> >>> I ran the openssl utility on the same system as Tomcat, and Process > >>> Explorer shows that its copy of libeay32.dll stays at the correct > >>> address. Additionally, I tested the FIPS-compatible libeay32.dll on > >>> a different server with Tomcat, and had the same problem. This seems > >>> to indicate that the memory address issue is specific to Tomcat, not > >>> the server. > >> > >> Or running within a JVM which has a significant amount of native code > >> that gets loaded first, which may cause the loader to re-locate the > >> library when it finally gets loaded. > >> > >> Any interest in trying some Java-based testing using libtcnative? > > > > I'm game, if you let me know what you'd like me to do. : ) > > All you should have to do is write a small Java program that calls > AprLifecycleListener.lifecycleEvent with an event of type > BEFORE_INIT_EVENT. > > You'll of course have to call things like setFIPSMode(true), etc. > > I wonder if you did that without the rest of Tomcat loaded if anything would > change. I would bet that it's more likely that the bulk of the JVM is causing > the re-location of the library than anything else.
You are right. Even with that simple program the OpenSSL library gets rebased. > >> I'm curious: what base address did you use when you changed it? > > > > The one that worked for me was 0x6FB00000. > > Did you just choose one randomly? Most of the other memory addresses in the process seemed to be at the 0x6xxxxxxx range, so I just tried adding 6 to the beginning of the default memory address, and it worked. > I wonder if you follow the suggestions from the aforementioned thread for > re-building everything with the /FIXED switch. That seems to have fixed > everyone's issues, but you have to be sure to build everything very carefully > or one component can still be relocatable. tcnative of course does not care. I may still be doing something wrong, but I still haven't been able to get this switch to work. I added it to the LFLAGS set in the OpenSSL build, but libeay32.dll still gets rebased when running through tcnative. --Steve Nickels Ipswitch, Inc.
