You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/02/01 19:51:46 UTC

svn commit: r1781302 - /tomcat/native/trunk/native/BUILDING

Author: markt
Date: Wed Feb  1 19:51:45 2017
New Revision: 1781302

URL: http://svn.apache.org/viewvc?rev=1781302&view=rev
Log:
Add a section on Windows with FIPS support

Modified:
    tomcat/native/trunk/native/BUILDING

Modified: tomcat/native/trunk/native/BUILDING
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/BUILDING?rev=1781302&r1=1781301&r2=1781302&view=diff
==============================================================================
--- tomcat/native/trunk/native/BUILDING (original)
+++ tomcat/native/trunk/native/BUILDING Wed Feb  1 19:51:45 2017
@@ -130,3 +130,50 @@ Windows
    > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE\apr-1.lib WITH_OPENSSL=srclib\openssl\out32-x64 APR_DECLARE_STATIC=1
  
    Note: Use ENABLE_OCSP=1 to create OCSP enabled builds
+
+
+Windows with FIPS
+=================
+
+The steps are broadly the same as the non-FIPS build with the following additions and changes.
+
+Note: The build process has only been verified with 64-bit Windows. The process
+      for 32-bit Windows should be very similar.
+
+1. Build the FIPS object module
+
+   This step should be completed immediately before building OpenSSL.
+   
+   Unpack the openssl-fips-2.0.x.tar.gz distribution into native\srclib\openssl-fips
+   The tar.gz contains symbolic links. Ensure you unpack the archive with a tool
+   that replaces these with the linked file or manually replace the symbolic
+   links with associated the linked file before continuing.
+   
+   > c:\cmsc\setenv.bat /x64
+   > set FIPSDIR=%cd%\lib-x64
+   > ms\do_fips
+
+2. Modify the OpenSSL build configuration
+
+   Add 'fips' to the OpenSSL build configuration
+   
+   > perl Configure VC-WIN64A fips
+   
+3. Test the OpenSSL build
+
+   This step should be completed immediately after building OpenSSL.
+   
+   > SET OPENSSL_FIPS=1
+   > openssl md5 openssl.exe
+   
+   This should fail since MD5 is disabled in FIPS mode.
+   
+   > SET OPENSSL_FIPS=
+   > openssl md5 openssl.exe
+   
+   This should work.
+
+4. Modify the tc-native build configuration
+
+   > c:\cmsc\setenv.bat /x64
+   > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE\apr-1.lib WITH_OPENSSL=srclib\openssl\out32-x64 WITH_FIPS=srclib\openssl-fips\lib-x64 APR_DECLARE_STATIC=1



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org