Solving Heartbleed issue on Tomcat with APR and OpenSSL. Compilation errors

windows tomcat openssl apr heartbleed-bug
fredrik.hjarner picture fredrik.hjarner · Apr 10, 2014 · Viewed 7.4k times · Source

I am running TeamCity on a Windows machine that uses Tomcat as a web server and uses Apache Portable Runtime (APR) and OpenSSL for SSL.

I have not managed to upgrade the version of OpenSSL to 1.0.1g, and I think the reason is because the Tomcat native library binary (tcnative-1.dll) (http://archive.apache.org/dist/tomcat/tomcat-connectors/native/1.1.29/binaries/tomcat-native-1.1.29-win32-bin.zip) contains both APR and version 1.0.1e of OpenSSL, and I can't find a new binary with 1.0.1.g.

I've tried to compile the Tomcat native library myself, but I get compilation errors when trying to compile the "libapr" project.

The compilation errors I get are:

Error   4   error LNK2019: unresolved external symbol __InterlockedIncrement referenced in function _apr_atomic_inc32@4 C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   5   error LNK2019: unresolved external symbol __InterlockedExchangeAdd referenced in function _apr_atomic_add32@8   C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   6   error LNK2019: unresolved external symbol __InterlockedExchange referenced in function _apr_atomic_set32@8  C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   7   error LNK2019: unresolved external symbol __InterlockedDecrement referenced in function _apr_atomic_dec32@4 C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   8   error LNK2019: unresolved external symbol __InterlockedCompareExchange referenced in function _apr_atomic_cas32@12  C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   9   error LNK1120: 5 unresolved externals   C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\Debug\libapr-1.dll   1   1   libapr

I am trying to compile in Visual Studio Ultimate 2013 (perhaps too new a version of Visual Studio?).

How do I fix this problem?

Has anyone successfully built Tomcat native library with OpenSSL 1.0.1.g?

Updates

I've set the "Platform Toolset" to v100 (as advised here https://groups.google.com/forum/#!topic/UniMRCP/Iybpn51UYnI) and the previous compilation errors went away, but now I get new ones:

Error   9   error C1083: Cannot open include file: 'apr.h': No such file or directory   C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\native\include\tcn.h 26  1   tcnative

More updates

I did manage to solve the compilation problems and build a tcnative-1.dll with OpenSSL 1.0.1g, and my TeamCity is up and running with the Heartbleed problem fixed! I am busy now. But please ask if you want a detailed description of the procedure.

Answer

fredrik.hjarner picture fredrik.hjarner · Apr 10, 2014

This is what I did.

I started off with Visual Studio 2013.

Install Visual C++ 2010 Express (http://go.microsoft.com/?linkid=9709949).

Install OpenSSL (http://slproweb.com/products/Win32OpenSSL.html), I chose "Win32 OpenSSL v1.0.1g".

Download Tomcat Native (http://apache.mirrors.spacedump.net//tomcat/tomcat-connectors/native/1.1.29/source/tomcat-native-1.1.29-win32-src.zip) Extract it somewhere.

Download APR source code (http://apache.mirrors.spacedump.net//apr/apr-1.5.0-win32-src.zip) Extract it and move it into the directory "tomcat-native-1.1.29-win32-src/jni". Rename it from "apr-1.5.0" directory to "apr", so that you have a "apr" folder in the "jni" folder.

Open up "tomcat-native-1.1.29-win32-src/jni/native/libtcnative.dsw" in Visual Studio 2013. It will make some conversions.

Change from "Debug" to "Release".

For projects "apr" and "tcnative". right click on them, go into Properties -> Configuration Properties. Set "Platform Toolset" to "v100".

Right click "tcnative" click Properties -> Configuration Properties -> C/C++ -> Additional Include Directories -> Edit

  • Change "./srclib/apr/include" to "../apr/include"
  • Change "./srclib/apr/include/arch/win32" to "../apr/include/arch/win32"
  • Add "C:\OpenSSL-Win32\include" (or wherever you installed OpenSSL).

Go to Configuration Properties -> Linker -> Input -> Additional Dependencies -> Edit

  • Change "libeay32.lib" to "libeay32MT.lib"
  • Change "ssleay32.lib" to "ssleay32MT.lib"

Go to Configuration Properties -> Linker -> Additional Library Directories -> Edit.

  • Add "C:\OpenSSL-Win32\lib\VC\static" (or wherever you installed OpenSSL).

Right click tcnative and click on Build.

After the build completes you will find "tcnative-1.dll"

inside "tomcat-native-1.1.29-win32-src\jni\native\LibR"

Related questions

Installing pfx SSL certificate in tomcat 8.5 on windows

I have wild card pfx certificate with its Intermediate certificate in p7b/crt format. Those certificate are installed on IIS 8.0. How to install those certificates in tomcat 8.0? Tomcat is installed on windows

Read More
How do I increase memory on Tomcat 7 when running as a Windows Service?

I am trying to run Tomcat 7 as a Windows Service (XP and Windows 7). I see places to set the -Xmx and -Xms jvm args in catalina.bat, but I'm not sure how to do it when using $CATALINA_HOME/bin/…

Read More
How do you know if Tomcat Server is installed on your PC

I am using Windows 7 OS. I just installed jaspersoft server which installed Apache Tomcat and mysql as a bundle along with it. I go to http://localhost:8080 and theres a message that says webpage is not available. I am a …

Read More