Re: Tomcat APR protocol SSL certificate information.

2015-12-16 Thread Nithesh Kb 
[image: Inline image 1]


Got this mail! ,
Does it means can we use keystore for APR protocol using this new TC-native
??



Thanks,
Nithesh

>
>
On Wed, Dec 16, 2015 at 1:09 PM, Garcia Aparici, Carlos <cgapar...@indra.es>
wrote:

> In many of our tomcats we use the pfx directly on the conector. Its
> similar to a keystore
>
>
> Enviado de Samsung Mobile
>
>
>
> ---- Mensaje original 
> De: Nithesh Kb <nitheshk...@gmail.com>
> Fecha: 15/12/2015 16:21 (GMT+01:00)
> Para: Tomcat Users List <users@tomcat.apache.org>
> Asunto: Re: Tomcat APR protocol SSL certificate information.
>
>
> *Thanks David,Thomas.*
> If my understanding is not wrong.
> Till tomcat version 8, we need to provide cert and key separately for
> openssl ssl APR, like
>
> *(SSLCertificateFile="/aa/server.crt"SSLCertificateKeyFile="/aa/server.key")*
> But tomcat 9 we can use keystore to store cert and key and configure it to
> connector like  *keystoreFile="/aa/tomcat.**keystore"*
>
> *Thanks,*
> *Nithesh*
>
> On Tue, Dec 15, 2015 at 8:40 PM, Mark Thomas <ma...@apache.org> wrote:
>
> > On 15/12/2015 15:07, David Newman wrote:
> > > When you use APR the SSL implementation is coming from openssl instead
> of
> > > java.  openssl has no use for java keystore files.  So it becomes more
> > like
> > > an apache httpd config with separate files for keys and certificates.
> >
> > True, but as of Tomcat 9 (and will hopefully be back-ported to an 8.1.x
> > at some point) you can use Java keystores with OpenSSL.
> >
> > Mark
> >
> > >
> > > On Tue, Dec 15, 2015 at 5:12 AM, Nithesh Kb <nitheshk...@gmail.com>
> > wrote:
> > >
> > >> HI,
> > >> I have build APR libraries Openssl and tc-native also i have created
> > >> openssl libraries. both HTTP and HTTPS is working fine.
> > >>
> > >> *openssl genrsa -des3 -out server.key 2048 *
> > >> *openssl req -new -key server.key -out server.csr*
> > >> *cp server.key server.key.org <http://server.key.org>*
> > >> *openssl rsa -in server.key.org <http://server.key.org> -out
> > server.key*
> > >> *openssl x509 -req -days 365 -in server.csr -signkey server.key -out
> > >> server.crt*
> > >>
> > >> i get server.crt and server.key.
> > >>
> > >> I added this entry,in connector
> > >>
> > >>
> > >> *protocol="org.apache.coyote.http11.Http11AprProtocol"*
> > >> *SSLCertificateFile="/aa/server.crt"*
> > >> *SSLCertificateKeyFile="/aa/server.key"*
> > >>
> > >> *If i do this much, it will work!!*
> > >>
> > >> *But the question is, is it possible to put these two certificate in
> > >> keystore and can we add only that keystore in our connector ?*
> > >> *something like, keystoreFile="/aa/tomcat.keystore"*
> > >>
> > >> *i tried this but didn't worked,*
> > >>
> > >> *
> > >>
> >
> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore
> > >> <
> > >>
> >
> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore
> > >>> *
> > >>
> > >> *please help me to understand these certificate stuffs. *
> > >>
> > >>
> > >>
> > >> *Thanks,*
> > >> *Nithesh*
> > >>
> > >
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> 
> Este correo electrónico y, en su caso, cualquier fichero anexo al mismo,
> contiene información de carácter confidencial exclusivamente dirigida a su
> destinatario o destinatarios. Si no es vd. el destinatario indicado, queda
> notificado que la lectura, utilización, divulgación y/o copia sin
> autorización está prohibida en virtud de la legislación vigente. En el caso
> de haber recibido este correo electrónico por error, se ruega notificar
> inmediatamente esta circunstancia mediante reenvío a la dirección
> electrónica del remitente.
> Evite imprimir este mensaje si no es estrictamente necesario.
>
> This email and any file attached to it (when applicable) contain(s)
> confidential information that is exclusively addressed to its recipient(s).
> If you are not the indicated recipient, you are informed that reading,
> using, disseminating and/or copying it without authorisation is forbidden
> in accordance with the legislation in effect. If you have received this
> email by mistake, please immediately notify the sender of the situation by
> resending it to their email address.
> Avoid printing this message if it is not absolutely necessary.
>

