cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
mturk 2005/06/12 00:33:08
Modified:jni/java/org/apache/tomcat/jni SSL.java
jni/native/include ssl_private.h
jni/native/src ssl.c sslcontext.c sslutils.c
Added: jni/java/org/apache/tomcat/jni PasswordCallback.java
Log:
Change PasswordCallback instead BIO for obtaining passwords.
A single global function is enough.
Revision ChangesPath
1.18 +4 -4
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
Index: SSL.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- SSL.java 11 Jun 2005 18:16:42 - 1.17
+++ SSL.java 12 Jun 2005 07:33:08 - 1.18
@@ -220,10 +220,10 @@
public static native int closeBIO(long bio);
/**
- * Set global Password callback BIO for obtaining passwords.
- * @param bio BIO to use.
+ * Set global Password callback for obtaining passwords.
+ * @param callback PasswordCallback implementation to use.
*/
- public static native void setPasswordBIO(long bio);
+ public static native void setPasswordCallback(PasswordCallback
callback);
/**
* Set global Password for decrypting certificates and keys.
1.1
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/PasswordCallback.java
Index: PasswordCallback.java
===
/*
* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the License);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.jni;
/** PasswordCallback Interface
*
* @author Mladen Turk
* @version $Revision: 1.1 $, $Date: 2005/06/12 07:33:07 $
*/
public interface PasswordCallback {
/**
* Called when the password is required
* @param prompt Password prompt
* @return Valid password or null
*/
public String callback(String prompt);
}
1.27 +2 -2
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ssl_private.h 11 Jun 2005 18:20:10 - 1.26
+++ ssl_private.h 12 Jun 2005 07:33:08 - 1.27
@@ -168,7 +168,7 @@
typedef struct {
charpassword[SSL_MAX_PASSWORD_LEN];
const char *prompt;
-BIO*bio;
+tcn_callback_t cb;
} tcn_pass_cb_t;
extern tcn_pass_cb_t tcn_password_callback;
1.35 +21 -11jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- ssl.c 12 Jun 2005 07:01:03 - 1.34
+++ ssl.c 12 Jun 2005 07:33:08 - 1.35
@@ -113,6 +113,12 @@
if (!ssl_initialized)
return APR_SUCCESS;
ssl_initialized = 0;
+
+if (tcn_password_callback.cb.obj) {
+TCN_UNLOAD_CLASS(tcn_password_callback.cb.env,
+ tcn_password_callback.cb.obj);
+}
+
SSL_TMP_KEYS_FREE(RSA);
SSL_TMP_KEYS_FREE(DH);
/*
@@ -693,19 +699,23 @@
return APR_SUCCESS;
}
-TCN_IMPLEMENT_CALL(void, SSL, setPasswordBIO)(TCN_STDARGS, jlong bio)
+TCN_IMPLEMENT_CALL(void, SSL, setPasswordCallback)(TCN_STDARGS,
+ jobject callback)
{
-BIO *bio_handle = J2P(bio, BIO *);
+jclass cls;
-UNREFERENCED_STDARGS;
-if (tcn_password_callback.bio
-tcn_password_callback.bio != bio_handle) {
-SSL_BIO_close(tcn_password_callback.bio);
-tcn_password_callback.bio = bio_handle;
+UNREFERENCED(o);
+if (tcn_password_callback.cb.obj) {
+TCN_UNLOAD_CLASS(tcn_password_callback.cb.env,
+ tcn_password_callback.cb.obj);
}
-else
-return;
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
mturk 2005/06/07 04:05:07
Modified:jni/native/include ssl_private.h
jni/native/src ssl.c sslcontext.c sslutils.c
Log:
Add global password callback handle.
In case we set the callback BIO per context then it will be used to
allow multple passwords and keys per vhost base.
Since context are created from single thread we can have multiple passwords
without setting per context BIO.
