> >>> I ran the openssl utility on the same system as Tomcat, and Process
> >>> Explorer shows that its copy of libeay32.dll stays at the correct
> >>> address. Additionally, I tested the FIPS-compatible libeay32.dll on
> >>> a different server with Tomcat, and had the same problem. This seems
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/18/13 12:58 PM, Steve Nickels wrote:
> Christopher Schultz wrote:
Do you think there are ways it could be improved? Better
error checking, etc.? I implemented it as simply as I
possibly could.
>>>
>>> The biggest problem
> >> Do you think there are ways it could be improved? Better error
> >> checking, etc.? I implemented it as simply as I possibly could.
> >
> > The biggest problem seems to be that something in Tomcat on Windows
> > is interfering with OpenSSL's normal base address request (0xFB0).
> > Normall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/13/13 5:27 PM, Steve Nickels wrote:
>>> I figured out the problem. The error was due to my system
>>> rebasing the libeay32.dll library from its desired base address
>>> of 0xFB0. According to OpenSSL documents, this is supposed
>>>
> > I figured out the problem. The error was due to my system rebasing the
> > libeay32.dll library from its desired base address of 0xFB0.
> > According to OpenSSL documents, this is supposed to generate a
> > specific error message of
> > FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELATED, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/13/13 1:57 PM, Steve Nickels wrote:
> I figured out the problem. The error was due to my system rebasing
> the libeay32.dll library from its desired base address of
> 0xFB0. According to OpenSSL documents, this is supposed to
> gene
essage-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Thursday, June 13, 2013 9:17 AM
> To: Tomcat Users List
> Subject: Re: TCNative with FIPS OpenSSL throws fingerprint error in FIPS
> mode
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> >> I notice that Tomcat distributes openssl.exe and not openssl.dll (or
> >> similar). Are you building openssl.exe or openssl.dll when you build
> >> OpenSSL?
> >
> > Building OpenSSL on Windows results in three distributable files:
> > libeay32.dll, ssleay32.dll, and openssl.exe. I copy the fir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/12/13 6:54 PM, Steve Nickels wrote:
>>> I'm fairly confident that the OpenSSL library I'm using is
>>> valid and uncorrupted (I've used a couple different copies: an
>>> existing set of binaries being used successfully in another
>>> pro
> > I'm fairly confident that the OpenSSL library I'm using is valid and
> > uncorrupted (I've used a couple different copies: an existing set of
> > binaries being used successfully in another product internally, and a
> > newly built version which I have successfully used the openssl utility
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steve,
On 6/11/13 6:51 PM, Steve Nickels wrote:
> I've been trying to compile tcnative on Windows with a
> FIPS-compatible build of OpenSSL. I've been successful building
> and running tcnative this way, at least until I turn on FIPS mode
> on the
Getting FIPS mode turned on and running is, unfortunately, far more complex
than getting the libs, or even building them, and installing them.
You need to follow the directions for building the FIPS module here:
http://www.openssl.org/docs/fips/fipsnotes.html
-and-
http://www.openssl.org/docs/fips
Hi all,
I've been trying to compile tcnative on Windows with a FIPS-compatible build of
OpenSSL. I've been successful building and running tcnative this way, at least
until I turn on FIPS mode on the AprLifecycleListener config in Tomcat.
When FIPSMode is set to "off", Tomcat works fine, and SS
13 matches
Mail list logo
