> -----Original Message----- > From: Konstantin Kolinko [mailto:[email protected]] > Sent: April-16-14 2:12 PM > To: Tomcat Users List > Subject: Re: Patching Tomcat for Heartbleed > > 2014-04-16 21:44 GMT+04:00 Cormier, Greg <[email protected]>: > > I have a Tomcat 7.0.30 server I'm trying to patch to resolve the heartbleed > exploit. > > > > I shut down the server and overwrite tcnative-1.dll with the recently > released version. > > > > When I restart tomcat, I get errors about the Java Key Store. > > > > Apr 16, 2014 9:36:07 AM org.apache.catalina.core.AprLifecycleListener init > > INFO: The APR based Apache Tomcat Native library which allows optimal > performance in production environments was not found on the > java.library.path: D:\Tomcat > 7.0\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Wi > ndows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\S > ystem32\WindowsPowerShell\v1.0\;C:\OpenSSL-Win32\bin;;. > > The above means that tcnative-1.dll was not found in the directories > listed above. > > I would guess that you used a wrong DLL. > It must match the CPU architecture of JRE/JDK that you are using. > > Is tcnative-1.dll file readable?
Hmm, I think this might be the case - I may have snagged the 32 bit version instead of 64 bit! I will try this after business hours so I can take Tomcat offline and let you know! > > > > Apr 16, 2014 9:36:11 AM org.apache.coyote.AbstractProtocol init > > INFO: Initializing ProtocolHandler ["http-bio-443"] > > > > Apr 16, 2014 9:36:12 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory > getStore > > SEVERE: Failed to load keystore type JKS with path C:\/.keystore due to > C:\.keystore (The system cannot find the file specified) > > java.io.FileNotFoundException: C:\.keystore (The system cannot find the > file specified) > > at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(Unknown Source) > > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFacto > ry.java:400) > > ... > > > > > > I don't understand why I'm getting these, as I'm 99% sure I'm using APR and > not JSSE. > > > > > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > > Replace protocol="HTTP/1.1" with explicit > protocol="org.apache.coyote.http11.Http11AprProtocol" > > The former auto-switches between BIO and APR. > The latter explicitly uses the APR implementation. Thanks! I will change the config file as well! > > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > SSLPassword="xxx" > > SSLCertificateFile="xxx/server.crt" > > SSLCertificateKeyFile="xxx/privkey.pem" > > SSLCACertificateFile="xxx/server.crt" > > SSLCertificateChainFile="xxx/server.crt" > > Compression="on"/> > > > > I haven't setup any keystore, as I'm not using the Java Key store for > > this... > I'm not sure why the new version is trying to find a keystore despite this > fact. > > > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected]
