2014-04-16 21:44 GMT+04:00 Cormier, Greg <greg.corm...@dfo-mpo.gc.ca>: > I have a Tomcat 7.0.30 server I'm trying to patch to resolve the heartbleed > exploit. > > I shut down the server and overwrite tcnative-1.dll with the recently > released version. > > When I restart tomcat, I get errors about the Java Key Store. > > Apr 16, 2014 9:36:07 AM org.apache.catalina.core.AprLifecycleListener init > INFO: The APR based Apache Tomcat Native library which allows optimal > performance in production environments was not found on the > java.library.path: D:\Tomcat > 7.0\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\OpenSSL-Win32\bin;;.
The above means that tcnative-1.dll was not found in the directories listed above. I would guess that you used a wrong DLL. It must match the CPU architecture of JRE/JDK that you are using. Is tcnative-1.dll file readable? > Apr 16, 2014 9:36:11 AM org.apache.coyote.AbstractProtocol init > INFO: Initializing ProtocolHandler ["http-bio-443"] > > Apr 16, 2014 9:36:12 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory > getStore > SEVERE: Failed to load keystore type JKS with path C:\/.keystore due to > C:\.keystore (The system cannot find the file specified) > java.io.FileNotFoundException: C:\.keystore (The system cannot find the file > specified) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.<init>(Unknown Source) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:400) > ... > > > I don't understand why I'm getting these, as I'm 99% sure I'm using APR and > not JSSE. > > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" Replace protocol="HTTP/1.1" with explicit protocol="org.apache.coyote.http11.Http11AprProtocol" The former auto-switches between BIO and APR. The latter explicitly uses the APR implementation. > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > SSLPassword="xxx" > SSLCertificateFile="xxx/server.crt" > SSLCertificateKeyFile="xxx/privkey.pem" > SSLCACertificateFile="xxx/server.crt" > SSLCertificateChainFile="xxx/server.crt" > Compression="on"/> > > I haven't setup any keystore, as I'm not using the Java Key store for this... > I'm not sure why the new version is trying to find a keystore despite this > fact. > Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
