================================================================================
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
================================================================================

Linux / Unix / OSX (dynamic linking)
====================================

1. Prerequisites

   Install OpenSSL version 3.0.0 or higher
   Install APR version 1.7.0 or higher.
   Download and expand the source package or use an git checkout

   > cd native

2. Configure build environment

   Note: This step is only required if you are building from an git checkout. It
         is not required when building from a source package.

   >  sh buildconf --with-apr=apr_source_location.

3. Build

   >  configure --with-apr=apr_install_location --with-ssl=openssl_install_location
   >  make

   This should produce a file named libtcnative-2.so


Linux / Unix / OSX (static linking)
===================================

1. Build static version of OpenSSL 3.0.0 or later

   > ./Configure --prefix=~/natives/openssl enable-fips
   > make
   > make install

2. Build static version of APR 1.7.0 or later

   > ./configure --prefix=~/natives/apr
   > make
   > make install

   Note: APR builds both static and dynamic libraries by default.

3. Ensure the static APR library is used

   Edit the ~/natives/apr/lib/libapr-1.la file and comment or delete the
   following sections: dlname='...' and library_names='...'
   This is needed so that libtool picks the static version of the library.

4. Build tc-native

   > ./configure --with-apr=~/natives/apr --with-ssl=~/natives/openssl --prefix=~/natives/tomcat
   > make
   > make install


Windows
=======

1. Prerequisites

   These steps assume a suitable build environment has been set up.
   https://cwiki.apache.org/confluence/display/TOMCAT/Common+Native+Build+Environment
   
2. Obtain tc-native source

   Download and expand the source package or use an git checkout

3. Build APR

   Unpack the APR source distribution into native\srclib\apr

   > c:\cmsc\setenv.bat x86 
   > nmake -f NMAKEmakefile BUILD_CPU=x86 APR_DECLARE_STATIC=1
 
   > c:\cmsc\setenv.bat x64
   > nmake -f NMAKEmakefile BUILD_CPU=x64 APR_DECLARE_STATIC=1

4. Build OpenSSL

   > cd ..\openssl

   Unpack the OpenSSL 3.0.x source distribution in this directory

   Apply openssl-msvcrt-3.0.x.patch. Note that you may need to skip and/or use an offset to get the patch to apply.

   > c:\cmsc\setenv.bat x86
   > perl Configure no-shared VC-WIN32
   > nmake
   > mkdir out32-x86
   > copy libssl.lib out32-x86\
   > copy libcrypto.lib out32-x86\
   > copy apps\openssl.exe out32-x86\
 
   > nmake clean

   > c:\cmsc\setenv.bat x64
   > perl Configure no-shared VC-WIN64A
   > nmake
   > mkdir out32-x64
   > copy libssl.lib out32-x64\
   > copy libcrypto.lib out32-x64\
   > copy apps\openssl.exe out32-x64\

5. Copy APR and OpenSSL to versioned directories

   Keeping the various libraries in versioned directories saves having to
   rebuild them next time if the version remains unchanged.    

   > cd ..
   > set OPENSSL_VER=3.0.0
   > set APR_VER=1.7.0
 
   > mkdir \deps-x86\apr-%APR_VER%\include
   > mkdir \deps-x86\apr-%APR_VER%\lib
   > mkdir \deps-x86\openssl-%OPENSSL_VER%\include
   > mkdir \deps-x86\openssl-%OPENSSL_VER%\lib
   > xcopy /E \deps-x86\apr-%APR_VER% \deps-x64\apr-%APR_VER%\
   > xcopy /E \deps-x86\openssl-%OPENSSL_VER% \deps-x64\openssl-%OPENSSL_VER%\
 
   > xcopy /E apr\include \deps-x86\apr-%APR_VER%\include\
   > xcopy /E apr\include \deps-x64\apr-%APR_VER%\include\
 
   > copy apr\WIN7_X86_LIB_RELEASE\apr-1.lib \deps-x86\apr-%APR_VER%\lib
   > copy apr\WIN7_X64_LIB_RELEASE\apr-1.lib \deps-x64\apr-%APR_VER%\lib
   > xcopy /E openssl\include\openssl \deps-x86\openssl-%OPENSSL_VER%\include\openssl\
   > xcopy /E openssl\include\openssl \deps-x64\openssl-%OPENSSL_VER%\include\openssl\
   > copy openssl\out32-x86\*.lib \deps-x86\openssl-%OPENSSL_VER%\lib\
   > copy openssl\out32-x64\*.lib \deps-x64\openssl-%OPENSSL_VER%\lib\

   > copy openssl\out32-x86\openssl.exe \deps-x86\openssl-%OPENSSL_VER%\
   > copy openssl\out32-x64\openssl.exe \deps-x64\openssl-%OPENSSL_VER%\

 
 6. Build Tomcat Native
 
   > cd ..
   >set JAVA_HOME=\java\jdk11

   > c:\cmsc\setenv.bat x86
   > nmake -f NMAKEMakefile WITH_APR=C:\deps-x86\apr-%APR_VER% WITH_OPENSSL=C:\deps-x86\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1 ENABLE_OCSP=1
   > move WIN7_X86_DLL_RELEASE WIN7_X86_OCSP_DLL_RELEASE
   > nmake -f NMAKEMakefile WITH_APR=C:\deps-x86\apr-%APR_VER% WITH_OPENSSL=C:\deps-x86\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1
 
   > c:\cmsc\setenv.bat x64
   > nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER% WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1 ENABLE_OCSP=1
   > move WIN7_X64_DLL_RELEASE WIN7_X64_OCSP_DLL_RELEASE
   > nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER% WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 OPENSSL_NEW_LIBS=1
 
   Tomcat Native Connector DLLs may then be found in native\WIN7_*_[OCSP_]DLL_RELEASE    


FIPS
====

No additional build steps are required. Configure OpenSSL to use the FIPS
certified provider as the default provider as described in the OpenSSL
documentation:

  https://www.openssl.org/docs/man3.0/man7/fips_module.html
