-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Marcus,
On 1/19/17 4:30 PM, marcus presley wrote: > I'm able to compile FIPS as DLL's You mean APR and OpenSSL, right? Good. > but when attempting to compile and make tcnative.dll, I receive an > error during compilation: > > ======================================= > > libeay32.dll : fatal error LNK1107: invalid or corrupt file: cannot > read at 0x390 > > NMAKE : fatal error U1077: c:\cmsc\msvc\bin\amd64\link.exe : return > code '0x453' > > Stop. Hmm. I'm sorry, I've got very little experience with Microsoft's toolchain. I suspect that libeay32.dll isn't the library you should be linking against... instead it should be either openssl.dll or libopenssl.dll. Also remember to build as a shared library. Perhaps you are trying to build a statically-linked library and it's trying to use the shared-libraries for that purpose. That won't work, of course, and you don't want to statically-link, anyway. (I don't think!). - -chris > ________________________________ From: marcus presley > <marcus_pres...@hotmail.com> Sent: Tuesday, January 17, 2017 4:53 > PM To: Tomcat Users List Subject: Re: Tcnative.dll > apr-1.5.2-win32-src - unable to compile with > openssl-1.0.2j-fips-x86_64 > > Chris, > > > Yes, I must use FIPs. The customer wants FIPs enabled with > Tomcat. > > > I believe its statically linked. > > > > Here's the commands I used to build files. > > ================= > > > openssl make command > > nmake -f ms\nt.mak > > > tcnative.dll make command > > nmake -f NMAKEMakefile WITH_APR=C:\deps-x64\apr-%APR_VER% > WITH_OPENSSL=C:\deps-x64\openssl-%OPENSSL_VER% > APR_DECLARE_STATIC=1 > > ================= > > Marcus ________________________________ From: Christopher Schultz > <ch...@christopherschultz.net> Sent: Tuesday, January 17, 2017 2:17 > PM To: Tomcat Users List Subject: Re: Tcnative.dll > apr-1.5.2-win32-src - unable to compile with > openssl-1.0.2j-fips-x86_64 > > Marcus, > > On 1/15/17 10:27 PM, marcus presley wrote: >> I'm able to compile and generate the tcnative.dll, but now I >> receive the following error when starting Tomcat. > > >> 15-Jan-2017 19:21:20.624 SEVERE [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent >> Failed to initialize the SSLEngine. java.lang.Exception: >> error:2D06B06F:FIPS >> routines:FIPS_check_incore_fingerprint:fingerprint does not >> match at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method) > > > Did you statically-link OpenSSL with tcnative.dll, or are you using > a shared-library for OpenSSL? > > For OpenSSL-FIPS to work properly, it needs to be able to checksum > itself. Static-linking interferes with that. > > Are you sure you need FIPS? > > -chris > >> ________________________________ From: David Oswell >> <dosw...@gmail.com> Sent: Sunday, January 15, 2017 12:46 PM To: >> Tomcat Users List Subject: Re: Tcnative.dll apr-1.5.2-win32-src >> - unable to compile with openssl-1.0.2j-fips-x86_64 > >> I was able to get it to work with VS2008 & Win DDK7 >> (7600.16385.1) , although for cmsc I had to add (was only working >> on x64 build); %XCOPYD% "%WINDDK%\lib\win7\amd64" lib\amd64\ as >> some of the headers weren't the full variants from the other >> directories, while win7 was. I don't recall taht error when I was >> trying to get openssl to build, only encountered missing >> symbol/files issues. > >> On Sat, Jan 14, 2017 at 3:11 AM, Mark Thomas <ma...@apache.org> >> wrote: > >>> On 13 January 2017 20:55:15 GMT+00:00, marcus presley < >>> marcus_pres...