On 09/11/2011 23:39, Konstantin Kolinko wrote:
Maybe add explicit FIPS mode status check below the above error
handling? Something like:
if (on.equalsIgnoreCase(FIPSMode) !fipsModeActive) {
fail fatally;
}
+1
Mark
-
Mark,
On 11/10/11 6:28 AM, Mark Thomas wrote:
On 09/11/2011 23:39, Konstantin Kolinko wrote:
Maybe add explicit FIPS mode status check below the above error
handling? Something like:
if (on.equalsIgnoreCase(FIPSMode) !fipsModeActive) {
fail fatally;
}
+1
Sounds good to me. What
Author: schultz
Date: Wed Nov 9 21:34:31 2011
New Revision: 1199980
URL: http://svn.apache.org/viewvc?rev=1199980view=rev
Log:
Fixed bug #50570 - Allow explicit use of FIPS mode in APR lifecycle listener
- Added FIPSMode attribute to AprLifecycleListener that causes OpenSSL to go
into FIPS mode
On 09/11/2011 21:34, schu...@apache.org wrote:
Author: schultz
Date: Wed Nov 9 21:34:31 2011
New Revision: 1199980
URL: http://svn.apache.org/viewvc?rev=1199980view=rev
Log:
Fixed bug #50570 - Allow explicit use of FIPS mode in APR lifecycle listener
- Added FIPSMode attribute to
Mark,
On 11/9/11 2:06 PM, Mark Thomas wrote:
On 09/11/2011 21:34, schu...@apache.org wrote:
Author: schultz
Date: Wed Nov 9 21:34:31 2011
New Revision: 1199980
URL: http://svn.apache.org/viewvc?rev=1199980view=rev
Log:
Fixed bug #50570 - Allow explicit use of FIPS mode in APR lifecycle
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2011 22:09, Christopher Schultz wrote:
Mark,
On 11/9/11 2:06 PM, Mark Thomas wrote:
On 09/11/2011 21:34, schu...@apache.org wrote:
Author: schultz Date: Wed Nov 9 21:34:31 2011 New Revision:
1199980
URL:
2011/11/10 Mark Thomas ma...@apache.org:
On 09/11/2011 21:34, schu...@apache.org wrote:
Author: schultz Date: Wed Nov 9 21:34:31 2011 New Revision:
1199980
URL: http://svn.apache.org/viewvc?rev=1199980view=rev Log:
Fixed bug #50570 - Allow explicit use of FIPS mode in APR
lifecycle
Konstantin,
On 11/9/11 2:24 PM, Konstantin Kolinko wrote:
2011/11/10 Mark Thomas ma...@apache.org:
On 09/11/2011 21:34, schu...@apache.org wrote:
Author: schultz Date: Wed Nov 9 21:34:31 2011 New Revision:
1199980
URL: http://svn.apache.org/viewvc?rev=1199980view=rev Log:
Fixed bug #50570
2011/11/10 Christopher Schultz ch...@christopherschultz.net:
There is java.lang.UnsatisfiedLinkError (and not the
IllegalStateException that the code throws).
Despite this error, Tomcat startup sequence continues.
I guess that from FIPS PoV the failure to initialize FIPS mode should
be
Mark,
On 11/9/11 2:12 PM, Mark Thomas wrote:
What happens if I try this with 1.1.22?
Here is the behavior under various circumstances:
1.1.23, openssl-fips, FIPSMode!=on : regular startup
1.1.23, openssl-fips, FIPSMode=on : enter FIPS mode
1.1.23, openssl, FIPSMode!=on : regular startup
All,
On 11/9/11 4:32 PM, Christopher Schultz wrote:
I see several ways to move forward, here, not necessarily mutually
exclusive:
1. terminate SSL on FIPS error
2. set sslInitialized after initialization is complete (including
FIPS), not before
3. set error state in SSL class to
Konstantin,
On 11/9/11 3:39 PM, Konstantin Kolinko wrote:
2011/11/10 Christopher Schultz ch...@christopherschultz.net:
There is java.lang.UnsatisfiedLinkError (and not the
IllegalStateException that the code throws).
Despite this error, Tomcat startup sequence continues.
I guess that from
12 matches
Mail list logo