch to apply. |
| |
| > c:\cmsc\setenv.bat x86 |
| > perl Configure no-shared VC-WIN32 |
| > nmake |
| > mkdir out32-x86 |
| > copy libssl.lib out32-x86\ |
| > copy libcrypto.lib out32-x86\ |
| > copy apps\openssl.exe out32-x86\ |
| |
| > nmake clean |
| |
| > c:\cmsc\setenv.bat x64 |
| > perl Configure no-shared VC-WIN64A |
| > nmake |
| > mkdir out32-x64 |
| > copy libssl.lib out32-x64\ |
| > copy libcrypto.lib out32-x64\ |
| > copy apps\openssl.exe out32-x64\ |
| |
| 5. Copy APR and OpenSSL to versioned directories |
| |
| Keeping the various libraries in versioned directories saves having to |
| rebuild them next time if the version remains unchanged. |
| |
| > cd .. |
| > set OPENSSL_VER=3.0.0 |
| > set APR_VER=1.7.0 |
| |
| > mkdir \deps-x86\apr-%APR_VER%\include |
| > mkdir \deps-x86\apr-%APR_VER%\lib |
| > mkdir \deps-x86\openssl-%OPENSSL_VER%\include |
| > mkdir \deps-x86\openssl-%OPENSSL_VER%\lib |
| > xcopy /E \deps-x86\apr-%APR_VER% \deps-x64\apr-%APR_VER%\ |
| > xcopy /E \deps-x86\openssl-%OPENSSL_VER% \deps-x64\openssl-%OPENSSL_VER%\ |
| |
| > xcopy /E apr\include \deps-x86\apr-%APR_VER%\include\ |
| > xcopy /E apr\include \deps-x64\apr-%APR_VER%\include\ |
| |
| > copy apr\WIN7_X86_LIB_RELEASE\apr-1.lib \deps-x86\apr-%APR_VER%\lib |
| > copy apr\WIN7_X64_LIB_RELEASE\apr-1.lib \deps-x64\apr-%APR_VER%\lib |
| > xcopy /E openssl\include\openssl \deps-x86\openssl-%OPENSSL_VER%\include\openssl\ |
| > xcopy /E openssl\include\openssl \deps-x64\openssl-%OPENSSL_VER%\include\openssl\ |
| > copy openssl\out32-x86\*.lib \deps-x86\openssl-%OPENSSL_VER%\lib\ |
| > copy openssl\out32-x64\*.lib \deps-x64\openssl-%OPENSSL_VER%\lib\ |
| |
| > copy openssl\out32-x86\openssl.exe \deps-x86\openssl-%OPENSSL_VER%\ |
| > copy openssl\out32-x64\openssl.exe \deps-x64\openssl-%OPENSSL_VER%\ |
| |
| |
| 6. Build Tomcat Native |
| |
| > cd .. |
| >set JAVA_HOME=\java\jdk11 |
| |
| > c:\cmsc\setenv.bat x86 |
| > nmake -f NMAKEMakefile WITH_APR=C:\deps-x86\apr-%APR_VER% WITH_OPENSSL=C:\deps-x86\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1 ENABLE_OCSP=1 |
| > move WIN7_X86_DLL_RELEASE WIN7_X86_OCSP_DLL_RELEASE |
| > nmake -f NMAKEMakefile WITH_APR=C:\deps-x86\apr-%APR_VER% WITH_OPENSSL=C:\deps-x86\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1 |
| |
| > c:\cmsc\setenv.bat x64 |
| > nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER% WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1 ENABLE_OCSP=1 |
| > move WIN7_X64_DLL_RELEASE WIN7_X64_OCSP_DLL_RELEASE |
| > nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER% WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1 |
| |
| Tomcat Native Connector DLLs may then be found in native\WIN7_*_[OCSP_]DLL_RELEASE |
| |
| |
| FIPS |
| ==== |
| |
| No additional build steps are required. Configure OpenSSL to use the FIPS |
| certified provider as the default provider as described in the OpenSSL |
| documentation: |
| |
| https://www.openssl.org/docs/man3.0/man7/fips_module.html |