tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: APR with PKCS11 support
Date Wed, 06 Aug 2014 00:12:19 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sunaullah,

On 7/26/14, 4:50 AM, Sanaullah wrote:
> I tried that configuration but getting errrors.

I just want you to know that you haven't been forgotten: I'm on
vacation for a bit but I'd really like to take a look at this issue
when I return.

In the meantime, feel free to check out the tcnative code if you want
to see what is going on, or someone else could chime-in and give an
opinion (or -- *gasp* -- a proposed patch!).

Thanks,
- -chris

> NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR
> version 1.4.6. Jul 23, 2014 3:06:40 AM
> org.apache.catalina.core.AprLifecycleListener init INFO: APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true]. Jul 23, 2014 3:06:40 AM
> org.apache.catalina.core.AprLifecycleListener lifecycleEvent 
> SEVERE: Failed to initialize the SSLEngine. 
> org.apache.tomcat.jni.Error: 70023: This function has not been
> implemented on this platform at
> org.apache.tomcat.jni.SSL.initialize(Native Method) at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> 
at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> 
at java.lang.reflect.Method.invoke(Method.java:606)
> at 
> org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
>
> 
at
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
>
> 
at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>
> 
at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
>
> 
at
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
>
> 
at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99) 
> at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at
> org.apache.catalina.startup.Catalina.load(Catalina.java:663) at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> 
at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> 
at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) 
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
> 
> 
> 
> On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz < 
> chris@christopherschultz.net> wrote:
> 
> Sanaullah,
> 
> On 7/25/14, 9:16 AM, Sanaullah wrote:
>>>> httpd is working with HSM with addition of parameter 
>>>> SSLCryptoDevice=LunaCA  but when i try the same parameter in
>>>> tomEE. TomEE don't recognized this parameters.
>>>> 
>>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector}
>>>> Setting property 'SSLCryptoDevice' to 'LunaCA3' did not find
>>>> a matching property.
>>>> 
>>>> Any Idea?
> 
> Try setting SSLEngine="LunaCA3" instead of SSLEngine="on" in your:
> 
> <Listener class="org.apache.catalina.core.AprLifecycleListener" 
> SSLEngine="on" />
> 
> -chris
> 
>>>> On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz < 
>>>> chris@christopherschultz.net> wrote:
>>>> 
>>>> Sanaullah,
>>>> 
>>>> On 7/10/14, 4:19 AM, Sanaullah wrote:
>>>>>>> is there a way i can use pkcs11 supported
>>>>>>> SmartCard/token when using APR based SSL Connector in
>>>>>>> tomcat ? PEM encoded certificates and keys are stored
>>>>>>> in smartcard.
>>>>>>> 
>>>>>>> I know BIO/NIO connectors supported token/HSM but I am 
>>>>>>> looking for APR based connectors?
>>>> 
>>>> I'm no expert at such configurations, but since tcnative/APR
>>>> uses OpenSSL for its crypto engine, then it can do anything
>>>> OpenSSL can do. Have you been able to configure e.g. httpd to
>>>> use this kind of setup? If so, there ought to be a way to
>>>> make it happen using Tomcat's APR connector.
>>>> 
>>>> -chris
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>>
>>>>>
>
>>>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail:
>>>>> users-help@tomcat.apache.org
>>>>> 
>>>>> 
>>>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJT4XLjAAoJEBzwKT+lPKRYmFkP/2/C0lSRB17qjX3F3IC8CCUK
1ROyaFgdEMQHWtv6Ri9pKSTPhty60W69pDdz4WGTl7AYnrmkuzdaTA8OdG5RxrzM
iEgmhrj9VRJE8qEwsXkbaVNytcxG1guesygUH8RODOdlA9yfbamkpR8wWqFjXwwp
8xiFbEr+I6cIMliznEAwD1rtry4u+usFRVPPG892v1h6TLOp0I//TSq/7G4Iwmhs
9wnK+1acNlC4rAIgNI1fgXv/Rgel3nn9KIQk3y4KM7HGx0BVVOBu+Hl335wMv9N6
eNoQPe+v7/gfs6iADwG/ROPZcYU+4iRSzZeQjzu5E29NWJs7bD1/CtcxkPK9s9EW
MsXJ7u3CP+OPomtriS/5Vcceb2rS28JtjWbAtnbyu6T4lJmEsLcX4YaTTfBwoWd3
F2X8olHB7P+gPCSKZurkt8uNXOVKdpQgljWfJeqFsEyvyXArwk1OBKYHDBgt8uTE
ML9Jrcs5QDPFDi/3MXgU/QV/OKqCeNVdsntS51NJ8uVE9nTfqgy9e5fcQGJR7hYA
tqmzqwTbJvkfSouvxYuJIo04ZCFjMFrps8qhhO8eZ8AsCGU0U7T8hn1Y+BimNGp9
LEVt2TUm0OmnR3tFKDBXGozDLQ3Ql62BzvdugRE2UOQ6XoxaHWb+0u472Pwdk+A1
mnaWoqQDNYfJrS1A4XDp
=ASDY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message