Vert.x 3.3 and OpenSSL

Vladi Bar On

unread,

May 29, 2016, 10:45:11 AM5/29/16

to vert.x

Hi,

As you're mentioning in the groups, Vert.x 3.3 is going to support Open SSL.

I couldn't wait and took 3.3.SNAPSHOT to play with.

I provide the vertx with (what I think as) correct HttpServerOptions (complete with PemKeyCertOptions,which includes the Certificate and the Private Key in PEM format).

When the server attempts to start listening, I get the following exception:

2016-05-29 17:24:26.343 ERROR --- [ntloop-thread-1] io.vertx.core.impl.DeploymentManager : org/apache/tomcat/jni/CertificateVerifier

java.lang.NoClassDefFoundError: org/apache/tomcat/jni/CertificateVerifier

at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:410)

at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:391)

at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:265)

at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:422)

at io.vertx.core.net.impl.SSLHelper.validate(SSLHelper.java:430)

at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:219)

at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:181)

at com.blabla.HttpServerVerticle.start(HttpServerVerticle.java:373)

at io.vertx.core.AbstractVerticle.start(AbstractVerticle.java:111)

at io.vertx.core.impl.DeploymentManager.lambda$doDeploy$114(DeploymentManager.java:436)

at io.vertx.core.impl.DeploymentManager$$Lambda$24/1865219266.handle(Unknown Source)

at io.vertx.core.impl.ContextImpl.lambda$wrapTask$3(ContextImpl.java:359)

at io.vertx.core.impl.ContextImpl$$Lambda$25/859690270.run(Unknown Source)

at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:339)

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:374)

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:742)

at java.lang.Thread.run(Thread.java:745)

Caused by: java.lang.ClassNotFoundException: org.apache.tomcat.jni.CertificateVerifier

at java.net.URLClassLoader$1.run(URLClassLoader.java:372)

at java.net.URLClassLoader$1.run(URLClassLoader.java:361)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(URLClassLoader.java:360)

at java.lang.ClassLoader.loadClass(ClassLoader.java:424)

at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)

at java.lang.ClassLoader.loadClass(ClassLoader.java:357)

... 17 common frames omitted

I tried to add the following dependency to the my build:

compile 'org.apache.tomcat:tomcat-jni:8.5.2'

which, in turn led to demanding this one:

compile 'io.netty:netty-tcnative-boringssl-static:1.1.33.Fork17'

After all those dependencies in place, I get the following:

2016-05-29 17:43:38.681 ERROR  --- [ntloop-thread-1] io.vertx.core.impl.DeploymentManager     : failed to load the required native library
java.lang.UnsatisfiedLinkError: failed to load the required native library
	at io.netty.handler.ssl.OpenSsl.ensureAvailability(OpenSsl.java:177)
	at io.netty.handler.ssl.OpenSslContext.<init>(OpenSslContext.java:148)
	at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:343)
	at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:333)
	at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:410)
	at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:391)
	at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:265)
	at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:422)
	at io.vertx.core.net.impl.SSLHelper.validate(SSLHelper.java:430)
	at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:219)
	at io.vertx.core.http.impl.HttpServerImpl.listen(HttpServerImpl.java:181)
	at com.blabla.HttpServerVerticle.start(HttpServerVerticle.java:373)
	at io.vertx.core.AbstractVerticle.start(AbstractVerticle.java:111)
	at io.vertx.core.impl.DeploymentManager.lambda$doDeploy$114(DeploymentManager.java:436)
	at io.vertx.core.impl.DeploymentManager$$Lambda$24/249177573.handle(Unknown Source)
	at io.vertx.core.impl.ContextImpl.lambda$wrapTask$3(ContextImpl.java:359)
	at io.vertx.core.impl.ContextImpl$$Lambda$25/905080434.run(Unknown Source)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:339)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:374)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:742)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.UnsatisfiedLinkError: no provided in java.library.path
	at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1857)
	at java.lang.Runtime.loadLibrary0(Runtime.java:870)
	at java.lang.System.loadLibrary(System.java:1119)
	at org.apache.tomcat.jni.Library.<init>(Library.java:80)
	at org.apache.tomcat.jni.Library.initialize(Library.java:180)
	at io.netty.handler.ssl.OpenSsl.initializeTcNative(OpenSsl.java:243)
	at io.netty.handler.ssl.OpenSsl.<clinit>(OpenSsl.java:76)
	at io.vertx.core.net.impl.SSLHelper.createContext(SSLHelper.java:243)
	... 14 common frames omitted

After some research I came upon this page:

http://netty.io/wiki/forked-tomcat-native.html

Which suggests the following:

If you are on Linux, you probably don't need to do anything because you can install them using your system's package manager.
If you are on Mac, you have to install openssl package using Homebrew.
If you are on Windows, you have to:
Build APR by yourself,
Install OpenSSL for Windows, and
Add the directories that contain the .DLL files to %PATH%.
Still didn't try doing all this.

My question is - is it really that complicated? Or am I missing something?

Thanks,
Vladi

Julien Viet

unread,

May 29, 2016, 10:49:44 AM5/29/16

to ve...@googlegroups.com

Hi,

to simplify I would suggest to use the boring SSL implementation, it’s much easier on mac as the jar comes with the native osx libraries.

look at the HTTP/2 example:

https://github.com/vert-x3/vertx-examples/blob/3.3.0-SNAPSHOT/core-examples/src/main/java/io/vertx/example/core/http2/simple/Server.java

and you can look at the pom.xml configuration to see the jar lib used:

https://github.com/vert-x3/vertx-examples/blob/3.3.0-SNAPSHOT/core-examples/pom.xml#L19

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/eebeb59a-14a5-4f82-ad13-309ceadc417d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Vladi Bar On

unread,

May 29, 2016, 11:14:54 AM5/29/16

to vert.x

Hi again,

Thank you for the swift answer.

However the boring SSL library you suggested is exactly what I am already trying to use. I wrote it in my original message.

My code is pretty similar to the example you've provided (except for setUseAlpn(true), which I tried to add without success).

As I said previously, I am getting:

Caused by: java.lang.UnsatisfiedLinkError: no provided in java.library.path

(see full stack in my original message).

Vladi

Vladi Bar On

unread,

May 29, 2016, 11:23:28 AM5/29/16

to vert.x

I think I get what you mean.

Removing the

compile 'org.apache.tomcat:tomcat-jni:8.5.2'

dependency seems to have done the job.

Having bunch of other problems now, but this one seems to be gone.

Thanks!

Reply all

Reply to author

Forward