RE: TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

ble. tcnative of course does not care. I may still be doing something wrong, but I still haven't been able to get this switch to work. I added it to the LFLAGS set in the OpenSSL build, but libeay32.dll still gets rebased when running through tcnative. --Steve Nickels Ipswitch, Inc.

RE: TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

> specific to win32. > > That's a good point. Could you log that in Bugzilla as well? There are > (brief) building instructions on http://tomcat.apache.org/native-doc/ > but they should probably also be in the BUILDING file. Submitted bug 55114 for this. (https://issues.apache.org/bugzilla/show_bug.cgi?id=55114) > > If there's a good place to put a wiki page about this, let me know, > > and I can try to add something. > > Really anywhere under http://wiki.apache.org/tomcat/FAQ would be great. > If I were looking for information about this, I'm not sure where I'd look > first. > Perhaps under "Security"? If I get a chance, I'll try and add something here. --Steve Nickels Ipswitch, Inc.

RE: TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

ative-1.1.27-win32-src.zip appears to contain UNIX build instructions. This probably isn't appropriate, since the zip file is specific to win32. If there's a good place to put a wiki page about this, let me know, and I can try to add something. --Steve Nickels Ipswitch, Inc.

RE: TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

nd then turned on FIPS mode, and it worked. With my test application, the original base address was not being changed by the OS, according to process explorer, which is why it worked with the original build. Thanks for your help! --Steve Nickels, Ipswitch, Inc. > -Original M

RE: TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

oesn't seem to work unless libeay32.dll and ssleay32.dll are present, so I think that means OpenSSL is not statically linked. --Steve Nickels Ipswitch, Inc.

RE: TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

ee distributable files: libeay32.dll, ssleay32.dll, and openssl.exe. I copy the first two into Tomcat\bin, along with tcnative-1.dll, in order to make OpenSSL available to tcnative. It also results in libeay32.lib and ssleay32.lib, which are used in the tcnative compile process. --Steve

TCNative with FIPS OpenSSL throws fingerprint error in FIPS mode

t not when it is on. Is there anything special I need to do to correctly build tcnative to support a FIPS-compatible OpenSSL build with FIPSMode turned on in Tomcat? All this is using Tomcat 7.0.32, tcnative 1.1.27, APR 1.4.6, and OpenSSL both 1.0.1c and 1.0.1e, on 32-bit Windows Server 2008. Thanks! --Steve Nickels Ipswitch, Inc.