[SOLVED] Solving Heartbleed issue on Tomcat with APR and OpenSSL. Compilation errors

Solving Heartbleed issue on Tomcat with APR and OpenSSL. Compilation errors

I am running TeamCity on a Windows machine that uses Tomcat as a web server and uses Apache Portable Runtime (APR) and OpenSSL for SSL.

I have not managed to upgrade the version of OpenSSL to 1.0.1g, and I think the reason is because the Tomcat native library binary (tcnative-1.dll) (http://archive.apache.org/dist/tomcat/tomcat-connectors/native/1.1.29/binaries/tomcat-native-1.1.29-win32-bin.zip) contains both APR and version 1.0.1e of OpenSSL, and I can't find a new binary with 1.0.1.g.

I've tried to compile the Tomcat native library myself, but I get compilation errors when trying to compile the "libapr" project.

The compilation errors I get are:

Error   4   error LNK2019: unresolved external symbol __InterlockedIncrement referenced in function _apr_atomic_inc32@4 C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   5   error LNK2019: unresolved external symbol __InterlockedExchangeAdd referenced in function _apr_atomic_add32@8   C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   6   error LNK2019: unresolved external symbol __InterlockedExchange referenced in function _apr_atomic_set32@8  C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   7   error LNK2019: unresolved external symbol __InterlockedDecrement referenced in function _apr_atomic_dec32@4 C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   8   error LNK2019: unresolved external symbol __InterlockedCompareExchange referenced in function _apr_atomic_cas32@12  C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\apr_atomic.obj   libapr
Error   9   error LNK1120: 5 unresolved externals   C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\apr\Debug\libapr-1.dll   1   1   libapr

I am trying to compile in Visual Studio Ultimate 2013 (perhaps too new a version of Visual Studio?).

How do I fix this problem?

Has anyone successfully built Tomcat native library with OpenSSL 1.0.1.g?

Updates

I've set the "Platform Toolset" to v100 (as advised here https://groups.google.com/forum/#!topic/UniMRCP/Iybpn51UYnI) and the previous compilation errors went away, but now I get new ones:

Error   9   error C1083: Cannot open include file: 'apr.h': No such file or directory   C:\Users\heartbleed\tomcat-native-1.1.29-win32-src\jni\native\include\tcn.h 26  1   tcnative

More updates

I did manage to solve the compilation problems and build a tcnative-1.dll with OpenSSL 1.0.1g, and my TeamCity is up and running with the Heartbleed problem fixed! I am busy now. But please ask if you want a detailed description of the procedure.

Solution

At present, the tcnative team has finished working on the next version which has the Heartbleed fix in. So one can get this version from Latest tcnative with heartbleed fix.

This version will soon be released officially.