@hotmail.com> wrote: >>>> Hi Mark, >>>> >>>> >>>> I was able to work through the cmsc failed error. I rebuilt >>>> my environment with Visual Studio 2010 and this resolved the >>>> issue. >>>> >>>> >>>> I'm experiencing another issue below, when I'm compiling the >>>> openssl source. >>>> >>>> >>>> error LNK2005: getenv already defined in MSVCRT.lib >>>> >>>> >>>> and >>>> >>>> >>>> warning LNK4098: defaultlib 'MSVCRT' conflicts with use of >>>> other libs; use /NODEFAULTLIB: library >>> >>> I'm not 100% sure of my ground here so keep that in mind when >>> you read this reply. >>> >>> The primary driver for the build environment described in the >>> wiki is to produce DLLs that depend only on msvcrt.dll and not >>> on any of the later versions. This simplifies distribution. >>> >>> The only version of Visual Studio I managed to do this with >>> was VS6. And that was many years ago when I was trying to >>> build something to test with locally. >>> >>> Later versions of visual studio always seemed to introduce a >>> dependency on a later version of msvcrt.dll >>> >>> I can only recommend that you use the exact build environment >>> set out in the wiki. Once you step outside of that I'm on >>> unfamiliar ground. I'f you want something that you can use >>> locally then I can suggest enabling the option in that warning >>> and see what happens. >>> >>> Mark >>> >>>> >>>> >>>> >>>> Marcus >>>> >>>> >>>> >>>> >>>> ________________________________ From: Mark Thomas >>>> <ma...@apache.org> Sent: Thursday, January 12, 2017 6:42 PM >>>> To: Tomcat Users List Subject: Re: Tcnative.dll >>>> apr-1.5.2-win32-src - unable to compile with >>>> openssl-1.0.2j-fips-x86_64 >>>> >>>> On 12/01/2017 22:48, marcus presley wrote: >>>>> Mark, >>>>> >>>>> >>>>> I am building the environment but the bat file is failing >>>>> at the >>>> following line: >>>>> >>>>> >>>>> set VSBaseDir=C:\cmsc-master\msvc popd if not exist >>>>> "%VSBaseDir%\bin\i386\lib.exe" goto Failed >>>>> >>>>> >>>>> I explicitly copied lib.exe the directory >>>>> "%VSBaseDir%\bin\i386", but >>>> I still receive the error. >>>> >>>> I've never seen that error. Is VSBaseDir set correctly? >>>> >>>> Mark >>>> >>>> >>>>> >>>>> >>>>> Marcus >>>>> >>>>> >>>>> >>>>> ________________________________ From: marcus presley >>>>> <marcus_pres...@hotmail.com> Sent: Thursday, January 12, >>>>> 2017 3:39 PM To: Tomcat Users List Subject: Re: >>>>> Tcnative.dll apr-1.5.2-win32-src - unable to compile >>>> with openssl-1.0.2j-fips-x86_64 >>>>> >>>>> Hi Mark, >>>>> >>>>> >>>>> Thanks for the guide. Can I use Visual Studio 2015 or >>>>> should I use >>>> the versions you have outlined in guide? >>>>> >>>>> >>>>> Marcus >>>>> >>>>> >>>>> ________________________________ From: Mark Thomas >>>>> <ma...@apache.org> Sent: Thursday, January 12, 2017 2:47 >>>>> PM To: Tomcat Users List Subject: Re: Tcnative.dll >>>>> apr-1.5.2-win32-src - unable to compile >>>> with openssl-1.0.2j-fips-x86_64 >>>>> >>>>> On 12/01/2017 18:56, marcus presley wrote: >>>>>> Forum, >>>>>> >>>>>> >>>>>> I have been unsuccessful, trying to compile >>>>>> 'tcnative.dll' with >>>> Visual Studio 2015. >>>>> >>>>> >>>> https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> cwiki.apache.org This page describes the process for >>>> building the Windows Native Connector for Windows. This is >>>> the native part of the APR/Native connector. These >>>> instructions assume ... >>>> >>>> >>>> >>>>> >>>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> cwiki.apache.org This page describes the process for >>>> building the Windows Native Connector for Windows. This is >>>> the native part of the APR/Native connector. These >>>> instructions assume ... >>>> >>>> >>>> >>>>> cwiki.apache.org This page describes the process for >>>>> building the Windows Native >>>> Connector for Windows. This is the native part of the >>>> APR/Native connector. These instructions assume ... >>>>> >>>>> >>>>> >>>>> >>>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> cwiki.apache.org This page describes the process for >>>> building the Windows Native Connector for Windows. This is >>>> the native part of the APR/Native connector. These >>>> instructions assume ... >>>> >>>> >>>> >>>>> >>>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> >>>> Building the Tomcat Native Connector binaries for Windows >>>> ...