On 2024/05/14 20:27:02 Christopher Schultz wrote: > > > On 5/14/24 15:23, Andy Arismendi wrote: > > Sure thing - > > > > ADDITIONAL ENVIRONMENT INFO: > > > > libtcnative: tcnative-1.dll is included in the Tomcat 9.0.89 64-bit Windows > > zip download, not sure about the version... > > OpenSSL version: 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) > > (with FIPS 140-2) > > > > Regarding expecting a directory of certificate hash files, I wasn’t > > aware of this, assumed it would pick up CA cert PEM files in a > > directory. > > The Tomcat documentation does say this just needs to be a directory full > of PEM files. I can trace through the code to see if it's more like what > Michael-O posted. Honestly, the whole idea of having to run c_rehash is > a stupid hack for stupid programs. You should never have to do that. :/
If the docs say so, then we need to fix the docs because all path input in OpenSSL expects simplified subject hashes. Anything else will not work/will be ignored. Use strace/truss/etc. and you will see what OpenSSL will try to read. "openssl s_server" will do the trick here for you. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org