Revision ChangesPath
1.18 +9 -3
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- ssl_private.h 7 Jun 2005 09:13:22 - 1.17
+++ ssl_private.h 7 Jun 2005 11:05:07 - 1.18
@@ -118,6 +118,10 @@
#define SSL_CVERIFY_OPTIONAL_NO_CA (3)
#define SSL_VERIFY_PEER_STRICT
(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+#define SSL_DEFAULT_PASS_PROMPT Some of your private key files are
encrypted for security reasons.\n \
+In order to read them you have to provide
the pass phrases.\n \
+Enter password :
+
extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
typedef struct {
@@ -132,9 +136,11 @@
typedef struct {
charpassword[SSL_MAX_PASSWORD_LEN];
const char *prompt;
-tcn_ssl_ctxt_t *ctx;
+BIO*bio;
} tcn_pass_cb_t;
+extern tcn_pass_cb_t tcn_password_callback;
+
struct tcn_ssl_ctxt_t {
apr_pool_t *pool;
SSL_CTX *ctx;
@@ -162,7 +168,7 @@
int verify_depth;
int verify_mode;
void*temp_keys[SSL_TMP_KEY_MAX];
-tcn_pass_cb_t password;
+tcn_pass_cb_t *cb_data;
};
typedef struct {
1.21 +4 -1 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- ssl.c 6 Jun 2005 08:14:50 - 1.20
+++ ssl.c 7 Jun 2005 11:05:07 - 1.21
@@ -37,6 +37,7 @@
ENGINE *tcn_ssl_engine = NULL;
void *SSL_temp_keys[SSL_TMP_KEY_MAX];
+tcn_pass_cb_t tcn_password_callback;
/*
* Handle the Temporary RSA Keys and DH Params
@@ -404,6 +405,8 @@
tcn_ssl_engine = ee;
}
#endif
+
+memset(tcn_password_callback, 0, sizeof(tcn_pass_cb_t));
/* Initialize PRNG
* This will in most cases call the builtin
* low entropy seed.
1.27 +15 -8 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- sslcontext.c 7 Jun 2005 09:57:22 - 1.26
+++ sslcontext.c 7 Jun 2005 11:05:07 - 1.27
@@ -123,7 +123,6 @@
c-ctx = ctx;
c-pool = p;
c-bio_os = BIO_new(BIO_s_file());
-c-password.ctx = c;
if (c-bio_os != NULL)
BIO_set_fp(c-bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
SSL_CTX_set_options(c-ctx, SSL_OP_ALL);
@@ -162,7 +161,7 @@
/* Set default password callback */
SSL_CTX_set_default_passwd_cb(c-ctx, (pem_password_cb
*)SSL_password_callback);
-SSL_CTX_set_default_passwd_cb_userdata(c-ctx, (void *)(c-password));
+SSL_CTX_set_default_passwd_cb_userdata(c-ctx, (void
*)(tcn_password_callback));
/*
* Let us cleanup the ssl context when the pool is destroyed
*/
@@ -214,9 +213,12 @@
c-bio_os = bio_handle;
}
else if (dir == 1) {
-if (c-bio_os c-bio_is != bio_handle)
+if (c-bio_is c-bio_is != bio_handle)
SSL_BIO_close(c-bio_is);
-c-bio_os = bio_handle;
+c-bio_is = bio_handle;
+if (!c-cb_data)
+c-cb_data = (tcn_pass_cb_t *)apr_pcalloc(c-pool,
sizeof(tcn_pass_cb_t));
+c-cb_data-bio = bio_handle;
}
else
return;
@@ -426,6 +428,7 @@
{
BIO *bio = NULL;
EVP_PKEY *key = NULL;
+void *cb_data = c-cb_data;
if ((bio = BIO_new(BIO_s_file())) == NULL) {
return NULL;
@@ -434,9 +437,11 @@
BIO_free(bio);
return NULL;
}
+if (!cb_data)
+cb_data = tcn_password_callback;
key = PEM_read_bio_PrivateKey(bio, NULL,
(pem_password_cb *)SSL_password_callback,
-(void
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
mturk 2005/06/02 00:44:39 Modified:jni/java/org/apache/tomcat/jni SSLContext.java jni/native/include ssl_private.h jni/native/src ssl.c sslcontext.c sslutils.c Log: Add more configuration directives to SSL Context. Revision ChangesPath 1.9 +126 -1 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java Index: SSLContext.java === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- SSLContext.java 1 Jun 2005 12:36:24 - 1.8 +++ SSLContext.java 2 Jun 2005 07:44:38 - 1.9 @@ -118,4 +118,129 @@ */ public static native void setQuietShutdown(long ctx, boolean mode); +/** + * Cipher Suite available for negotiation in SSL handshake. + * br / + * This complex directive uses a colon-separated cipher-spec string consisting + * of OpenSSL cipher specifications to configure the Cipher Suite the client + * is permitted to negotiate in the SSL handshake phase. Notice that this + * directive can be used both in per-server and per-directory context. + * In per-server context it applies to the standard SSL handshake when a + * connection is established. In per-directory context it forces a SSL + * renegotation with the reconfigured