tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1199980 - in /tomcat/trunk/java/org/apache: catalina/core/AprLifecycleListener.java catalina/core/LocalStrings.properties tomcat/jni/SSL.java
Date Wed, 09 Nov 2011 23:30:28 GMT
Konstantin,

On 11/9/11 2:24 PM, Konstantin Kolinko wrote:
> 2011/11/10 Mark Thomas <markt@apache.org>:
>>>> On 09/11/2011 21:34, schultz@apache.org wrote:
>>>>> Author: schultz Date: Wed Nov  9 21:34:31 2011 New Revision:
>>>>> 1199980
>>>>>
>>>>> URL: http://svn.apache.org/viewvc?rev=1199980&view=rev Log:
>>>>> Fixed bug #50570 - Allow explicit use of FIPS mode in APR
>>>>> lifecycle listener - Added "FIPSMode" attribute to
>>>>> AprLifecycleListener that causes OpenSSL to go into FIPS mode
>>>>
>>>> Isn't this dependent on an tcnative update?
>>>
>>> Yes, it is. I'm updating the documentation for AprLifecycleListener
>>> and I will mention the version dependency in there. If this is not
>>> yet appropriate to release, I can roll-back the patch.
>>
>> What happens if I try this with 1.1.22? If it blows up, that is bad.
>> If it logs an error, that is fine. If it silently carries on, that is bad.
>>
> 
> Just testing this.
> 
> If I do not set FIPSMode property, all is OK. No difference from
> previous behaviour.
> 
> If I set FIPSMode="on", the following happens
> 
> [[[
> 10-Nov-2011 01:13:59.484 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.init Loaded APR based
> Apache Tomcat Native library 1.1.22.
> 10-Nov-2011 01:13:59.500 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.init APR capabilities:
> IPv6 [false], sendfile [true], accept filters [false], random [true].
> 10-Nov-2011 01:13:59.937 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL
> Initializing FIPS mode...
> 10-Nov-2011 01:13:59.937 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.
>  java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.fipsModeSet(I)I
> 	at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)
> 	at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:248)
> 	at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:109)
> 	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> 	at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
> 	at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:389)
> 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
> 	at org.apache.catalina.startup.Catalina.load(Catalina.java:573)
> 	at org.apache.catalina.startup.Catalina.load(Catalina.java:598)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:597)
> 	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
> 	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
> (...)
> 10-Nov-2011 01:14:01.203 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 1030 ms
> ]]]
> 
> There is java.lang.UnsatisfiedLinkError (and not the
> IllegalStateException that the code throws).
> 
> Despite this error, Tomcat startup sequence continues.
> 
> I guess that from FIPS PoV the failure to initialize FIPS mode should
> be more fatal, regardless of its cause.
> Be it because of native lib returning error code or this tc-native
> version mismatch.
> Maybe even throw an error if SSLEngine was not "on". Now it just
> causes the FIPS mode to be ignored.
> 
> I do not know why UnsatisfiedLinkError error was not enough to break it.

Because the AprLifecycleListener's code looks like this:

        if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
            synchronized (lock) {
                init();
                if (aprAvailable) {
                    try {
                        initializeSSL();
                    } catch (Throwable t) {
                        ExceptionUtils.handleThrowable(t);
                        log.error(sm.getString("aprListener.sslInit"), t);
                    }
                }
            }


The error is caught, logged, and execution continues.

I did not feel that this was an appropriate patch to include changes to
exception handling within the AprLivecycleListener.

-chris


Mime
View raw message