tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Усманов Азат Анварович <usma...@ieml.ru>
Subject RE: OCSP with openSSL
Date Wed, 22 May 2019 11:28:01 GMT
Mark,  I installed it  just   by  downloading  tcnative src  tar.gz file from tomcat  website
and issued  ./configure --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.7.0_79 -with-ssl=/usr/local/openssl
&& make && make install && make clean
I'm not sure  how to specify any ocsp related configure options  when building tomcat native
   from source

________________________________
От: Mark Thomas <markt@apache.org>
Отправлено: 22 мая 2019 г. 13:41
Кому: users@tomcat.apache.org
Тема: Re: OCSP with openSSL

On 22/05/2019 11:28, Усманов Азат Анварович wrote:
> Hi everyone! I have a web app running on tomcat and java 7 using apr for TLS related
issues. I m still unable to have OCSP verification working with tomcat.

<snip/>

>  I have tried running tcpdump on the server but don't' see any Comodo related IP addresses
in the output when I access the server in question in the browser.
> At this point I don't know what else to do, If it was java I would just put some System.out.println
statements in OCSP SSL related source code and recompile the tomcat source, but since in my
case tomcat uses OpenSSL and tomcat native I'm not sure how/where to do that. the only places
I found in the TC-native source that mentions OCSP  is sslutils.c  source file. I'm not sure
when/ if it is actually gets called in my case. Maybe be someone with more c experience c++
would help me with that.  I really want to get to the bottom of this. Any help is appreciated
>  my tomcat version  is 8.5.39
>  APR based Apache Tomcat Native library [1.2.21] using APR version [1.6.5].
> Openssl version is [OpenSSL 1.1.1a  20 Nov 2018
> OS: Linux RHEL 6.6

How did you build the Tomcat Native library? Was OCSP enabled?

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message