java-sdk解决漏洞升级netty-tcnative-openssl-static到2.0.75.Final版本后服务启动报错,提示failed to load the required native library
【问题分类】
- bug
- P2P网络相关(包含libp2p,liquid)
- 链账户身份与权限相关(证书问题、public、多签投票问题)
- 核心交易引擎相关(交易池、DAG)
- 共识相关
- 智能合约相关
- 存储相关
- SDK相关
- 长安链CMC工具
- 长安链管理台
- 长安链浏览器
- 长安链合约IDE
- 长安链web签名插件
- 跨链相关
- 轻节点相关
- 隐私计算相关
- 密码学相关
- 环境依赖
- 其他补充:
【问题描述】(请对问题进行描述,方便定位问题)
应用使用了java-sdk, 安全团队进行漏洞扫描时提示netty-handler需要升级到4.1.125.Final+,升级后服务器动出现异常,提示: 2026-03-05 2026-03-05 19:22:05.143 INFO 12 -- [main] ConditionEvaluationReportLoggingListener: 2026-03-05 Error starting Application Context. To displãy the conditions report re-run your application with 'debug' enabled. 2026-03-05 2026-03-05 19:22:05.166 ERROR 12 -- [main] o.s.boot.SpringApplication Application run failed 2026-03-05 java.lang.UnsatisfiedLinkError: failed to load the required native library 2026-03-05 at io.netty.handler.ssl.OpenSsl.ensureAvailability(OpenSsl.java:602) ~[netty-handler-4.1.125.Final. jar!/:4.1.125.Final] 2026-03-05 at io.netty.handler.ssl.Ss|Context.newClientContextinternal(Ss|Context.java:847) ~[netty-handler-4. 1.125.Final.jar!/:4.1.125.Final] 2026-03-05 at io.netty.handler.ssl.Ss|ContextBuilder.build(Ss|ContextBuilder.java:648) ~[netty-handler-4.1. 125.Final.jar!/:4.1.125.Final] 2026-03-05 at org.chainmaker.sdk.RpcServiceClient.initManagedChannel(RpcServiceClient.java:204) ~ [chainmaker-sdk-java-2.3.6.jar!/:2.3.6]
【相关日志文件】(如果有报错日志请贴图,或者上传附件)
升级具体操作步骤如下
编译netty-tcnative-openssl-static:2.0.75.Final,具体步骤如下:
1.克隆netty-tcnative
git clone ssh://git@gitlab.dg.com:10086/pd/jccpyazx/product/blockchainmgr/netty-tcnative.git- 下载tass
git clone https://github.com/jntass/TASSL-1.1.1.git- 下载apr
wget https://dlcdn.apache.org//apr/apr-1.7.6.tar.gz- 修改Dockerfile.opensuse内容, 新增apr、tassl编译安装步骤:
ARG opensuse_version=15.1
FROM --platform=linux/arm64 opensuse/leap:$opensuse_version
# needed to do again after FROM due to docker limitation
ARG opensuse_version
ARG java_version=1.8.0
ENV JAVA_VERSION $java_version
# install dependencies
# use openSSL 1.0.x for now, for highest compatibility
RUN zypper install --force-resolution --no-recommends --no-confirm \
apr-devel \
autoconf \
automake \
bzip2 \
cmake \
git \
glibc-devel \
gcc \
gcc-c++ \
go \
gpg2 \
gzip \
java-${JAVA_VERSION}-devel \
libopenssl-1_0_0-devel \
libtool \
lsb-release \
make \
ninja \
patch \
perl \
tar \
unzip \
wget \
which
COPY apr-1.7.6.tar.gz apr-1.7.6.tar.gz
COPY TASSL-1.1.1.tar.gz TASSL-1.1.1.tar.gz
RUN tar -xzf TASSL-1.1.1.tar.gz && \
cd TASSL-1.1.1 && \
./config --prefix=/usr/local/tassl no-shared && \
make && \
make install
RUN tar -xzf apr-1.7.6.tar.gz && \
cd apr-1.7.6 && \
./configure --prefix=/usr/local/apr && \
make && \
make install- 使用Dockerfile.opensuse构建基础镜像,并在基础镜像中编译安装apr、tassl
cd netty-tcnative/docker
docker build -t netty-tcnative-opensuse:opensuse-15.1-1.8 -f Dockerfile.opensuse .- 将apr、tassl解压到netty-tcnative避免重复下载
mkdir -p ./netty-tcnative/apr-source
tar -xzf apr-1.7.6.tar.gz -C ./netty-tcnative/apr-source --strip-components=1
mkdir -p ./netty-tcnative/openssl-source
tar -xzf TASSL-1.1.1.tar.gz -C ./netty-tcnative/openssl-source --strip-components=1- 修改netty-tcnative/pom.xml 、netty-tcnative/openssl-static/pom.xml中配置,替换apr、opensslHome目录: /usr/local/apr /code/apr-source
/usr/local/tassl /code/openssl-source
- 通过docker进行编译打包
docker compose -f docker/docker-compose.opensuse.yaml -f docker/docker-compose.opensuse-151.18.yaml run build【系统信息】(请填写系统信息,方便定位问题)
- chainmaker-go version * : [v2.3.7]
- **OS & version * : 麒麟sp10
- chainmaker-sdk-java version * : [2.3.6]