Author: kkolinko
Date: Tue Apr 22 16:15:49 2014
New Revision: 1589195
URL: http://svn.apache.org/r1589195
Log:
veto, as I think the new options do not work
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1589195&r1=1589194&r2=1589195&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Apr 22 16:15:49 2014
@@ -105,10 +105,17 @@ PATCHES PROPOSED TO BACKPORT:
http://svn.apache.org/viewvc?view=revision&revision=r1587723 (adapt)
(Note: requires tcnative 1.1.30)
+1: schultz, markt, remm
- +0: kkolinko:
- a) It needs backport of r1588102 as an Exception is thrown by native
code
+ -1: kkolinko:
+ a) I cannot test (without FIPS-enabled library), but from my code review
+ the new options will not work because you are not setting
+ "fipsModeActive" field in AprLifecycleListener.
- b) "enterFipsMode = 1 != fipsModeState;" code and comment before it are
wrong.
+ Thus AprLifecycleListener.isFIPSModeActive() will return false
+ and startup will be aborted.
+
+ b) It needs backport of r1588102 as an Exception is thrown by native
code
+
+ c) "enterFipsMode = 1 != fipsModeState;" code and comment before it are
wrong.
FIPS_mode() function of OpenSSL is documented to return non-zero
value when in FIPS mode. You cannot expect it to be '1'.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
