tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tcnative.dll apr-1.5.2-win32-src - unable to compile with openssl-1.0.2j-fips-x86_64
Date Thu, 19 Jan 2017 21:39:54 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Marcus,

On 1/19/17 4:30 PM, marcus presley wrote:
> I'm able to compile FIPS as DLL's

You mean APR and OpenSSL, right? Good.

> but when attempting to compile and make tcnative.dll, I receive an 
> error during compilation:
> 
> =======================================
> 
> libeay32.dll : fatal error LNK1107: invalid or corrupt file: cannot
> read at 0x390
> 
> NMAKE : fatal error U1077: c:\cmsc\msvc\bin\amd64\link.exe : return
> code '0x453'
> 
> Stop.

Hmm. I'm sorry, I've got very little experience with Microsoft's
toolchain.

I suspect that libeay32.dll isn't the library you should be linking
against... instead it should be either openssl.dll or libopenssl.dll.
Also remember to build as a shared library. Perhaps you are trying to
build a statically-linked library and it's trying to use the
shared-libraries for that purpose. That won't work, of course, and you
don't want to statically-link, anyway. (I don't think!).

- -chris

> ________________________________ From: marcus presley
> <marcus_presley@hotmail.com> Sent: Tuesday, January 17, 2017 4:53
> PM To: Tomcat Users List Subject: Re: Tcnative.dll
> apr-1.5.2-win32-src - unable to compile with
> openssl-1.0.2j-fips-x86_64
> 
> Chris,
> 
> 
> Yes, I must use FIPs.  The customer wants FIPs enabled with
> Tomcat.
> 
> 
> I believe its statically linked.
> 
> 
> 
> Here's the commands I used to build files.
> 
> =================
> 
> 
> openssl make command
> 
> nmake -f ms\nt.mak
> 
> 
> tcnative.dll make command
> 
> nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER%
> WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER%
> APR_DECLARE_STATIC=1
> 
> =================
> 
> Marcus ________________________________ From: Christopher Schultz
> <chris@christopherschultz.net> Sent: Tuesday, January 17, 2017 2:17
> PM To: Tomcat Users List Subject: Re: Tcnative.dll
> apr-1.5.2-win32-src - unable to compile with
> openssl-1.0.2j-fips-x86_64
> 
> Marcus,
> 
> On 1/15/17 10:27 PM, marcus presley wrote:
>> I'm able to compile and generate the tcnative.dll, but now I 
>> receive the following error when starting Tomcat.
> 
> 
>> 15-Jan-2017 19:21:20.624 SEVERE [main] 
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
>> Failed to initialize the SSLEngine. java.lang.Exception: 
>> error:2D06B06F:FIPS 
>> routines:FIPS_check_incore_fingerprint:fingerprint does not
>> match at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)
> 
> 
> Did you statically-link OpenSSL with tcnative.dll, or are you using
> a shared-library for OpenSSL?
> 
> For OpenSSL-FIPS to work properly, it needs to be able to checksum 
> itself. Static-linking interferes with that.
> 
> Are you sure you need FIPS?
> 
> -chris
> 
>> ________________________________ From: David Oswell 
>> <doswell@gmail.com> Sent: Sunday, January 15, 2017 12:46 PM To: 
>> Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src
>> - unable to compile with openssl-1.0.2j-fips-x86_64
> 
>> I was able to get it to work with VS2008 & Win DDK7
>> (7600.16385.1) , although for cmsc I had to add (was only working
>> on x64 build); %XCOPYD% "%WINDDK%\lib\win7\amd64" lib\amd64\ as
>> some of the headers weren't the full variants from the other
>> directories, while win7 was. I don't recall taht error when I was
>> trying to get openssl to build, only encountered missing
>> symbol/files issues.
> 
>> On Sat, Jan 14, 2017 at 3:11 AM, Mark Thomas <markt@apache.org> 
>> wrote:
> 
>>> On 13 January 2017 20:55:15 GMT+00:00, marcus presley < 
>>> marcus_presley@hotmail.com> wrote:
>>>> Hi Mark,
>>>> 
>>>> 
>>>> I was able to work through the cmsc failed error.  I rebuilt 
>>>> my environment with Visual Studio 2010 and this resolved the 
>>>> issue.
>>>> 
>>>> 
>>>> I'm experiencing another issue below, when I'm compiling the 
>>>> openssl source.
>>>> 
>>>> 
>>>> error LNK2005: getenv already defined in MSVCRT.lib
>>>> 
>>>> 
>>>> and
>>>> 
>>>> 
>>>> warning LNK4098: defaultlib 'MSVCRT' conflicts with use of 
>>>> other libs; use /NODEFAULTLIB: library
>>> 
>>> I'm not 100% sure of my ground here so keep that in mind when
>>> you read this reply.
>>> 
>>> The primary driver for the build environment described in the 
