Chris, Yes the version is the same in /usr/local/openssl/bin/openssl as well. It is the same version Tomcat uses,I get this info in the logs
23-May-2019 12:55:42.145 INFO [main] org.apache.catalina.core.AprLife cycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1a 20 Nov 2018] ________________________________ От: Christopher Schultz <ch...@christopherschultz.net> Отправлено: 23 мая 2019 г. 18:04:29 Кому: Усманов Азат Анварович Тема: Re: OCSP with openSSL Азат, On 5/22/19 14:02, Усманов Азат Анварович wrote: > [root] ~# openssl version > OpenSSL 1.1.1a 20 Nov 2018 Great. Is this also the same version in /usr/local/openssl/bin/openssl? > [root] ~# openssl ocsp -help > Usage: ocsp [options] Excellent. When you launch Tomcat, are you getting a message about the version of OpenSSL in use, and does it agree with above? AFAIK, OCSP is enabled by default in libtcnative. There were some posts a few months/years ago about someone trying to get it to work, and having to edit the JVM's security.properties file and all kinds of weird stuff. I must admit it didn't make any sense to me at the time. I'm sorry, but I don't personally have any experience with dealing with OCSP, but hopefully this additio0nal information will give someone else some good info. -chris > ________________________________ > От: Christopher Schultz <ch...@christopherschultz.net> > Отправлено: 22 мая 2019 г. 19:45 > Кому: users@tomcat.apache.org > Тема: Re: OCSP with openSSL > > Усманов, > > On 5/22/19 07:28, Усманов Азат Анварович wrote: >> Mark, I installed it just by downloading tcnative src tar.gz >> file from tomcat website and issued ./configure >> --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.7.0_79 >> -with-ssl=/usr/local/openssl && make && make install && make clean >> I'm not sure how to specify any ocsp related configure options >> when building tomcat native from source > > What is your OpenSSL version and capabilities? > > $ openssl version > > $ openssl -help > > $ openssl ocsp -help > > -chris > >> ________________________________ От: Mark Thomas >> <ma...@apache.org> Отправлено: 22 мая 2019 г. 13:41 Кому: >> users@tomcat.apache.org Тема: Re: OCSP with openSSL > >> On 22/05/2019 11:28, Усманов Азат Анварович wrote: >>> Hi everyone! I have a web app running on tomcat and java 7 using >>> apr for TLS related issues. I m still unable to have OCSP >>> verification working with tomcat. > >> <snip/> > >>> I have tried running tcpdump on the server but don't' see any >>> Comodo related IP addresses in the output when I access the >>> server in question in the browser. At this point I don't know >>> what else to do, If it was java I would just put some >>> System.out.println statements in OCSP SSL related source code and >>> recompile the tomcat source, but since in my case tomcat uses >>> OpenSSL and tomcat native I'm not sure how/where to do that. the >>> only places I found in the TC-native source that mentions OCSP >>> is sslutils.c source file. I'm not sure when/ if it is actually >>> gets called in my case. Maybe be someone with more c experience >>> c++ would help me with that. I really want to get to the bottom >>> of this. Any help is appreciated my tomcat version is 8.5.39 APR >>> based Apache Tomcat Native library [1.2.21] using APR version >>> [1.6.5]. Openssl version is [OpenSSL 1.1.1a 20 Nov 2018 OS: >>> Linux RHEL 6.6 > >> How did you build the Tomcat Native library? Was OCSP enabled? > >> Mark > >> --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
