Author: mturk Date: Thu Jul 29 18:05:39 2010 New Revision: 980527 URL: http://svn.apache.org/viewvc?rev=980527&view=rev Log: Sync SSL renegotiation from 1.1.x branch
Modified: tomcat/native/trunk/native/src/ssl.c tomcat/native/trunk/native/src/sslcontext.c tomcat/native/trunk/native/src/sslnetwork.c Modified: tomcat/native/trunk/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=980527&r1=980526&r2=980527&view=diff ============================================================================== --- tomcat/native/trunk/native/src/ssl.c (original) +++ tomcat/native/trunk/native/src/ssl.c Thu Jul 29 18:05:39 2010 @@ -813,6 +813,15 @@ TCN_IMPLEMENT_CALL(jstring, SSL, getLast return tcn_new_string(e, buf); } +TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op) +{ +#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + if (op & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + return JNI_TRUE; +#endif + return JNI_FALSE; +} + #else /* OpenSSL is not supported. * Create empty stubs. @@ -918,4 +927,10 @@ TCN_IMPLEMENT_CALL(jstring, SSL, getLast return NULL; } +TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op) +{ + UNREFERENCED_STDARGS; + UNREFERENCED(op); + return JNI_FALSE; +} #endif Modified: tomcat/native/trunk/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=980527&r1=980526&r2=980527&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslcontext.c (original) +++ tomcat/native/trunk/native/src/sslcontext.c Thu Jul 29 18:05:39 2010 @@ -230,6 +230,11 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set UNREFERENCED_STDARGS; TCN_ASSERT(ctx != 0); +#ifndef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + /* Clear the flag if not supported */ + if (opt & 0x00040000) + opt &= ~0x00040000; +#endif SSL_CTX_set_options(c->ctx, opt); } Modified: tomcat/native/trunk/native/src/sslnetwork.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=980527&r1=980526&r2=980527&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslnetwork.c (original) +++ tomcat/native/trunk/native/src/sslnetwork.c Thu Jul 29 18:05:39 2010 @@ -448,12 +448,14 @@ ssl_socket_send(apr_socket_t *sock, cons tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)sock; int s, i, wr = (int)(*len); apr_status_t rv = APR_SUCCESS; + apr_int32_t nb; if (con->reneg_state == RENEG_ABORT) { *len = 0; con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN; return APR_ECONNABORTED; } + apr_socket_opt_get(con->sock, APR_SO_NONBLOCK, &nb); for (;;) { if ((s = SSL_write(con->ssl, buf, wr)) <= 0) { apr_status_t os = apr_get_netos_error(); @@ -469,6 +471,10 @@ ssl_socket_send(apr_socket_t *sock, cons break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: + if (nb && i == SSL_ERROR_WANT_WRITE) { + *len = 0; + return APR_SUCCESS; + } if ((rv = wait_for_io_or_timeout(con, i)) != APR_SUCCESS) { con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN; return rv; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org