tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tcnative.dll apr-1.5.2-win32-src - unable to compile with openssl-1.0.2j-fips-x86_64
Date Tue, 17 Jan 2017 19:17:17 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Marcus,

On 1/15/17 10:27 PM, marcus presley wrote:
> I'm able to compile and generate the tcnative.dll, but now I
> receive the following error when starting Tomcat.
> 
> 
> 15-Jan-2017 19:21:20.624 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed
> to initialize the SSLEngine. java.lang.Exception:
> error:2D06B06F:FIPS
> routines:FIPS_check_incore_fingerprint:fingerprint does not match 
> at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)


Did you statically-link OpenSSL with tcnative.dll, or are you using a
shared-library for OpenSSL?

For OpenSSL-FIPS to work properly, it needs to be able to checksum
itself. Static-linking interferes with that.

Are you sure you need FIPS?

- -chris

> ________________________________ From: David Oswell
> <doswell@gmail.com> Sent: Sunday, January 15, 2017 12:46 PM To:
> Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src -
> unable to compile with openssl-1.0.2j-fips-x86_64
> 
> I was able to get it to work with VS2008 & Win DDK7 (7600.16385.1)
> , although for cmsc I had to add (was only working on x64 build); 
> %XCOPYD% "%WINDDK%\lib\win7\amd64" lib\amd64\ as some of the
> headers weren't the full variants from the other directories, while
> win7 was. I don't recall taht error when I was trying to get
> openssl to build, only encountered missing symbol/files issues.
> 
> On Sat, Jan 14, 2017 at 3:11 AM, Mark Thomas <markt@apache.org>
> wrote:
> 
>> On 13 January 2017 20:55:15 GMT+00:00, marcus presley < 
>> marcus_presley@hotmail.com> wrote:
>>> Hi Mark,
>>> 
>>> 
>>> I was able to work through the cmsc failed error.  I rebuilt
>>> my environment with Visual Studio 2010 and this resolved the
>>> issue.
>>> 
>>> 
>>> I'm experiencing another issue below, when I'm compiling the
>>> openssl source.
>>> 
>>> 
>>> error LNK2005: getenv already defined in MSVCRT.lib
>>> 
>>> 
>>> and
>>> 
>>> 
>>> warning LNK4098: defaultlib 'MSVCRT' conflicts with use of
>>> other libs; use /NODEFAULTLIB: library
>> 
>> I'm not 100% sure of my ground here so keep that in mind when you
>> read this reply.
>> 
>> The primary driver for the build environment described in the
>> wiki is to produce DLLs that depend only on msvcrt.dll and not on
>> any of the later versions. This simplifies distribution.
>> 
>> The only version of Visual Studio I managed to do this with was
>> VS6. And that was many years ago when I was trying to build
>> something to test with locally.
>> 
>> Later versions of visual studio always seemed to introduce a
>> dependency on a later version of msvcrt.dll
>> 
>> I can only recommend that you use the exact build environment set
>> out in the wiki. Once you step outside of that I'm on unfamiliar
>> ground. I'f you want something that you can use locally then I
>> can suggest enabling the option in that warning and see what
>> happens.
>> 
>> Mark
>> 
>>> 
>>> 
>>> 
>>> Marcus
>>> 
>>> 
>>> 
>>> 
>>> ________________________________ From: Mark Thomas
>>> <markt@apache.org> Sent: Thursday, January 12, 2017 6:42 PM To:
>>> Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src
>>> - unable to compile with openssl-1.0.2j-fips-x86_64
>>> 
>>> On 12/01/2017 22:48, marcus presley wrote:
>>>> Mark,
>>>> 
>>>> 
>>>> I am building the environment but the bat file is failing at
>>>> the
>>> following line:
>>>> 
>>>> 
>>>> set VSBaseDir=C:\cmsc-master\msvc popd if not exist
>>>> "%VSBaseDir%\bin\i386\lib.exe" goto Failed
>>>> 
>>>> 
>>>> I explicitly copied lib.exe the directory
>>>> "%VSBaseDir%\bin\i386", but
>>> I still receive the error.
>>> 
>>> I've never seen that error. Is VSBaseDir set correctly?
>>> 
>>> Mark
>>> 
>>> 
>>>> 
>>>> 
>>>> Marcus
>>>> 
>>>> 
>>>> 
>>>> ________________________________ From: marcus presley
>>>> <marcus_presley@hotmail.com> Sent: Thursday, January 12, 2017
>>>> 3:39 PM To: Tomcat Users List Subject: Re: Tcnative.dll
>>>> apr-1.5.2-win32-src - unable to compile
>>> with openssl-1.0.2j-fips-x86_64
>>>> 
>>>> Hi Mark,
>>>> 
>>>> 
>>>> Thanks for the guide.  Can I use Visual Studio 2015 or should
>>>> I use
>>> the versions you have outlined in guide?
>>>> 
>>>> 
>>>> Marcus
>>>> 
>>>> 
>>>> ________________________________ From: Mark Thomas
>>>> <markt@apache.org> Sent: Thursday, January 12, 2017 2:47 PM 
>>>> To: Tomcat Users List Subject: Re: Tcnative.dll
>>>> apr-1.5.2-win32-src - unable to compile
>>> with openssl-1.0.2j-fips-x86_64
>>>> 
>>>> On 12/01/2017 18:56, marcus presley wrote:
>>>>> Forum,
>>>>> 
>>>>> 
>>>>> I have been unsuccessful, trying to compile 'tcnative.dll'
>>>>> with
>>> Visual Studio 2015.
>>>> 
>>>> 
>>> https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows
>>> 
>>> Building the Tomcat Native Connector binaries for Windows 
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> cwiki.apache.org This page describes the process for building
>>> the Windows Native Connector for Windows. This is the native
>>> part of the APR/Native connector. These instructions assume
>>> ...
>>> 
>>> 
>>> 
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> 
>>> Building the Tomcat Native Connector binaries for Windows 
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> cwiki.apache.org This page describes the process for building