Re: [ANN] Apache Tomcat Native 1.2.3 released

2015-12-16 Thread Nithesh Kb 
Got this mail! ,
Does it means can we use keystore for APR protocol using this new TC-native
??



Thanks,
Nithesh

On Wed, Dec 16, 2015 at 4:52 PM, Mark Thomas  wrote:

> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat Native 1.2.3 stable.
>
> The key features of this release are:
> - Java keystore support.
> - Various fixes to align the Java and native APIs
> - Various fixes if building without OpenSSL
> - Windows binaries built with OpenSSL 1.0.2e
>
> Note that, unless a regression is discovered in 1.2.x, users should now
> be using 1.2.x in preference to 1.1.x.
>
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/native-doc/miscellaneous/changelog.html
>
> Downloads:
> http://tomcat.apache.org/download-native.cgi
>
> The Apache Tomcat Native Library provides portable API for features
> not found in contemporary JDK's. It uses Apache Portable Runtime as
> operating system abstraction layer and OpenSSL for SSL networking and
> allows optimal performance in production environments.
>
>
> Thank you,
> --
> The Apache Tomcat Team
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Tomcat APR protocol SSL certificate information.

2015-12-15 Thread Nithesh Kb 
HI,
I have build APR libraries Openssl and tc-native also i have created
openssl libraries. both HTTP and HTTPS is working fine.

*openssl genrsa -des3 -out server.key 2048 *
*openssl req -new -key server.key -out server.csr*
*cp server.key server.key.org *
*openssl rsa -in server.key.org  -out server.key*
*openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt*

i get server.crt and server.key.

I added this entry,in connector


*protocol="org.apache.coyote.http11.Http11AprProtocol"*
*SSLCertificateFile="/aa/server.crt"*
*SSLCertificateKeyFile="/aa/server.key"*

*If i do this much, it will work!!*

*But the question is, is it possible to put these two certificate in
keystore and can we add only that keystore in our connector ?*
*something like, keystoreFile="/aa/tomcat.keystore"*

*i tried this but didn't worked,*

*http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore
*

*please help me to understand these certificate stuffs. *



*Thanks,*
*Nithesh*

Re: Tomcat APR protocol SSL certificate information.

2015-12-15 Thread Nithesh Kb 
*Thanks David,Thomas.*
If my understanding is not wrong.
Till tomcat version 8, we need to provide cert and key separately for
openssl ssl APR, like
*(SSLCertificateFile="/aa/server.crt"SSLCertificateKeyFile="/aa/server.key")*
But tomcat 9 we can use keystore to store cert and key and configure it to
connector like  *keystoreFile="/aa/tomcat.**keystore"*

*Thanks,*
*Nithesh*

On Tue, Dec 15, 2015 at 8:40 PM, Mark Thomas <ma...@apache.org> wrote:

