SpringBoot 2.1.1配置HTTPS后启动时出现java.lang.UnsatisfiedLinkError解决方法

问题复现:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.1.1.RELEASE)

2019-01-06 19:13:18.455  INFO 6407 --- [           main] c.y.g.GoogleTranslateProxyApplication    : Starting GoogleTranslateProxyApplication v1 on iZ018i7q11hufgZ with PID 6407 (/root/springboot/google-translate-proxy-1-tomcat-9.0.13.jar started by root in /root/springboot)
2019-01-06 19:13:18.459  INFO 6407 --- [           main] c.y.g.GoogleTranslateProxyApplication    : No active profile set, falling back to default profiles: default
2019-01-06 19:13:21.608  INFO 6407 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8082 (https)
2019-01-06 19:13:21.648  INFO 6407 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2019-01-06 19:13:21.655  INFO 6407 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/9.0.13
2019-01-06 19:13:21.677  INFO 6407 --- [           main] o.a.catalina.core.AprLifecycleListener   : An older version [1.2.17] of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [1.2.18]
2019-01-06 19:13:21.678  INFO 6407 --- [           main] o.a.catalina.core.AprLifecycleListener   : Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.4.8].
2019-01-06 19:13:21.678  INFO 6407 --- [           main] o.a.catalina.core.AprLifecycleListener   : APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
2019-01-06 19:13:21.678  INFO 6407 --- [           main] o.a.catalina.core.AprLifecycleListener   : APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
2019-01-06 19:13:21.685  INFO 6407 --- [           main] o.a.catalina.core.AprLifecycleListener   : OpenSSL successfully initialized [OpenSSL 1.0.2k-fips  26 Jan 2017]
2019-01-06 19:13:21.914  INFO 6407 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2019-01-06 19:13:21.914  INFO 6407 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 3271 ms
2019-01-06 19:13:22.434  INFO 6407 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2019-01-06 19:13:23.642  INFO 6407 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8082 (https) with context path ''
2019-01-06 19:13:23.656  INFO 6407 --- [           main] c.y.g.GoogleTranslateProxyApplication    : Started GoogleTranslateProxyApplication in 6.267 seconds (JVM running for 7.169)
2019-01-06 19:13:47.615 ERROR 6407 --- [nio-8082-exec-3] org.apache.tomcat.util.net.NioEndpoint   : 

java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
        at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.8.0_192]
        at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_192]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_192]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.lang.Thread.run(Thread.java:748) [na:1.8.0_192]

2019-01-06 19:13:47.618 ERROR 6407 --- [nio-8082-exec-4] org.apache.tomcat.util.net.NioEndpoint   : 

java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
        at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.8.0_192]
        at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_192]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_192]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.lang.Thread.run(Thread.java:748) [na:1.8.0_192]

^C2019-01-06 19:42:19.810  INFO 6407 --- [       Thread-3] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'applicationTaskExecutor'

Spring Boot 2.1.1版本,配置完HTTPS后启动,启动过程中没有出现什么异常信息,但是浏览器无法访问并且一访问立马报了上面日志中的第二和第三段异常信息。
于是二话不说,直接谷歌搜索“springboot java.lang.UnsatisfiedLinkError:org.apache.tomcat.jni.SSL.renegotiatePending(J)I”,从第一个stackoverflow里面的回答 就找到了解决方案(果然还是谷歌大法好!),主要是两种:

1.在pom.xml里指定tomcat的版本,覆盖springboot的默认配置

Spring Boot 2.1.1集成的Tomcat 从9.0.12升级到了9.0.13。所以想继续使用9.0.12版本的话直接在properties下面指定tomcat.version为9.0.12就行了

1
2
3
<properties>
    <tomcat.version>9.0.12</tomcat.version>
</properties>

或者用Spring Boot 2.1.0的版本也行,但这毕竟不是长久之计,我们总不能都一直用着旧版本的吧

2.手动编译安装tomcat-native

如果你用的是CentOS你会发现epel源里面有已经有现成的tomcat-native包,但它的版本是1.2.17的,Spring Boot 2.1.1版本如果配置HTTPS的话,就必须至少是1.2.18版本的,而epel源目前还没有更新至1.2.18版本,所以只能手动编译安装了

官网下载源码,目前最新的版本是1.2.19

如果已经通过yum源安装了把就先卸载安装的旧版本 

1
yum remove -y tomcat-native

按照官方的手册,先安装必要的依赖:

1
yum install apr-devel openssl-devel -y

解压,进入相应目录

1
2
3
4
cd /tmp
tar -zxvf tomcat-native-1.2.19-src.tar.gz
cd tomcat-native-1.2.19-src/native
mkdir ../output

configure

1
2
3
4
./configure --with-apr=/usr/bin/apr-1-config \
            --with-java-home=/usr/jdk1.8.0_192/ \
            --with-ssl=yes \
            --prefix=/tmp/tomcat-native-1.2.19-src/output

其中–with-java-home后面指定JDK的路径。理论上所有JDK都可以,但建议使用与Tomcat一起使用的JVM相同的JVM版本。
–prefix指定编译后生成的文件的位置

编译安装

1
make && make install

编译完成后生成文件的目录结构大概是这样的:

image
我们只需要把libtcnative-1.a libtcnative-1.la libtcnative-1.so libtcnative-1.so.0 libtcnative-1.so.0.2.19这几个文件拷到/usr/lib64就可以了 

1
2
3
cd /tmp/tomcat-native-1.2.19-src/output/lib
ls
cp libtcnative-1.a  libtcnative-1.la  libtcnative-1.so  libtcnative-1.so.0  libtcnative-1.so.0.2.19 /usr/lib64

再次启动,可以看到springboot成功的加载了最新版本的tomcat-native

image

浏览器端也能正常访问了

image

附:

springboot配置HTTPS: 

1
2
3
#pem生成jks
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out fullchain_and_key.p12 -name test -passout pass:123456
keytool -importkeystore -deststorepass 123456 -destkeystore test.jks -srckeystore fullchain_and_key.p12 -srcstorepass 123456  -alias test  -srcstoretype PKCS12

fullchain.pem和privkey.pem,正常配置apache的HTTPS会用到的2个文件,一个私钥文件和一个证书文件,可以在letsencrypt免费申请

在application.properties中配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
security.require-ssl = true
server.ssl.key-store=/root/test.jks
server.ssl.key-store-password=test
server.ssl.key-store-type=jks
server.ssl.key-alias:test
```  
也可以直接用第一步生成的pkcs12文件  
```bash
security.require-ssl = true
server.ssl.key-store=/root/fullchain_and_key.p12
server.ssl.key-store-password=test
server.ssl.key-store-type=PKCS12
server.ssl.key-alias:test

小技巧:

vim 可以直接修改修改jar包的文本文件

需要在Linux下安装zip,unzip

1
yum install -y unzip zip

就像这样:

image
这样就可以在服务器里直接修改jar包里的一些配置文件或者是静态资源,省的本地再重新打包上传了,很方便啊有木有?

扫一扫,分享到微信

微信分享二维码
本站总访问量:

tag:

animation:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

很惭愧<br><br>只做了一点微小的工作<br>谢谢大家