>>> the Windows Native Connector for Windows. This is the native
>>> part of the APR/Native connector. These instructions assume
>>> ...
>>> 
>>> 
>>> 
>>>> cwiki.apache.org This page describes the process for building
>>>> the Windows Native
>>> Connector for Windows. This is the native part of the
>>> APR/Native connector. These instructions assume ...
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> 
>>> Building the Tomcat Native Connector binaries for Windows 
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> cwiki.apache.org This page describes the process for building
>>> the Windows Native Connector for Windows. This is the native
>>> part of the APR/Native connector. These instructions assume
>>> ...
>>> 
>>> 
>>> 
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> 
>>> Building the Tomcat Native Connector binaries for Windows 
>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>> cwiki.apache.org This page describes the process for building
>>> the Windows Native Connector for Windows. This is the native
>>> part of the APR/Native connector. These instructions assume
>>> ...
>>> 
>>> 
>>> 
>>>> cwiki.apache.org This page describes the process for building
>>>> the Windows Native
>>> Connector for Windows. This is the native part of the
>>> APR/Native connector. These instructions assume ...
>>>> 
>>>> 
>>>> 
>>>> cwiki.apache.org This page describes the process for building
>>>> the Windows Native
>>> Connector for Windows. This is the native part of the
>>> APR/Native connector. These instructions assume ...
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Mark
>>>> 
>>>>> 
>>>>> 
>>>>> I have used several online forums including the
>>>>> instructions on
>>> Apache website
>>> (https://tomcat.apache.org/download-native.cgi).
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> 
>>>> Apache Tomcat® - Tomcat Native
>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> tomcat.apache.org Use the links below to download the Apache
>>>> Tomcat ® Native software
>>> from one of our mirrors. You must verify the integrity of the 
>>> downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Apache Tomcat® - Tomcat Native
>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> 
>>>> Apache Tomcat® - Tomcat Native
>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> tomcat.apache.org Use the links below to download the Apache
>>>> Tomcat ® Native software
>>> from one of our mirrors. You must verify the integrity of the 
>>> downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>> tomcat.apache.org Use the links below to download the Apache
>>>> Tomcat ® Native software
>>> from one of our mirrors. You must verify the integrity of the 
>>> downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> 
>>>>> I have been able to compile openssl-1.0.2j with FIPS, but I
>>>>> receive
>>> LNK Error when the tcnative.dll is being copiled.
>>>>> 
>>>>> 
>>>>> Marcus
>>>>> 
>>>>> Apache Tomcat® - Tomcat Native
>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> 
>>>> Apache Tomcat® - Tomcat Native
>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> tomcat.apache.org Use the links below to download the Apache
>>>> Tomcat ® Native software
>>> from one of our mirrors. You must verify the integrity of the 
>>> downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Apache Tomcat® - Tomcat Native
>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>> 
>>> Apache Tomcat® - Tomcat Native 
>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>> tomcat.apache.org Use the links below to download the Apache
>>> Tomcat ® Native software from one of our mirrors. You must
>>> verify the integrity of the downloaded files using ...
>>> 
>>> 
>>> 
>>>> tomcat.apache.org Use the links below to download the Apache
>>>> Tomcat ® Native software
>>> from one of our mirrors. You must verify the integrity of the 
>>> downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> tomcat.apache.org Use the links below to download the
>>>>> Apache Tomcat ® Native software
>>> from one of our mirrors. You must verify the integrity of the 
>>> downloaded files using ...
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> Marcus J. Presley
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> -------------------------------------------------------------------
- --
>>>>
>>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail:
>>>> users-help@tomcat.apache.org
>>>> 
>>>> 
>>> 
>>> 
>>> --------------------------------------------------------------------
- -
>>>
>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYfm29AAoJEBzwKT+lPKRYYRkP/R/7VuDzaxK6YtVoNgSPrNcw
AxAyIURRlriyFagiUcaqcSE6QMomgN/pox7OEkhkYfc6sFpkdra3g4bq8IljIOem
tKSuPcLIPOg5rnlItRVCehO3mNdJNsxBDFN+xq07q4iMafSHTohn35gU0dIYw1Xz
Bd2D6kBDCOkAQVBXrpp2MhOXEAEFUkHkn9l58id7/H6zQ+5/HTn4f0NtgMjDvCRv
liIVFT7MJ2eC3bgqeO8w2VVig3wChU1BhTUW/9JikHhXGmib8PXsTZZc8ZsEANeU
zgvcTg2eeUtE29H3G0VMAYmwtW5RVMPRMzYBno9XjYnKVcr2UZtJvjtsrT6Hh1k1
d/lnsggFjNPzGHK6MSM+Zcig3oIgo8zCEakhT7eut/7MPpETKRo+ApLHb1AbXSdn
1CCtlrFj+m+4/PgVUJH+L0Y+2WEOD6bhZGeBkaJkRapiLhfFl85+Bao+Nd0tpAR4
CAQhEyqVyLEG4nckfvUMPJYqDSGwUS/DwHTH+7kNsLVxZu6HVk8OLG1hAzygrzqa
BP3XgKWjJdzbSpel3YzKvpeZPyFMolWKr7mrThWhsKrsPLcULO0rvEdkecUJIkLh
5ZatClvcjQ5A8n61UUXdLjgxPqocHhiMx6Nnxnl/qN22zmcAcdZme94PQukBzLNb
ExNeG5YKfYT6ySctjDhb
=C3yf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message