> On 15/12/2015 15:07, David Newman wrote:
> > When you use APR the SSL implementation is coming from openssl instead of
> > java.  openssl has no use for java keystore files.  So it becomes more
> like
> > an apache httpd config with separate files for keys and certificates.
>
> True, but as of Tomcat 9 (and will hopefully be back-ported to an 8.1.x
> at some point) you can use Java keystores with OpenSSL.
>
> Mark
>
> >
> > On Tue, Dec 15, 2015 at 5:12 AM, Nithesh Kb <nitheshk...@gmail.com>
> wrote:
> >
> >> HI,
> >> I have build APR libraries Openssl and tc-native also i have created
> >> openssl libraries. both HTTP and HTTPS is working fine.
> >>
> >> *openssl genrsa -des3 -out server.key 2048 *
> >> *openssl req -new -key server.key -out server.csr*
> >> *cp server.key server.key.org <http://server.key.org>*
> >> *openssl rsa -in server.key.org <http://server.key.org> -out
> server.key*
> >> *openssl x509 -req -days 365 -in server.csr -signkey server.key -out
> >> server.crt*
> >>
> >> i get server.crt and server.key.
> >>
> >> I added this entry,in connector
> >>
> >>
> >> *protocol="org.apache.coyote.http11.Http11AprProtocol"*
> >> *SSLCertificateFile="/aa/server.crt"*
> >> *SSLCertificateKeyFile="/aa/server.key"*
> >>
> >> *If i do this much, it will work!!*
> >>
> >> *But the question is, is it possible to put these two certificate in
> >> keystore and can we add only that keystore in our connector ?*
> >> *something like, keystoreFile="/aa/tomcat.keystore"*
> >>
> >> *i tried this but didn't worked,*
> >>
> >> *
> >>
> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore
> >> <
> >>
> http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore
> >>> *
> >>
> >> *please help me to understand these certificate stuffs. *
> >>
> >>
> >>
> >> *Thanks,*
> >> *Nithesh*
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: How to build tc-natvie for solaris sparc 64 bit using 64 bit java JDK

2015-12-12 Thread Nithesh Kb 
HI Rainer,
Interestingly i tried this as well.

*APR,*
*CC="cc" CFLAGS="-m64" LDFLAGS="-m64" ./configure*

*TC-native,*
*CC="cc" CFLAGS="-m64 -fPIC" LDFLAGS="-m64" ./configure
--with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=/usr/jdk/jdk1.7.0_80/ --with-ssl=/usr/local/ssl
--prefix=/tomcat*

*But i get this error,*

*ld: fatal: file /usr/local/ssl/lib/libssl.so: wrong ELF class: ELFCLASS32*
*ld: fatal: file /usr/local/ssl/lib/libcrypto.so: wrong ELF class:
ELFCLASS32*
*ld: fatal: file processing errors. No output written to
.libs/libtcnative-1.so.0.1.33*
 Error code 2*
*make: Fatal error: Command failed for target `libtcnative-1.la
<http://libtcnative-1.la>'*
*Current working directory /tomcat/bin/tomcat-native-1.1.33-src/jni/native*


Does it mean my openssl is not 64 bit, actually i'm not sure about my
openssl architecture ?

Thanks,
Nithesh KB

On Sat, Dec 12, 2015 at 10:52 PM, Nithesh Kb <nitheshk...@gmail.com> wrote:

