You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/02/01 19:51:46 UTC
svn commit: r1781302 - /tomcat/native/trunk/native/BUILDING
Author: markt
Date: Wed Feb 1 19:51:45 2017
New Revision: 1781302
URL: http://svn.apache.org/viewvc?rev=1781302&view=rev
Log:
Add a section on Windows with FIPS support
Modified:
tomcat/native/trunk/native/BUILDING
Modified: tomcat/native/trunk/native/BUILDING
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/BUILDING?rev=1781302&r1=1781301&r2=1781302&view=diff
==============================================================================
--- tomcat/native/trunk/native/BUILDING (original)
+++ tomcat/native/trunk/native/BUILDING Wed Feb 1 19:51:45 2017
@@ -130,3 +130,50 @@ Windows
> nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE\apr-1.lib WITH_OPENSSL=srclib\openssl\out32-x64 APR_DECLARE_STATIC=1
Note: Use ENABLE_OCSP=1 to create OCSP enabled builds
+
+
+Windows with FIPS
+=================
+
+The steps are broadly the same as the non-FIPS build with the following additions and changes.
+
+Note: The build process has only been verified with 64-bit Windows. The process
+ for 32-bit Windows should be very similar.
+
+1. Build the FIPS object module
+
+ This step should be completed immediately before building OpenSSL.
+
+ Unpack the openssl-fips-2.0.x.tar.gz distribution into native\srclib\openssl-fips
+ The tar.gz contains symbolic links. Ensure you unpack the archive with a tool
+ that replaces these with the linked file or manually replace the symbolic
+ links with associated the linked file before continuing.
+
+ > c:\cmsc\setenv.bat /x64
+ > set FIPSDIR=%cd%\lib-x64
+ > ms\do_fips
+
+2. Modify the OpenSSL build configuration
+
+ Add 'fips' to the OpenSSL build configuration
+
+ > perl Configure VC-WIN64A fips
+
+3. Test the OpenSSL build
+
+ This step should be completed immediately after building OpenSSL.
+
+ > SET OPENSSL_FIPS=1
+ > openssl md5 openssl.exe
+
+ This should fail since MD5 is disabled in FIPS mode.
+
+ > SET OPENSSL_FIPS=
+ > openssl md5 openssl.exe
+
+ This should work.
+
+4. Modify the tc-native build configuration
+
+ > c:\cmsc\setenv.bat /x64
+ > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE\apr-1.lib WITH_OPENSSL=srclib\openssl\out32-x64 WITH_FIPS=srclib\openssl-fips\lib-x64 APR_DECLARE_STATIC=1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org