tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1199980 - in /tomcat/trunk/java/org/apache: catalina/core/AprLifecycleListener.java catalina/core/LocalStrings.properties tomcat/jni/SSL.java
Date Thu, 10 Nov 2011 01:10:15 GMT
Konstantin,

On 11/9/11 3:39 PM, Konstantin Kolinko wrote:
> 2011/11/10 Christopher Schultz <chris@christopherschultz.net>:
>>>
>>> There is java.lang.UnsatisfiedLinkError (and not the
>>> IllegalStateException that the code throws).
>>>
>>> Despite this error, Tomcat startup sequence continues.
>>>
>>> I guess that from FIPS PoV the failure to initialize FIPS mode should
>>> be more fatal, regardless of its cause.
>>> Be it because of native lib returning error code or this tc-native
>>> version mismatch.
>>> Maybe even throw an error if SSLEngine was not "on". Now it just
>>> causes the FIPS mode to be ignored.
>>>
>>> I do not know why UnsatisfiedLinkError error was not enough to break it.
>>
>> Because the AprLifecycleListener's code looks like this:
>>
>>        if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
>>            synchronized (lock) {
>>                init();
>>                if (aprAvailable) {
>>                    try {
>>                        initializeSSL();
>>                    } catch (Throwable t) {
>>                        ExceptionUtils.handleThrowable(t);
>>                        log.error(sm.getString("aprListener.sslInit"), t);
>>                    }
>>                }
>>            }
>>
>>
>> The error is caught, logged, and execution continues.
>>
>> I did not feel that this was an appropriate patch to include changes to
>> exception handling within the AprLivecycleListener.
>>
> 
> Maybe add explicit FIPS mode status check below the above error
> handling? Something like:
> 
> if ("on".equalsIgnoreCase(FIPSMode) && !fipsModeActive) {
>   fail fatally;
> }

I could certainly do that, but I figured that the listener was written
such that it would not fail. I didn't want to alter that behavior just
to add FIPS support.

-chris


Mime
View raw message