> HI Rainer,
> Thanks i was able to succeed this step but still tomcat is not starting.
>
> *APR,*
>  CFLAGS="-m64" ./configure
>
>
> *TC-native,*
>
> * CFLAGS="-m64" ./configure --with-apr=/usr/local/apr/bin/apr-1-config
> --with-java-home=/usr/jdk/instances/jdk1.7.0/ --with-ssl=/usr/local/ssl
> --prefix=/tomcat7*
>
>
> *but i get this error in tomcat logs,*
>
> INFO: Loaded APR based Apache Tomcat Native library 1.1.33 using APR version 
> 1.5.2.Dec 12, 2015 8:02:42 PM org.apache.catalina.core.AprLifecycleListener 
> lifecycleEvent
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], 
> random [true].Dec 12, 2015 8:02:42 PM 
> org.apache.catalina.core.AprLifecycleListener initializeSSL
> INFO: OpenSSL successfully initialized (OpenSSL 1.0.1p 9 Jul 2015)Dec 12, 
> 2015 8:02:43 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-apr-0.0.0.0-8081"]Dec 12, 2015 
> 8:02:43 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-apr-0:0:0:0:0:0:0:0-8081"]Dec 12, 
> 2015 8:02:43 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-apr-0.0.0.0-8444"]
> ld.so.1: java: fatal: relocation error: file 
> /tomcat7/lib/libtcnative-1.so.0.1.33: symbol EC_KEY_new_by_curve_name: 
> referenced symbol not found
>
>
>
> On Sat, Dec 12, 2015 at 9:35 PM, Rainer Jung <rainer.j...@kippdata.de>
> wrote:
>
>> Am 11.12.2015 um 20:27 schrieb Nithesh Kb:
>>
>>> *HI, I'm using Solaris sparc 64 bit machine. i wanted to build tc native
>>> using 64 bit version of java.*
>>>
>>> *i installed java in my Solaris box by referring*
>>>
>>> http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html
>>>
>>> *when i check the*
>>>
>>> /usr/jdk/jdk1.7.0_80/bin/java -version
>>> java version "1.7.0_80"Java(TM) SE Runtime Environment (build
>>> 1.7.0_80-b15)Java HotSpot(TM) Server VM (build 24.80-b11, mixed mode)
>>>
>>> *export JAVA_HOME=/usr/jdk/jdk1.7.0_80*
>>>
>>> *./configure --with-apr=/usr/local/apr/bin/apr-1-config
>>> --with-java-home=$JAVA_HOME --with-ssl=/usr/local/ssl
>>> --prefix=$CATALINA_HOME*
>>>
>>> *i'm able to build using this java 32 bit but 64 bit java is there in*
>>>
>>> /usr/jdk/jdk1.7.0_80/bin/sparcv9/java -version
>>> java version "1.7.0_80"Java(TM) SE Runtime Environment (build
>>> 1.7.0_80-b15)Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed
>>> mode)
>>>
>>> *So how do i tell my tc-native configure to use 64 bit java instead of*
>>> 32
>>> bit java
>>>
>>> Issue is here i can build with 32 bit java and tomcat will work. but in
>>> production there is no 32 bit JRE only 64 bit JRE is there is if is use
>>> the
>>> same 32 bit tc-native library i'l get
>>>
>>> *wrong ELF class: ELFCLASS32 (Possible cause: architecture word width
>>> mismatch)]*
>>>
>>> So i must use 64 JDK for tc native build. please help me
>>>
>>
>> From your other mail it seems you are using gcc to do the build. If so,
>> make sure to include "-m64" in your CFLAGS for all components (OpenSSL,
>> APT, tcnative). To build tcnative for 65 Bits, you need to have 64 Bit
>> OpenSSL and 64 Bit APR first.
>>
>> The 64 Bit part of the JVM will then be chosen automatically, not sparcv9
>> or similar needed.
>>
>> Regards,
>>
>> Rainer
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: How to build tc-natvie for solaris sparc 64 bit using 64 bit java JDK

2015-12-12 Thread Nithesh Kb 
HI Rainer,
Thanks i was able to succeed this step but still tomcat is not starting.

