Tim,
That patch worked. I also created a ticket, #3573, which I believe can
be closed.
Thanks,
Arthur
On 10/19/2014 7:56 PM, Tim Hudson wrote:
On 18/10/2014 3:07 AM, Arthur Ramsey wrote:
Hello,
I want to disable SSLv3 for a tomcat / tcnative deployment on
Windows. Tomcat lacks the ability to disable SSLv3 while retaining
TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time
with no-ssl3. This was successful on Linux, but not on Windows. I
was able to build on Windows with the following procedure.
1.
Install Strawbery perl
2.
Open Visual Studio x64 Cross Tools Command prompt
%comspec% /k "C:\Program Files (x86)\Microsoft Visual Studio
9.0\VC\vcvarsall.bat" x86_amd64
3.
Change to the directory containing openssl sources
cd C:\openssl-1.0.1j
4.
Configure the openssl build
perl Configure VC-WIN64A no-ssl2
5.
Prepare the target environment
ms\do_win64a
6.
Clean up previous compliation
nmake -f ms\nt.mak clean
7.
Build
nmake -f ms\nt.mak
8.
Test the build
nmake -f ms\nt.mak test
Once I add the no-ssl3 option, compilation of the 64-bit static
library fails with the following.
Building OpenSSL
lib /nologo /out:out32\ssleay32.lib
@C:\Users\arthurr\AppData\Local\Temp\nm96B5.tmp
link /nologo /subsystem:console /opt:ref /debug
/out:out32\constant_time_test.exe
@C:\Users\arthurr\AppData\Local\Temp\nm96D5.tmp
LINK : fatal error LNK1181: cannot open input file 'out32\ssleay32.lib'
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
9.0\VC\BIN\x86_amd64\link.EXE"' : return code '0x49d'
Stop.
I see there was a fix for no-ssl3 in 1.0.1j, but it may still be an
issue with Windows builds? The error isn't descriptive, but perhaps a
openssl-dev could try reproducing the issue. I feel pretty confident
this a issue with the build scripts for Windows. I initially tried
the openssl-users list, but didn't get any responses.
Thanks for the detailed bug report!
Applying this temporary patch to util/mk1mf.pl will resolve this issue.
Tim.
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index f0c2df0..4d2bbb2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -671,11 +671,11 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
+# if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+# {
+# $rules.="\$(O_SSL):\n\n";
+# next;
+# }
$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:"
\$(LIB_CFLAGS)";
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
