Chris,
I'm able to compile FIPS as DLL's, but when attempting to compile and make tcnative.dll, I receive an error during compilation: ======================================= libeay32.dll : fatal error LNK1107: invalid or corrupt file: cannot read at 0x390 NMAKE : fatal error U1077: c:\cmsc\msvc\bin\amd64\link.exe : return code '0x453' Stop. ======================================= Marcus ________________________________ From: marcus presley <marcus_pres...@hotmail.com> Sent: Tuesday, January 17, 2017 4:53 PM To: Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src - unable to compile with openssl-1.0.2j-fips-x86_64 Chris, Yes, I must use FIPs. The customer wants FIPs enabled with Tomcat. I believe its statically linked. Here's the commands I used to build files. ================= openssl make command nmake -f ms\nt.mak tcnative.dll make command nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER% WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER% APR_DECLARE_STATIC=1 ================= Marcus ________________________________ From: Christopher Schultz <ch...@christopherschultz.net> Sent: Tuesday, January 17, 2017 2:17 PM To: Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src - unable to compile with openssl-1.0.2j-fips-x86_64 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Marcus, On 1/15/17 10:27 PM, marcus presley wrote: > I'm able to compile and generate the tcnative.dll, but now I > receive the following error when starting Tomcat. > > > 15-Jan-2017 19:21:20.624 SEVERE [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed > to initialize the SSLEngine. java.lang.Exception: > error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not match > at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method) Did you statically-link OpenSSL with tcnative.dll, or are you using a shared-library for OpenSSL? For OpenSSL-FIPS to work properly, it needs to be able to checksum itself. Static-linking interferes with that. Are you sure you need FIPS? - -chris > ________________________________ From: David Oswell > <dosw...@gmail.com> Sent: Sunday, January 15, 2017 12:46 PM To: > Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src - > unable to compile with openssl-1.0.2j-fips-x86_64 > > I was able to get it to work with VS2008 & Win DDK7 (7600.16385.1) > , although for cmsc I had to add (was only working on x64 build); > %XCOPYD% "%WINDDK%\lib\win7\amd64" lib\amd64\ as some of the > headers weren't the full variants from the other directories, while > win7 was. I don't recall taht error when I was trying to get > openssl to build, only encountered missing symbol/files issues. > > On Sat, Jan 14, 2017 at 3:11 AM, Mark Thomas <ma...@apache.org> > wrote: > >> On 13 January 2017 20:55:15 GMT+00:00, marcus presley < >> marcus_pres...@hotmail.com> wrote: >>> Hi Mark, >>> >>> >>> I was able to work through the cmsc failed error. I rebuilt >>> my environment with Visual Studio 2010 and this resolved the >>> issue. >>> >>> >>> I'm experiencing another issue below, when I'm compiling the >>> openssl source. >>> >>> >>> error LNK2005: getenv already defined in MSVCRT.lib >>> >>> >>> and >>> >>> >>> warning LNK4098: defaultlib 'MSVCRT' conflicts with use of >>> other libs; use /NODEFAULTLIB: library >> >> I'm not 100% sure of my ground here so keep that in mind when you >> read this reply. >> >> The primary driver for the build environment described in the >> wiki is to produce DLLs that depend only on msvcrt.dll and not on >> any of the later versions. This simplifies distribution. >> >> The only version of Visual Studio I managed to do this with was >> VS6. And that was many years ago when I was trying to build >> something to test with locally. >> >> Later versions of visual studio always seemed to introduce a >> dependency on a later version of msvcrt.dll >> >> I can only recommend that you use the exact build environment set >> out in the wiki. Once you step outside of that I'm on unfamiliar >> ground. I'f you want something that you can use locally then I >> can suggest enabling the option in that warning and see what >> happens. >> >> Mark >> >>> >>> >>> >>> Marcus >>> >>> >>> >>> >>> ________________________________ From: Mark Thomas >>> <ma...@apache.org> Sent: Thursday, January 12, 2017 6:42 PM To: >>> Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src >>> - unable to compile with openssl-1.0.2j-fips-x86_64 >>> >>> On 12/01/2017 22:48, marcus presley wrote: >>>> Mark, >>>> >>>> >>>> I am building the environment but the bat file is failing at >>>> the >>> following line: >>>> >>>> >>>> set VSBaseDir=C:\cmsc-master\msvc popd if not exist >>>> "%VSBaseDir%\bin\i386\lib.exe" goto Failed >>>> >>>> >>>> I explicitly copied lib.exe the directory >>>> "%VSBaseDir%\bin\i386", but >>> I still receive the error. >>> >>> I've never seen that error. Is VSBaseDir set correctly? >>> >>> Mark >>> >>> >>>> >>>> >>>> Marcus >>>> >>>> >>>> >>>> ________________________________ From: marcus presley >>>> <marcus_pres...@hotmail.com> Sent: Thursday, January 12, 2017 >>>> 3:39 PM To: Tomcat Users List Subject: Re: Tcnative.dll >>>> apr-1.5.2-win32-src - unable to compile >>> with openssl-1.0.2j-fips-x86_64 >>>> >>>> Hi Mark, >>>> >>>> >>>> Thanks for the guide. Can I use Visual Studio 2015 or should >>>> I use >>> the versions you have outlined in guide? >>>> >>>> >>>> Marcus >>>> >>>> >>>> ________________________________ From: Mark Thomas >>>> <ma...