*APR,*
 CFLAGS="-m64" ./configure


*TC-native,*

* CFLAGS="-m64" ./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=/usr/jdk/instances/jdk1.7.0/ --with-ssl=/usr/local/ssl
--prefix=/tomcat7*


*but i get this error in tomcat logs,*

INFO: Loaded APR based Apache Tomcat Native library 1.1.33 using APR
version 1.5.2.Dec 12, 2015 8:02:42 PM
org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].Dec 12, 2015 8:02:42 PM
org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1p 9 Jul 2015)Dec
12, 2015 8:02:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-0.0.0.0-8081"]Dec 12,
2015 8:02:43 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler
["http-apr-0:0:0:0:0:0:0:0-8081"]Dec 12, 2015 8:02:43 PM
org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-0.0.0.0-8444"]
ld.so.1: java: fatal: relocation error: file
/tomcat7/lib/libtcnative-1.so.0.1.33: symbol EC_KEY_new_by_curve_name:
referenced symbol not found



On Sat, Dec 12, 2015 at 9:35 PM, Rainer Jung <rainer.j...@kippdata.de>
wrote:

> Am 11.12.2015 um 20:27 schrieb Nithesh Kb:
>
>> *HI, I'm using Solaris sparc 64 bit machine. i wanted to build tc native
>> using 64 bit version of java.*
>>
>> *i installed java in my Solaris box by referring*
>>
>> http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html
>>
>> *when i check the*
>>
>> /usr/jdk/jdk1.7.0_80/bin/java -version
>> java version "1.7.0_80"Java(TM) SE Runtime Environment (build
>> 1.7.0_80-b15)Java HotSpot(TM) Server VM (build 24.80-b11, mixed mode)
>>
>> *export JAVA_HOME=/usr/jdk/jdk1.7.0_80*
>>
>> *./configure --with-apr=/usr/local/apr/bin/apr-1-config
>> --with-java-home=$JAVA_HOME --with-ssl=/usr/local/ssl
>> --prefix=$CATALINA_HOME*
>>
>> *i'm able to build using this java 32 bit but 64 bit java is there in*
>>
>> /usr/jdk/jdk1.7.0_80/bin/sparcv9/java -version
>> java version "1.7.0_80"Java(TM) SE Runtime Environment (build
>> 1.7.0_80-b15)Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed
>> mode)
>>
>> *So how do i tell my tc-native configure to use 64 bit java instead of* 32
>> bit java
>>
>> Issue is here i can build with 32 bit java and tomcat will work. but in
>> production there is no 32 bit JRE only 64 bit JRE is there is if is use
>> the
>> same 32 bit tc-native library i'l get
>>
>> *wrong ELF class: ELFCLASS32 (Possible cause: architecture word width
>> mismatch)]*
>>
>> So i must use 64 JDK for tc native build. please help me
>>
>
> From your other mail it seems you are using gcc to do the build. If so,
> make sure to include "-m64" in your CFLAGS for all components (OpenSSL,
> APT, tcnative). To build tcnative for 65 Bits, you need to have 64 Bit
> OpenSSL and 64 Bit APR first.
>
> The 64 Bit part of the JVM will then be chosen automatically, not sparcv9
> or similar needed.
>
> Regards,
>
> Rainer
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: How to build tc-natvie for solaris sparc 64 bit using 64 bit java JDK

2015-12-12 Thread Nithesh Kb 
HI Rainer,
You are right.
i compiled new openssl by setting variable  export KERNEL_BITS=64. followed
by tc native. and now tomcat is working fine in 64 bit JRE environment.

Thanks a lot!!

Regards,
Nithesh

On Sat, Dec 12, 2015 at 11:18 PM, Rainer Jung <rainer.j...@kippdata.de>
wrote:

