tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50570] Allow explicit use of FIPS mode in APR connector
Date Tue, 01 Feb 2011 22:53:35 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50570

--- Comment #8 from Christopher Schultz <chris@christopherschultz.net> 2011-02-01 17:53:33
EST ---
(From private email from CHris Beckey):

> I just zip'd together the source and attached it to the bug report.  The changes are
in:
> 
> org.apache.tomcat.core.AprLifecycleListener.java
> org.apache.tomcat.core.LocalStrings.properties
> org.apache.tomcat.jni.SSL.java
> org.apache.tomcat.jni.Library.java
> 
> and in tomcat native
> ssl.c
> 
> I modified the code in Library.java to load each of the (3) required libraries (APR,
libtcnative and libeay) explicitly rather than depending on references within the libs.  This
was for my debugging and is not required but it does make it explicit if one of them is missing.
> 
> The listener declaration in server.xml looks like this:
>   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"
FIPSMode="on" />
> 
> I was unsure whether to abort startup if FIPS was requested but did not initialize. I
think it is valid to refuse to continue in that case but didn't implement it that way.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message