<https://cwiki.apache.org/confluence/display/TOMCAT/ >>> Building+the+Tomcat+Native+Connector+binaries+for+Windows> >>>> cwiki.apache.org This page describes the process for >>>> building the Windows Native Connector for Windows. This is >>>> the native part of the APR/Native connector. These >>>> instructions assume ... >>>> >>>> >>>> >>>>> cwiki.apache.org This page describes the process for >>>>> building the Windows Native >>>> Connector for Windows. This is the native part of the >>>> APR/Native connector. These instructions assume ... >>>>> >>>>> >>>>> >>>>> cwiki.apache.org This page describes the process for >>>>> building the Windows Native >>>> Connector for Windows. This is the native part of the >>>> APR/Native connector. These instructions assume ... >>>>> >>>>> >>>>> >>>>> >>>>> Mark >>>>> >>>>>> >>>>>> >>>>>> I have used several online forums including the >>>>>> instructions on >>>> Apache website >>>> (https://tomcat.apache.org/download-native.cgi). >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> >>>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> tomcat.apache.org Use the links below to download the >>>>> Apache Tomcat ® Native software >>>> from one of our mirrors. You must verify the integrity of >>>> the downloaded files using ... >>>>> >>>>> >>>>> >>>>> >>>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> >>>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> tomcat.apache.org Use the links below to download the >>>>> Apache Tomcat ® Native software >>>> from one of our mirrors. You must verify the integrity of >>>> the downloaded files using ... >>>>> >>>>> >>>>> >>>>> tomcat.apache.org Use the links below to download the >>>>> Apache Tomcat ® Native software >>>> from one of our mirrors. You must verify the integrity of >>>> the downloaded files using ... >>>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> I have been able to compile openssl-1.0.2j with FIPS, but >>>>>> I receive >>>> LNK Error when the tcnative.dll is being copiled. >>>>>> >>>>>> >>>>>> Marcus >>>>>> >>>>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> >>>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> tomcat.apache.org Use the links below to download the >>>>> Apache Tomcat ® Native software >>>> from one of our mirrors. You must verify the integrity of >>>> the downloaded files using ... >>>>> >>>>> >>>>> >>>>> >>>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> >>>> Apache Tomcat® - Tomcat Native >>>> Downloads<https://tomcat.apache.org/download-native.cgi> >>>> tomcat.apache.org Use the links below to download the Apache >>>> Tomcat ® Native software from one of our mirrors. You must >>>> verify the integrity of the downloaded files using ... >>>> >>>> >>>> >>>>> tomcat.apache.org Use the links below to download the >>>>> Apache Tomcat ® Native software >>>> from one of our mirrors. You must verify the integrity of >>>> the downloaded files using ... >>>>> >>>>> >>>>> >>>>>> tomcat.apache.org Use the links below to download the >>>>>> Apache Tomcat ® Native software >>>> from one of our mirrors. You must verify the integrity of >>>> the downloaded files using ... >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Marcus J. Presley >>>>>> >>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------ - - > >>>>> > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYgTIqAAoJEBzwKT+lPKRYFFYP/0uIyiBb+ZGHjyFv5b125z+C XBacUd9cpF0YvLb/utINT5MFQar95GD1H0mMBUqbl2sZzeJ0rNeISnYuycYNDCGW dAdSkUBPuwzLIvitOfkwZysudh5Wkse8MQulwX+95qR72essR3AY8VOFx480dRcz e7klzSbC8DTkJF6PUfi3Rzc6cPzRssTVVkC/nA9Q1ho++8M0dmMtUm889avIYNhd BLzqPMYiiXG8eBQo4nnI1w2ia8cMTDk9Xj/11hW79CWvPEaRIvZzsc+EzvbHz0VB 0W8ESpIxFWF1Ef7BCdohxetS1Z9WZ9V0aNV837IHF/ULxA13Dpn1tVluTQMSi6NO pY7wwTkZmRTyZShv9FdaYn37tX6wJVWXx57mD4LPC1c5anwkVg1AmNUwqnLODsu+ eIJ2djwIrJdJhUntyYmNG+LlFmlUkgGggqUJGnWoWN2WvvecTLVvEwpPjOzFJyPC pEffEfI0rarwOGtg0LMl7bm8v3TFrcmFXDOIkpkfOk6lfHTmHB8cWzrauJDdeMV4 ULveQGoGhifZbilVLLNiaTVvOe6kfeKIphmWFQfqvjOMzRPvCI+Wd67Uxik2b0j5 mT5PUT0x68ChHqvVfM1oP7YYGTS7+Gms8IIjvYo4KLkVrgxZV5G/OsuMk5sfjjx7 VTbWM14KYelYZsPccWPN =FlFs -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org