> Am 12.12.2015 um 18:29 schrieb Nithesh Kb:
>
>> HI Rainer,
>> Interestingly i tried this as well.
>>
>> *APR,*
>> *CC="cc" CFLAGS="-m64" LDFLAGS="-m64" ./configure*
>>
>> *TC-native,*
>> *CC="cc" CFLAGS="-m64 -fPIC" LDFLAGS="-m64" ./configure
>> --with-apr=/usr/local/apr/bin/apr-1-config
>> --with-java-home=/usr/jdk/jdk1.7.0_80/ --with-ssl=/usr/local/ssl
>> --prefix=/tomcat*
>>
>> *But i get this error,*
>>
>> *ld: fatal: file /usr/local/ssl/lib/libssl.so: wrong ELF class:
>> ELFCLASS32*
>> *ld: fatal: file /usr/local/ssl/lib/libcrypto.so: wrong ELF class:
>> ELFCLASS32*
>> *ld: fatal: file processing errors. No output written to
>> .libs/libtcnative-1.so.0.1.33*
>>  Error code 2*
>> *make: Fatal error: Command failed for target `libtcnative-1.la
>> <http://libtcnative-1.la>'*
>> *Current working directory
>> /tomcat/bin/tomcat-native-1.1.33-src/jni/native*
>>
>>
>> Does it mean my openssl is not 64 bit, actually i'm not sure about my
>> openssl architecture ?
>>
>
> Yes, that's why I suggested you should build OpenSSL as well. It will not
> have any further dependencies.
>
> You can check bitness using
>
> file /usr/local/ssl/lib/libssl.so
> file /usr/local/ssl/lib/libcrypto.so
>
> Pick yourself a 1.0.2e OpenSSl download, build it (with -m64) and install
> it into a separate directory. Check the bitness of the result with the
> "file" command. Then point tcnative at it when running its configure etc.
>
> You are pretty close.
>
> Note that there's also a more recent tcnative 1.2.2 and the versions
> 1.3.34 and 1.2.3 are currently in the voting process, so will likely be
> released very soon. So once your build works, you might want to check for
> the recent version and redo the build. You can use the same APR and OpenSSL
> builds, so no need to redo them for the nex tcnative.
>
>
> Regards,
>
> Rainer
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: How to build tc-native for solaris sparc 64 bit using 64 bit java JDK

2015-12-11 Thread Nithesh Kb 
HI Chris,
Thanks for your reply.

Solaris 64bit JDK requires 32 bit JDK

*http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html#install-svr4
<http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html#install-svr4>*
  "*Installing the JDK on a 64-bit system that allows a 32-bit JVM is a
two-step process: first install the 32-bit JDK and then install the
additional support for 64-bit operations*"


I tried whatever you told,

Set the java home
*export JAVA_HOME=/usr/jdk/jdk1.7.0_80*

Ran the tc-native configuration with *--with-os-type=sparcv9*

*./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=$JAVA_HOME --with-ssl=/usr/local/ssl
--prefix=$CATALINA_HOME --with-os-type=sparcv9*

here is the funda, it looks for sparcv9 in JAVA_HOME

checking build system type... sparc-sun-solaris2.10
checking host system type... sparc-sun-solaris2.10
checking target system type... sparc-sun-solaris2.10
checking for a BSD-compatible install... build/install.sh -c
checking for working mkdir -p... yes
Tomcat Native Version: 1.1.33
checking for chosen layout... tcnative
checking for APR... yes
  setting CC to "gcc"
  setting CPP to "gcc -E"
checking for JDK location (please wait)... /usr/jdk/jdk1.7.0_80/
checking Java platform... checking Java platform...
checking for sablevm... NONE
  adding "-I/usr/jdk/jdk1.7.0_80//include" to TCNATIVE_PRIV_INCLUDES
*configure: error: Not a directory: /usr/jdk/jdk1.7.0_80//sparcv9*


of course */usr/jdk/jdk1.7.0_80//sparcv9 *, this directory is not there in
JAVA_HOME. it is there in */usr/jdk/jdk1.7.0_80/bin/sparcv9*

But we cannot set JAVA_HOME to */usr/jdk/jdk1.7.0_80/bin*

*So how do we solve this ? is it a non-addressed scenario in TC-native
configuration ?*

