On 2024/05/14 19:23:47 Andy Arismendi wrote: > Sure thing - > > ADDITIONAL ENVIRONMENT INFO: > > libtcnative: tcnative-1.dll is included in the Tomcat 9.0.89 64-bit Windows > zip download, not sure about the version... > OpenSSL version: 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) > (with FIPS 140-2)
Have a look at catalina.out, it should be 1.3.0, I guess. > Regarding expecting a directory of certificate hash files, I wasn’t aware of > this, assumed it would pick up CA cert PEM files in a directory. I would > however not expect this or an empty directory to crash the JVM however… Nope, it won't. See SSL_CTX_load_verify_locations at https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations.html: If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links. Please don't forget the log file. The issue is somewhere here: https://github.com/apache/tomcat-native/blob/43ddd1e8059528454110198ca0d7d191322beeaf/native/src/sslcontext.c#L673-L738 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
