Why is this change needed? Look around current line 139, which already handles that case. All the options are set there and the code before your change mimics the code in httpd. I tested it recently and thought it's correct for all protocol settings.
Regards, Rainer On 21.07.2011 11:56, jfcl...@apache.org wrote: > Author: jfclere > Date: Thu Jul 21 09:56:43 2011 > New Revision: 1149093 > > URL: http://svn.apache.org/viewvc?rev=1149093&view=rev > Log: > Fix for 51056. > > Modified: > tomcat/native/branches/1.1.x/native/src/sslcontext.c > > Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c > URL: > http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1149093&r1=1149092&r2=1149093&view=diff > ============================================================================== > --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original) > +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Thu Jul 21 09:56:43 > 2011 > @@ -90,7 +90,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma > break; > case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3: > case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1: > - case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: > case SSL_PROTOCOL_ALL: > if (mode == SSL_MODE_CLIENT) > ctx = SSL_CTX_new(SSLv23_client_method()); > @@ -99,6 +98,16 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma > else > ctx = SSL_CTX_new(SSLv23_method()); > break; > + case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1: > + if (mode == SSL_MODE_CLIENT) > + ctx = SSL_CTX_new(SSLv23_client_method()); > + else if (mode == SSL_MODE_SERVER) > + ctx = SSL_CTX_new(SSLv23_server_method()); > + else > + ctx = SSL_CTX_new(SSLv23_method()); > + if (ctx != NULL) > + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); > + break; > case SSL_PROTOCOL_TLSV1: > if (mode == SSL_MODE_CLIENT) > ctx = SSL_CTX_new(TLSv1_client_method()); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
