You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2011/11/10 18:43:07 UTC
svn commit: r1200448 - in /tomcat/tc7.0.x/trunk:
java/org/apache/catalina/core/AprLifecycleListener.java
webapps/docs/config/listeners.xml
Author: schultz
Date: Thu Nov 10 17:43:07 2011
New Revision: 1200448
URL: http://svn.apache.org/viewvc?rev=1200448&view=rev
Log:
Back-ported documentation and error-handling improvements for AprLifecycleListener FIPSMode.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java?rev=1200448&r1=1200447&r2=1200448&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AprLifecycleListener.java Thu Nov 10 17:43:07 2011
@@ -108,8 +108,19 @@ public class AprLifecycleListener
try {
initializeSSL();
} catch (Throwable t) {
- ExceptionUtils.handleThrowable(t);
- log.error(sm.getString("aprListener.sslInit"), t);
+ // FIPS Errors are always fatal
+ if("on".equalsIgnoreCase(FIPSMode)
+ && !isFIPSModeActive()) {
+ if(t instanceof Error)
+ throw (Error)t;
+ else if(t instanceof RuntimeException)
+ throw (RuntimeException)t;
+ else
+ throw new IllegalStateException(sm.getString("aprListener.sslInit"), t);
+ } else {
+ ExceptionUtils.handleThrowable(t);
+ log.error(sm.getString("aprListener.sslInit"), t);
+ }
}
}
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml?rev=1200448&r1=1200447&r2=1200448&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/listeners.xml Thu Nov 10 17:43:07 2011
@@ -110,6 +110,14 @@
this to <code>/dev/urandom</code> to allow quicker start times.</p>
</attribute>
+ <attribute name="FIPSMode" required="false">
+ <p>Set to "on" to instruct OpenSSL to go into FIPS mode.
+ FIPS mode <i>requires you to have a FIPS-capable OpenSSL library which
+ you must build yourself</i>.
+ FIPS mode also requires Tomcat native library version 1.1.23 or later,
+ which <i>must be built against the FIPS-compatible OpenSSL</i> library.
+ The default value is <code>off</code>.</p>
+ </attribute>
</attributes>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org