[tomcat-native] 04/06: Update the FIPS instructions

Thu, 28 Sep 2023 04:20:34 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git

commit dd89296c52628d83f56d1bcb687c395f6f38cc43
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Sep 28 12:17:14 2023 +0100

    Update the FIPS instructions
---
 native/BUILDING | 49 ++++++-------------------------------------------
 1 file changed, 6 insertions(+), 43 deletions(-)

diff --git a/native/BUILDING b/native/BUILDING
index cd2473fc5..51793e02a 100644
--- a/native/BUILDING
+++ b/native/BUILDING
@@ -148,48 +148,11 @@ Windows
    Note: Use ENABLE_OCSP=1 to create OCSP enabled builds
 
 
-Windows with FIPS
-=================
+FIPS
+====
 
-The steps are broadly the same as the non-FIPS build with the following 
additions and changes.
+No additional build steps are required. Configure OpenSSL to use the FIPS
+certified provider as the default provider as described in the OpenSSL
+documentation:
 
-Note: The build process has only been verified with 64-bit Windows. The process
-      for 32-bit Windows should be very similar.
-
-1. Build the FIPS object module
-
-   This step should be completed immediately before building OpenSSL.
-   
-   Unpack the openssl-fips-2.0.x.tar.gz distribution into 
native\srclib\openssl-fips
-   The tar.gz contains symbolic links. Ensure you unpack the archive with a 
tool
-   that replaces these with the linked file or manually replace the symbolic
-   links with associated the linked file before continuing.
-   
-   > c:\cmsc\setenv.bat /x64
-   > set FIPSDIR=%cd%\lib-x64
-   > ms\do_fips
-
-2. Modify the OpenSSL build configuration
-
-   Add 'fips' to the OpenSSL build configuration
-   
-   > perl Configure VC-WIN64A fips
-   
-3. Test the OpenSSL build
-
-   This step should be completed immediately after building OpenSSL.
-   
-   > SET OPENSSL_FIPS=1
-   > openssl md5 openssl.exe
-   
-   This should fail since MD5 is disabled in FIPS mode.
-   
-   > SET OPENSSL_FIPS=
-   > openssl md5 openssl.exe
-   
-   This should work.
-
-4. Modify the tc-native build configuration
-
-   > c:\cmsc\setenv.bat /x64
-   > nmake -f NMAKEMakefile WITH_APR=srclib\apr\WINXP_X64_LIB_RELEASE 
WITH_OPENSSL=srclib\openssl\release-x64 WITH_FIPS=srclib\openssl-fips\lib-x64 
APR_DECLARE_STATIC=1
+  https://www.openssl.org/docs/man3.0/man7/fips_module.html


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to