*-Nithesh*



On Sat, Dec 12, 2015 at 2:38 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Nithesh,
>
> On 12/11/15 2:27 PM, Nithesh Kb wrote:
> > *HI, I'm using Solaris sparc 64 bit machine. i wanted to build tc native
> > using 64 bit version of java.*
> >
> > *i installed java in my Solaris box by referring*
> >
> http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html
> >
> > *when i check the*
> >
> > /usr/jdk/jdk1.7.0_80/bin/java -version
> > java version "1.7.0_80"Java(TM) SE Runtime Environment (build
> > 1.7.0_80-b15)Java HotSpot(TM) Server VM (build 24.80-b11, mixed mode)
> >
> > *export JAVA_HOME=/usr/jdk/jdk1.7.0_80*
> >
> > *./configure --with-apr=/usr/local/apr/bin/apr-1-config
> > --with-java-home=$JAVA_HOME --with-ssl=/usr/local/ssl
> > --prefix=$CATALINA_HOME*
> >
> > *i'm able to build using this java 32 bit but 64 bit java is there in*
> >
> > /usr/jdk/jdk1.7.0_80/bin/sparcv9/java -version
> > java version "1.7.0_80"Java(TM) SE Runtime Environment (build
> > 1.7.0_80-b15)Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed
> > mode)
> >
> > *So how do i tell my tc-native configure to use 64 bit java instead of*
> 32
> > bit java
> >
> > Issue is here i can build with 32 bit java and tomcat will work. but in
> > production there is no 32 bit JRE only 64 bit JRE is there is if is use
> the
> > same 32 bit tc-native library i'l get
> >
> > *wrong ELF class: ELFCLASS32 (Possible cause: architecture word width
> > mismatch)]*
> >
> > So i must use 64 JDK for tc native build. please help me
>
> Try this:
>
> $ ./configure ... --with-java-home=$JAVA_HOME --with-os-type=sparc9
>
> Or, is there a way to remove the 32-bit JVM? (That may not be an option
> for you long-term, but it would be interesting to see what happens).
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

How to build tc-natvie for solaris sparc 64 bit using 64 bit java JDK

2015-12-11 Thread Nithesh Kb 
*HI, I'm using Solaris sparc 64 bit machine. i wanted to build tc native
using 64 bit version of java.*

*i installed java in my Solaris box by referring*
http://docs.oracle.com/javase/7/docs/webnotes/install/solaris/solaris-jdk.html

*when i check the*

/usr/jdk/jdk1.7.0_80/bin/java -version
java version "1.7.0_80"Java(TM) SE Runtime Environment (build
1.7.0_80-b15)Java HotSpot(TM) Server VM (build 24.80-b11, mixed mode)

*export JAVA_HOME=/usr/jdk/jdk1.7.0_80*

*./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=$JAVA_HOME --with-ssl=/usr/local/ssl
--prefix=$CATALINA_HOME*

*i'm able to build using this java 32 bit but 64 bit java is there in*

/usr/jdk/jdk1.7.0_80/bin/sparcv9/java -version
java version "1.7.0_80"Java(TM) SE Runtime Environment (build
1.7.0_80-b15)Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed
mode)

*So how do i tell my tc-native configure to use 64 bit java instead of* 32
bit java

Issue is here i can build with 32 bit java and tomcat will work. but in
production there is no 32 bit JRE only 64 bit JRE is there is if is use the
same 32 bit tc-native library i'l get

*wrong ELF class: ELFCLASS32 (Possible cause: architecture word width
mismatch)]*

So i must use 64 JDK for tc native build. please help me

Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-06 Thread Nithesh Kb 
HI Chris,

i added this while installing tc native  --with-ssl=/usr/local/ssl/ and it
worked.
I have tried it on Linux, and windows i'll try the same shortly.


Thanks,
Nithesh

On Fri, Dec 4, 2015 at 11:38 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Nitish,
>
> On 12/3/15 2:36 PM, Nithesh Kb wrote:
> > Wow Amazing worked!!!
>
> Glad to hear it worked. What did you have to do?
>
> You never said, but do you happen to be on Windows?
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-03 Thread Nithesh Kb 
Wow Amazing worked!!!

