Chris/Konstatin, Thanks for your help. It was indeed the wrong binary, I had used the x32 instead of x64. I also forced APR as recommended. Kicked the server and we're all good!
Many thanks, Greg -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: April-16-14 6:13 PM To: Tomcat Users List Subject: Re: Patching Tomcat for Heartbleed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Greg, On 4/16/14, 2:28 PM, Cormier, Greg wrote: >> -----Original Message----- From: Konstantin Kolinko >> [mailto:knst.koli...@gmail.com] Sent: April-16-14 2:12 PM To: >> Tomcat Users List Subject: Re: Patching Tomcat for Heartbleed >> >> 2014-04-16 21:44 GMT+04:00 Cormier, Greg >> <greg.corm...@dfo-mpo.gc.ca>: >>> I have a Tomcat 7.0.30 server I'm trying to patch to resolve the >>> heartbleed >> exploit. >>> >>> I shut down the server and overwrite tcnative-1.dll with the >>> recently >> released version. >>> >>> When I restart tomcat, I get errors about the Java Key Store. >>> >>> Apr 16, 2014 9:36:07 AM >>> org.apache.catalina.core.AprLifecycleListener init INFO: The APR >>> based Apache Tomcat Native library which allows optimal >> performance in production environments was not found on the >> java.library.path: D:\Tomcat >> 7.0\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Wi >> >> ndows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\S >> ystem32\WindowsPowerShell\v1.0\;C:\OpenSSL-Win32\bin;;. >> >> The above means that tcnative-1.dll was not found in the directories >> listed above. >> >> I would guess that you used a wrong DLL. It must match the CPU >> architecture of JRE/JDK that you are using. >> >> Is tcnative-1.dll file readable? > > Hmm, I think this might be the case - I may have snagged the 32 bit > version instead of 64 bit! I will try this after business hours so I > can take Tomcat offline and let you know! If you bounced Tomcat and got the above error, then your connector is dead anyway. Unless you rolled-back to the prior configuration, you are already down. If you are pretty sure you are not down even with the above errors, then perhaps you don't need that connector at all. Is Tomcat terminating SSL for you? No web server or SSL-terminating load-balancer in front of Tomcat? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTTwBPAAoJEBzwKT+lPKRYBDgP/1yTjd/FIq4QHp2Ozvif+PP7 JW2knwVsk7A/63AmmZqzGPMoZrq7XrGTuhoinfTNCzQn6nlPNi8w/Fw+/btdPisp LHDcgVThsYJJLhmPq8T3IiH9A9QY9hAugVs4OlGuetHtoZf5J5W7P1qMmrj8/3Cc ejgKr4/a5/qzIVTsXfY5aNzjQicxC1yJgUwP0kuPojh4yc8ZQ6JO0jEmFCycfrmy 7fHwKosUoWOs4O5+wkzNMnhiEY5hGHDUujY5oQTY9RFdjbGJDzEfxGs2EEiH6S4v A1pV/Srn/aNdT9PKkP5tH8ZgCJr4W4XRqr60UEe5Q27Ghii5ZzYYHWZ99FZF1TmE slzL5ZQXEs7wjXt5nwxWOa0zuiP7oTGD02qHiyN76oVcq039x4NXc0JtiZbLJFlG eR2HstrpRs3eFRXieuPfiFPEdbvn6uzgJi2A4mm+s1XOzyb5x8MGwNaUy3RnANem OAf9h3BOVEV2wUfHmPhY896uia/cwpVuX0NAOehkJWqQF1UJ7wCeE0bRUjK+B62d Qm1/j8vgcqNDjRatAFXig+/kLuHsRj+SA1PjoGLdU7UZ03qt075EIGxC/2YjbyKI 0AxJznTMRh0aPAAkyrkdsJIRZdNDWReOFmDAtp3fnsXvSZNjmr54pHK1SQFPvDzP vwBJAPdIIeeb+G1MPz5+ =Dwd1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
