You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/10/26 13:57:59 UTC

[tomcat] branch main updated: Fix OpenSSL 3 exception on shutdown

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new a77cff9e52 Fix OpenSSL 3 exception on shutdown
a77cff9e52 is described below

commit a77cff9e528f3317db18b00ec390021ec02a9278
Author: remm <re...@apache.org>
AuthorDate: Wed Oct 26 15:57:37 2022 +0200

    Fix OpenSSL 3 exception on shutdown
    
    The version check was missing and the removed fips API was called,
    causing a harmless (but ugly obviously) linker exception.
---
 .../tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java      | 4 +++-
 .../tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java      | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index 98d6c527c4..57b427031c 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -395,7 +395,9 @@ public class OpenSSLLifecycleListener implements LifecycleListener {
                 if (!MemorySegment.NULL.equals(enginePointer)) {
                     ENGINE_free(enginePointer);
                 }
-                FIPS_mode_set(0);
+                if (OpenSSL_version_num() < 0x3000000fL) {
+                    FIPS_mode_set(0);
+                }
             } finally {
                 OpenSSLStatus.setInitialized(false);
                 fipsModeActive = false;
diff --git a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index 9da964d8e6..3ae03a50e6 100644
--- a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++ b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -396,7 +396,9 @@ public class OpenSSLLifecycleListener implements LifecycleListener {
                 if (!MemoryAddress.NULL.equals(enginePointer)) {
                     ENGINE_free(enginePointer);
                 }
-                FIPS_mode_set(0);
+                if (OpenSSL_version_num() < 0x3000000fL) {
+                    FIPS_mode_set(0);
+                }
             } finally {
                 OpenSSLStatus.setInitialized(false);
                 fipsModeActive = false;


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org