>>> wiki is to produce DLLs that depend only on msvcrt.dll and not
>>> on any of the later versions. This simplifies distribution.
>>> 
>>> The only version of Visual Studio I managed to do this with
>>> was VS6. And that was many years ago when I was trying to
>>> build something to test with locally.
>>> 
>>> Later versions of visual studio always seemed to introduce a 
>>> dependency on a later version of msvcrt.dll
>>> 
>>> I can only recommend that you use the exact build environment
>>> set out in the wiki. Once you step outside of that I'm on
>>> unfamiliar ground. I'f you want something that you can use
>>> locally then I can suggest enabling the option in that warning
>>> and see what happens.
>>> 
>>> Mark
>>> 
>>>> 
>>>> 
>>>> 
>>>> Marcus
>>>> 
>>>> 
>>>> 
>>>> 
>>>> ________________________________ From: Mark Thomas 
>>>> <markt@apache.org> Sent: Thursday, January 12, 2017 6:42 PM
>>>> To: Tomcat Users List Subject: Re: Tcnative.dll
>>>> apr-1.5.2-win32-src - unable to compile with
>>>> openssl-1.0.2j-fips-x86_64
>>>> 
>>>> On 12/01/2017 22:48, marcus presley wrote:
>>>>> Mark,
>>>>> 
>>>>> 
>>>>> I am building the environment but the bat file is failing
>>>>> at the
>>>> following line:
>>>>> 
>>>>> 
>>>>> set VSBaseDir=C:\cmsc-master\msvc popd if not exist 
>>>>> "%VSBaseDir%\bin\i386\lib.exe" goto Failed
>>>>> 
>>>>> 
>>>>> I explicitly copied lib.exe the directory 
>>>>> "%VSBaseDir%\bin\i386", but
>>>> I still receive the error.
>>>> 
>>>> I've never seen that error. Is VSBaseDir set correctly?
>>>> 
>>>> Mark
>>>> 
>>>> 
>>>>> 
>>>>> 
>>>>> Marcus
>>>>> 
>>>>> 
>>>>> 
>>>>> ________________________________ From: marcus presley 
>>>>> <marcus_presley@hotmail.com> Sent: Thursday, January 12,
>>>>> 2017 3:39 PM To: Tomcat Users List Subject: Re:
>>>>> Tcnative.dll apr-1.5.2-win32-src - unable to compile
>>>> with openssl-1.0.2j-fips-x86_64
>>>>> 
>>>>> Hi Mark,
>>>>> 
>>>>> 
>>>>> Thanks for the guide.  Can I use Visual Studio 2015 or
>>>>> should I use
>>>> the versions you have outlined in guide?
>>>>> 
>>>>> 
>>>>> Marcus
>>>>> 
>>>>> 
>>>>> ________________________________ From: Mark Thomas 
>>>>> <markt@apache.org> Sent: Thursday, January 12, 2017 2:47
>>>>> PM To: Tomcat Users List Subject: Re: Tcnative.dll 
>>>>> apr-1.5.2-win32-src - unable to compile
>>>> with openssl-1.0.2j-fips-x86_64
>>>>> 
>>>>> On 12/01/2017 18:56, marcus presley wrote:
>>>>>> Forum,
>>>>>> 
>>>>>> 
>>>>>> I have been unsuccessful, trying to compile
>>>>>> 'tcnative.dll' with
>>>> Visual Studio 2015.
>>>>> 
>>>>> 
>>>> https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows 
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> cwiki.apache.org This page describes the process for
>>>> building the Windows Native Connector for Windows. This is
>>>> the native part of the APR/Native connector. These
>>>> instructions assume ...
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Building the Tomcat Native Connector binaries for Windows
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows 
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> cwiki.apache.org This page describes the process for
>>>> building the Windows Native Connector for Windows. This is
>>>> the native part of the APR/Native connector. These
>>>> instructions assume ...
>>>> 
>>>> 
>>>> 
>>>>> cwiki.apache.org This page describes the process for
>>>>> building the Windows Native
>>>> Connector for Windows. This is the native part of the 
>>>> APR/Native connector. These instructions assume ...
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Building the Tomcat Native Connector binaries for Windows
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows 
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> cwiki.apache.org This page describes the process for
>>>> building the Windows Native Connector for Windows. This is
>>>> the native part of the APR/Native connector. These
>>>> instructions assume ...
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Building the Tomcat Native Connector binaries for Windows
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> 
>>>> Building the Tomcat Native Connector binaries for Windows 
>>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/
>>> Building+the+Tomcat+Native+Connector+binaries+for+Windows>
>>>> cwiki.apache.org This page describes the process for