04-Dec-2015 00:45:30.500 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.
04-Dec-2015 00:45:30.500 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].
04-Dec-2015 00:45:30.561 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...
04-Dec-2015 00:45:30.576 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Successfully
entered FIPS mode
04-Dec-2015 00:45:30.577 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized (OpenSSL 1.0.1p 9 Jul 2015)
04-Dec-2015 00:45:30.935 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-apr-8080"]
04-Dec-2015 00:45:30.973 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["ajp-apr-8009"]
04-Dec-2015 00:45:30.976 INFO [main]
org.apache.catalina.startup.Catalina.load Initialization processed in 2308
ms



On Fri, Dec 4, 2015 at 12:47 AM, Nithesh Kb <nitheshk...@gmail.com> wrote:

> *HI Tomcat Experts,*
> *I'm trying to enable fips mode in tomcat but i get these exception,*
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl 
> [**https://www.openssl.org/docs/UserGuide-2.0.pdf
> <https://www.openssl.org/docs/UserGuide-2.0.pdf>**]*
> *2. Installed tomcat APR and APR util 
> [**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
> <http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling>*
> *]*
> *3. Installed TC-native *
>
> *Changes made in server.xml*
>
>   SSLEngine="on" FIPSMode="on" />
>
>
>port="8080"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> secure="false"
> SSLEnabled="false"
> scheme="http"
> URIEncoding="UTF-8"
> enableLookups="true"
> acceptCount="10"
> server="NA"/>
>
> *and the exception for this,*
> *   04-Dec-2015 00:00:34.725 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
> *04-Dec-2015 00:00:34.725 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], random
> [true].*
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
> * at
> org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
> * at
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*
>
> *It works fine if i made FIPSMode="false"*
>
> *logs are attached *
>
> *please help me how to proceed on this.*
> *Thanks in advance.*
> Thanks,
> Nithesh
>
> On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb <nitheshk...@gmail.com> wrote:
>
>> HI Tomcat Experts,
>> I'm trying to enable fips mode in tomcat but i get these exception,
>>
>> *04-Dec-2015 00:00:34.787 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
>> FIPS mode...*
>> *04-Dec-2015 00:00:34.791 SEVERE [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
>> initialize the SSLEngine.*
>> * java.lang.Exception: error:2D06C06E:FIPS
>> routines:FIPS_mode_set:fingerprint does not match*
>> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>>
>> *Steps that i have followed,*
>> *1. Built FIPS Capable Openssl*
>>
>>
>> Thanks,
>> Nithesh
>>
>
>

Tomcat FIPS with FIPS capable OpenSSL

2015-12-03 Thread Nithesh Kb 
HI Tomcat Experts,
I'm trying to enable fips mode in tomcat but i get these exception,

*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*

*Steps that i have followed,*
*1. Built FIPS Capable Openssl*


Thanks,
Nithesh

Re: Tomcat FIPS with FIPS capable OpenSSL

2015-12-03 Thread Nithesh Kb 
*HI Tomcat Experts,*
*I'm trying to enable fips mode in tomcat but i get these exception,*

*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*

*Steps that i have followed,*
*1. Built FIPS Capable Openssl
[**https://www.openssl.org/docs/UserGuide-2.0.pdf
<https://www.openssl.org/docs/UserGuide-2.0.pdf>**]*
*2. Installed tomcat APR and APR util
[**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
<http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling>*
*]*
*3. Installed TC-native *

*Changes made in server.xml*






*and the exception for this,*
*   04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
*04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].*
*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
* at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
* at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*

*It works fine if i made FIPSMode="false"*

*logs are attached *

*please help me how to proceed on this.*
*Thanks in advance.*
Thanks,
Nithesh

On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb <nitheshk...@gmail.com> wrote:

> HI Tomcat Experts,
> I'm trying to enable fips mode in tomcat but i get these exception,
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl*
>
>
> Thanks,
> Nithesh
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org