@apache.org> Sent: Thursday, January 12, 2017 2:47 PM >>>> To: Tomcat Users List Subject: Re: Tcnative.dll >>>> apr-1.5.2-win32-src - unable to compile >>> with openssl-1.0.2j-fips-x86_64 >>>> >>>> On 12/01/2017 18:56, marcus presley wrote: >>>>> Forum, >>>>> >>>>> >>>>> I have been unsuccessful, trying to compile 'tcnative.dll' >>>>> with >>> Visual Studio 2015. >>>> >>>> >>> https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows >>> >>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> cwiki.apache.org This page describes the process for building >>> the Windows Native Connector for Windows. This is the native >>> part of the APR/Native connector. These instructions assume >>> ... >>> >>> >>> >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> >>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> cwiki.apache.org This page describes the process for building >>> the Windows Native Connector for Windows. This is the native >>> part of the APR/Native connector. These instructions assume >>> ... >>> >>> >>> >>>> cwiki.apache.org This page describes the process for building >>>> the Windows Native >>> Connector for Windows. This is the native part of the >>> APR/Native connector. These instructions assume ... >>>> >>>> >>>> >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> >>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> cwiki.apache.org This page describes the process for building >>> the Windows Native Connector for Windows. This is the native >>> part of the APR/Native connector. These instructions assume >>> ... >>> >>> >>> >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> >>> Building the Tomcat Native Connector binaries for Windows >>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>> cwiki.apache.org This page describes the process for building >>> the Windows Native Connector for Windows. This is the native >>> part of the APR/Native connector. These instructions assume >>> ... >>> >>> >>> >>>> cwiki.apache.org This page describes the process for building >>>> the Windows Native >>> Connector for Windows. This is the native part of the >>> APR/Native connector. These instructions assume ... >>>> >>>> >>>> >>>> cwiki.apache.org This page describes the process for building >>>> the Windows Native >>> Connector for Windows. This is the native part of the >>> APR/Native connector. These instructions assume ... >>>> >>>> >>>> >>>> >>>> Mark >>>> >>>>> >>>>> >>>>> I have used several online forums including the >>>>> instructions on >>> Apache website >>> (https://tomcat.apache.org/download-native.cgi). >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> >>>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software >>> from one of our mirrors. You must verify the integrity of the >>> downloaded files using ... >>>> >>>> >>>> >>>> >>>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> >>>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software >>> from one of our mirrors. You must verify the integrity of the >>> downloaded files using ... >>>> >>>> >>>> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software >>> from one of our mirrors. You must verify the integrity of the >>> downloaded files using ... >>>> >>>> >>>> >>>>> >>>>> >>>>> I have been able to compile openssl-1.0.2j with FIPS, but I >>>>> receive >>> LNK Error when the tcnative.dll is being copiled. >>>>> >>>>> >>>>> Marcus >>>>> >>>>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> >>>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software >>> from one of our mirrors. You must verify the integrity of the >>> downloaded files using ... >>>> >>>> >>>> >>>> >>>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> >>> Apache Tomcat® - Tomcat Native >>> Downloads<https://tomcat.apache.org/download-native.cgi> >>> tomcat.apache.org Use the links below to download the Apache >>> Tomcat ® Native software from one of our mirrors. You must >>> verify the integrity of the downloaded files using ... >>> >>> >>> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software >>> from one of our mirrors. You must verify the integrity of the >>> downloaded files using ... >>>> >>>> >>>> >>>>> tomcat.apache.org Use the links below to download the >>>>> Apache Tomcat ® Native software >>> from one of our mirrors. You must verify the integrity of the >>> downloaded files using ... >>>>> >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Marcus J. Presley >>>>> >>>>> >>>> >>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: >>>> users-h...@tomcat.apache.org >>>> >>>> >>> >>> >>> -------------------------------------------------------------------- - - >>> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYfm29AAoJEBzwKT+lPKRYYRkP/R/7VuDzaxK6YtVoNgSPrNcw AxAyIURRlriyFagiUcaqcSE6QMomgN/pox7OEkhkYfc6sFpkdra3g4bq8IljIOem tKSuPcLIPOg5rnlItRVCehO3mNdJNsxBDFN+xq07q4iMafSHTohn35gU0dIYw1Xz Bd2D6kBDCOkAQVBXrpp2MhOXEAEFUkHkn9l58id7/H6zQ+5/HTn4f0NtgMjDvCRv liIVFT7MJ2eC3bgqeO8w2VVig3wChU1BhTUW/9JikHhXGmib8PXsTZZc8ZsEANeU zgvcTg2eeUtE29H3G0VMAYmwtW5RVMPRMzYBno9XjYnKVcr2UZtJvjtsrT6Hh1k1 d/lnsggFjNPzGHK6MSM+Zcig3oIgo8zCEakhT7eut/7MPpETKRo+ApLHb1AbXSdn 1CCtlrFj+m+4/PgVUJH+L0Y+2WEOD6bhZGeBkaJkRapiLhfFl85+Bao+Nd0tpAR4 CAQhEyqVyLEG4nckfvUMPJYqDSGwUS/DwHTH+7kNsLVxZu6HVk8OLG1hAzygrzqa BP3XgKWjJdzbSpel3YzKvpeZPyFMolWKr7mrThWhsKrsPLcULO0rvEdkecUJIkLh 5ZatClvcjQ5A8n61UUXdLjgxPqocHhiMx6Nnxnl/qN22zmcAcdZme94PQukBzLNb ExNeG5YKfYT6ySctjDhb =C3yf -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
