On 18/10/2014 3:07 AM, Arthur Ramsey wrote:
> Hello,
>
> I want to disable SSLv3 for a tomcat / tcnative deployment on
> Windows. Tomcat lacks the ability to disable SSLv3 while retaining
> TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time
> with no-ssl3. This was successful on Linux, but not on Windows. I
> was able to build on Windows with the following procedure.
>
> 1.
> Install Strawbery perl
> 2.
> Open Visual Studio x64 Cross Tools Command prompt
> %comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\VC\vcvarsall.bat" x86_amd64
> 3.
> Change to the directory containing openssl sources
> cd C:\openssl-1.0.1j
> 4.
> Configure the openssl build
> perl Configure VC-WIN64A no-ssl2
> 5.
> Prepare the target environment
> ms\do_win64a
> 6.
> Clean up previous compliation
> nmake -f ms\nt.mak clean
> 7.
> Build
> nmake -f ms\nt.mak
> 8.
> Test the build
> nmake -f ms\nt.mak test
>
> Once I add the no-ssl3 option, compilation of the 64-bit static
> library fails with the following.
>
> Building OpenSSL
> lib /nologo /out:out32\ssleay32.lib
> @C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp
> link /nologo /subsystem:console /opt:ref /debug
> /out:out32\constant_time_test.exe
> @C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp
> LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib'
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d'
> Stop.
>
> I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an
> issue with Windows builds? The error isn't descriptive, but perhaps a
> openssl-dev could try reproducing the issue. I feel pretty confident
> this a issue with the build scripts for Windows. I initially tried
> the openssl-users list, but didn't get any responses.
Thanks for the detailed bug report!
Applying this temporary patch to util/mk1mf.pl will resolve this issue.
Tim.
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index f0c2df0..4d2bbb2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -671,11 +671,11 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
+# if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+# {
+# $rules.="\$(O_SSL):\n\n";
+# next;
+# }
$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:"
\$(LIB_CFLAGS)";
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
