Author: mturk Date: Fri Apr 18 09:10:48 2014 New Revision: 1588429 URL: http://svn.apache.org/r1588429 Log: Bz56396. Some OpenSSL versions do not fail, so ensure we recover only if actually failed to generate 512-bit keys
Modified: tomcat/native/branches/1.1.x/native/src/ssl.c Modified: tomcat/native/branches/1.1.x/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1588429&r1=1588428&r2=1588429&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/native/src/ssl.c (original) +++ tomcat/native/branches/1.1.x/native/src/ssl.c Fri Apr 18 09:10:48 2014 @@ -221,19 +221,22 @@ static const jint supported_ssl_opts = 0 static int ssl_tmp_key_init_rsa(int bits, int idx) { + if (!(SSL_temp_keys[idx] = + RSA_generate_key(bits, RSA_F4, NULL, NULL))) { #ifdef OPENSSL_FIPS - /** - * With FIPS mode short RSA keys cannot be - * generated. - */ - if (bits < 1024) - return 0; + /** + * With FIPS mode short RSA keys cannot be + * generated. + */ + if (bits < 1024) + return 0; + else #endif - if (!(SSL_temp_keys[idx] = - RSA_generate_key(bits, RSA_F4, NULL, NULL))) return 1; - else + } + else { return 0; + } } static int ssl_tmp_key_init_dh(int bits, int idx) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org