>>>> building the Windows Native Connector for Windows. This is
>>>> the native part of the APR/Native connector. These
>>>> instructions assume ...
>>>> 
>>>> 
>>>> 
>>>>> cwiki.apache.org This page describes the process for
>>>>> building the Windows Native
>>>> Connector for Windows. This is the native part of the 
>>>> APR/Native connector. These instructions assume ...
>>>>> 
>>>>> 
>>>>> 
>>>>> cwiki.apache.org This page describes the process for
>>>>> building the Windows Native
>>>> Connector for Windows. This is the native part of the 
>>>> APR/Native connector. These instructions assume ...
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Mark
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> I have used several online forums including the 
>>>>>> instructions on
>>>> Apache website 
>>>> (https://tomcat.apache.org/download-native.cgi).
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Apache Tomcat® - Tomcat Native
>>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> tomcat.apache.org Use the links below to download the
>>>>> Apache Tomcat ® Native software
>>>> from one of our mirrors. You must verify the integrity of
>>>> the downloaded files using ...
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Apache Tomcat® - Tomcat Native
>>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Apache Tomcat® - Tomcat Native
>>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> tomcat.apache.org Use the links below to download the
>>>>> Apache Tomcat ® Native software
>>>> from one of our mirrors. You must verify the integrity of
>>>> the downloaded files using ...
>>>>> 
>>>>> 
>>>>> 
>>>>> tomcat.apache.org Use the links below to download the
>>>>> Apache Tomcat ® Native software
>>>> from one of our mirrors. You must verify the integrity of
>>>> the downloaded files using ...
>>>>> 
>>>>> 
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> I have been able to compile openssl-1.0.2j with FIPS, but
>>>>>> I receive
>>>> LNK Error when the tcnative.dll is being copiled.
>>>>>> 
>>>>>> 
>>>>>> Marcus
>>>>>> 
>>>>>> Apache Tomcat® - Tomcat Native
>>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Apache Tomcat® - Tomcat Native
>>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> tomcat.apache.org Use the links below to download the
>>>>> Apache Tomcat ® Native software
>>>> from one of our mirrors. You must verify the integrity of
>>>> the downloaded files using ...
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Apache Tomcat® - Tomcat Native
>>>> Downloads<https://tomcat.apache.org/download-native.cgi>
>>>> 
>>>> Apache Tomcat® - Tomcat Native 
>>>> Downloads<https://tomcat.apache.org/download-native.cgi> 
>>>> tomcat.apache.org Use the links below to download the Apache 
>>>> Tomcat ® Native software from one of our mirrors. You must 
>>>> verify the integrity of the downloaded files using ...
>>>> 
>>>> 
>>>> 
>>>>> tomcat.apache.org Use the links below to download the
>>>>> Apache Tomcat ® Native software
>>>> from one of our mirrors. You must verify the integrity of
>>>> the downloaded files using ...
>>>>> 
>>>>> 
>>>>> 
>>>>>> tomcat.apache.org Use the links below to download the 
>>>>>> Apache Tomcat ® Native software
>>>> from one of our mirrors. You must verify the integrity of
>>>> the downloaded files using ...
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> Marcus J. Presley
>>>>>> 
>>>>>> 
>>>>> 
>>>>> 
>>>>> ------------------------------------------------------------------
- -
>
>>>>> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYgTIqAAoJEBzwKT+lPKRYFFYP/0uIyiBb+ZGHjyFv5b125z+C
XBacUd9cpF0YvLb/utINT5MFQar95GD1H0mMBUqbl2sZzeJ0rNeISnYuycYNDCGW
dAdSkUBPuwzLIvitOfkwZysudh5Wkse8MQulwX+95qR72essR3AY8VOFx480dRcz
e7klzSbC8DTkJF6PUfi3Rzc6cPzRssTVVkC/nA9Q1ho++8M0dmMtUm889avIYNhd
BLzqPMYiiXG8eBQo4nnI1w2ia8cMTDk9Xj/11hW79CWvPEaRIvZzsc+EzvbHz0VB
0W8ESpIxFWF1Ef7BCdohxetS1Z9WZ9V0aNV837IHF/ULxA13Dpn1tVluTQMSi6NO
pY7wwTkZmRTyZShv9FdaYn37tX6wJVWXx57mD4LPC1c5anwkVg1AmNUwqnLODsu+
eIJ2djwIrJdJhUntyYmNG+LlFmlUkgGggqUJGnWoWN2WvvecTLVvEwpPjOzFJyPC
pEffEfI0rarwOGtg0LMl7bm8v3TFrcmFXDOIkpkfOk6lfHTmHB8cWzrauJDdeMV4
ULveQGoGhifZbilVLLNiaTVvOe6kfeKIphmWFQfqvjOMzRPvCI+Wd67Uxik2b0j5
mT5PUT0x68ChHqvVfM1oP7YYGTS7+Gms8IIjvYo4KLkVrgxZV5G/OsuMk5sfjjx7
VTbWM14KYelYZsPccWPN
=FlFs
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message