| ================================================================================ |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ================================================================================ |
| |
| Linux / Unix / OSX (dynamic linking) |
| ==================================== |
| |
| 1. Prerequisites |
| |
| Install OpenSSL version 1.0.2 or higher |
| Install APR version 1.4.3 or higher. |
| Download and expand the source package or use an git checkout |
| |
| > cd native |
| |
| 2. Configure build environment |
| |
| Note: This step is only required if you are building from an git checkout. It |
| is not required when building from a source package. |
| |
| > sh buildconf --with-apr=apr_source_location. |
| |
| 3. Build |
| |
| > configure --with-apr=apr_install_location --with-ssl=openssl_install_location |
| > make |
| |
| This should produce a file named libtcnative-1.so |
| |
| Note: To build without SSL support use: |
| |
| > configure --disable-openssl --with-apr=apr_install_location |
| |
| |
| Linux / Unix / OSX (static linking) |
| =================================== |
| |
| 1. Build static version of OpenSSL 1.0.2 or later |
| |
| > ./Configure --prefix=~/natives/openssl no-shared -fPIC |
| > make |
| > make install_sw |
| |
| Note: For the Solaris platform you should use -KPIC instead -fPIC so that the |
| library is compiled with position independent code. |
| |
| 2. Build static version of APR 1.4.3 or later |
| |
| > ./configure --prefix=~/natives/apr |
| > make |
| > make install |
| |
| Note: APR builds both static and dynamic libraries by default. |
| |
| 3. Ensure the static APR library is used |
| |
| Edit the ~/natives/apr/lib/libapr-1.la file and comment or delete the |
| following sections: dlname='...' and library_names='...' |
| This is needed so that libtool picks the static version of the library. |
| |
| 4. Build tc-native |
| |
| > ./configure --with-apr=~/natives/apr --with-ssl=~/natives/openssl --prefix=~/natives/tomcat |
| > make |
| > make install |
| |
| |
| Windows |
| ======= |
| |
| 1. Prerequisites |
| |
| These steps assume a suitable build environment has been set up. |
| https://cwiki.apache.org/confluence/display/TOMCAT/Common+Native+Build+Environment |
| |
| 2. Obtain tc-native source |
| |
| Download and expand the source package or use an git checkout |
| |
| 3. Build APR |
| |
| Unpack the APR source distribution into native\srclib\apr |
| Apply apr-enable-ipv6.patch |
| |
| > c:\cmsc\setenv.bat /x86 |
| > nmake -f NMAKEmakefile BUILD_CPU=x86 APR_DECLARE_STATIC=1 |
| > mkdir WINXP_X86_LIB_RELEASE\include |
| > mkdir WINXP_X86_LIB_RELEASE\lib |
| > xcopy /E include WINXP_X86_LIB_RELEASE\include\ |
| > copy WINXP_X86_LIB_RELEASE\apr-1.lib WINXP_X86_LIB_RELEASE\lib |
| |
| > c:\cmsc\setenv.bat /x64 |
| > nmake -f NMAKEmakefile BUILD_CPU=x64 APR_DECLARE_STATIC=1 |
| > mkdir WINXP_X64_LIB_RELEASE\include |
| > mkdir WINXP_X64_LIB_RELEASE\lib |
| > xcopy /E include WINXP_X64_LIB_RELEASE\include\ |
| > copy WINXP_X64_LIB_RELEASE\apr-1.lib WINXP_X64_LIB_RELEASE\lib |
| |
| 4. Build OpenSSL |
| |
| Unpack the OpenSSL source distribution into native\srclib\openssl |
| Apply openssl-msvcrt.patch |
| |
| > c:\cmsc\setenv.bat /x86 |
| > perl Configure VC-WIN32 |
| > ms\do_nasm |
| > nmake -f ms\nt.mak |
| > mkdir release-x86 |
| > mkdir release-x86\include |
| > mkdir release-x86\lib |
| > xcopy /E inc32 release-x86\include\ |
| > copy out32\*.lib release-x86\lib\ |
| |
| > c:\cmsc\setenv.bat /x64 |
| > perl Configure VC-WIN64A |
| > ms\do_win64a |
| > nmake -f ms\nt.mak clean |
| > nmake -f ms\nt.mak |
| > mkdir release-x64 |
| > mkdir release-x64\include |
| > mkdir release-x64\lib |
| > xcopy /E inc32 release-x64\include\ |
| > copy out32\*.lib release-x64\lib\ |
| |
| 5. Build tc-native |
| |
| > SET JAVA_HOME=C:\Program Files\Java\jdk1.7.0_71 |
| |
| > c:\cmsc\setenv.bat /x86 |
| > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X86_LIB_RELEASE WITH_OPENSSL=srclib\openssl\release-x86 APR_DECLARE_STATIC=1 |
| |
| > c:\cmsc\setenv.bat /x64 |
| > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE WITH_OPENSSL=srclib\openssl\release-x64 APR_DECLARE_STATIC=1 |
| |
| Note: Use ENABLE_OCSP=1 to create OCSP enabled builds |
| |
| |
| Windows with FIPS |
| ================= |
| |
| The steps are broadly the same as the non-FIPS build with the following additions and changes. |
| |
| Note: The build process has only been verified with 64-bit Windows. The process |
| for 32-bit Windows should be very similar. |
| |
| 1. Build the FIPS object module |
| |
| This step should be completed immediately before building OpenSSL. |
| |
| Unpack the openssl-fips-2.0.x.tar.gz distribution into native\srclib\openssl-fips |
| The tar.gz contains symbolic links. Ensure you unpack the archive with a tool |
| that replaces these with the linked file or manually replace the symbolic |
| links with associated the linked file before continuing. |
| |
| > c:\cmsc\setenv.bat /x64 |
| > set FIPSDIR=%cd%\lib-x64 |
| > ms\do_fips |
| |
| 2. Modify the OpenSSL build configuration |
| |
| Add 'fips' to the OpenSSL build configuration |
| |
| > perl Configure VC-WIN64A fips |
| |
| 3. Test the OpenSSL build |
| |
| This step should be completed immediately after building OpenSSL. |
| |
| > SET OPENSSL_FIPS=1 |
| > openssl md5 openssl.exe |
| |
| This should fail since MD5 is disabled in FIPS mode. |
| |
| > SET OPENSSL_FIPS= |
| > openssl md5 openssl.exe |
| |
| This should work. |
| |
| 4. Modify the tc-native build configuration |
| |
| > c:\cmsc\setenv.bat /x64 |
| > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE WITH_OPENSSL=srclib\openssl\release-x64 WITH_FIPS=srclib\openssl-fips\lib-x64 APR_DECLARE_STATIC=1 |