Cipher Suite after the HTTP request + * was read but before the HTTP response is sent. + * @param ctx Server or Client context to use. + * @param ciphers An SSL cipher specification. + */ +public static native boolean setCipherSuite(long ctx, String ciphers); + +/** + * Set Directory of PEM-encoded CA Certificates for Client Auth + * br / + * This directive sets the directory where you keep the Certificates of + * Certification Authorities (CAs) whose clients you deal with. These are + * used to verify the client certificate on Client Authentication. + * br / + * The files in this directory have to be PEM-encoded and are accessed through + * hash filenames. So usually you can't just place the Certificate files there: + * you also have to create symbolic links named hash-value.N. And you should + * always make sure this directory contains the appropriate symbolic links. + * Use the Makefile which comes with mod_ssl to accomplish this task. + * @param ctx Server or Client context to use. + * @param path Directory of PEM-encoded CA Certificates for Client Auth. + */ +public static native boolean setCARevocationPath(long ctx, String path); + +/** + * Set File of concatenated PEM-encoded CA CRLs for Client Auth + * br / + * This directive sets the all-in-one file where you can assemble the + * Certificate Revocation Lists (CRL) of Certification Authorities (CA) + * whose clients you deal with. These are used for Client Authentication. + * Such a file is simply the concatenation of the various PEM-encoded CRL + * files, in order of preference. This can be used alternatively and/or + * additionally to codesetCARevocationPath/code. + * @param ctx Server or Client context to use. + * @param file File of concatenated PEM-encoded CA CRLs for Client Auth. + */ +public static native boolean setCARevocationFile(long ctx, String file); + +/** + * Set File of PEM-encoded Server CA Certificates + * br / + * This directive sets the optional all-in-one file where you can assemble the + * certificates of Certification Authorities (CA) which form the certificate + * chain of the server certificate. This starts with the issuing CA certificate + * of of the server certificate and can range up to the root CA certificate. + * Such a file is simply the concatenation of the various PEM-encoded CA + * Certificate files, usually in certificate chain order. + * br / + * But be careful: Providing the certificate chain works only if you are using + * a single (either RSA or DSA) based server certificate. If you are using a + * coupled RSA+DSA certificate pair, this will work only if actually both + * certificates use the same certificate chain. Else the browsers will be + * confused in this situation. + * @param ctx Server or Client context to use. + * @param file File of PEM-encoded Server CA Certificates. + */ +public static native boolean setCertificateChainFile(long ctx, String file); + +/** + * Set Server Certificate + * br / + * Point setCertificateFile at a PEM encoded certificate. If + * the certificate is encrypted, then you will be prompted for a + * pass phrase. Note
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
mturk 2005/06/01 01:19:39
Modified:jni/java/org/apache/tomcat/jni SSLContext.java
jni/native/include ssl_private.h
jni/native/src ssl.c sslcontext.c sslutils.c
Log:
Add functions for setting error and password prompt BIO callbacks.
Revision ChangesPath
1.4 +34 -1
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
Index: SSLContext.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SSLContext.java 1 Jun 2005 06:38:09 - 1.3
+++ SSLContext.java 1 Jun 2005 08:19:39 - 1.4
@@ -61,6 +61,39 @@
* @return APR Status code.
*/
public static native int free(long ctx);
+
+/**
+ * Set Virtual host id. Usually host:port combination.
+ * @param ctx Context to use.
+ * @param id String that uniquely identifies this context.
+ */
+ public static native void setVhostId(long ctx, String id);
+
+/**
+ * Asssociate BIOCallback for error reporting.
+ * br /
+ * First word in the output string will contain error
+ * level in the form:
+ * PRE
+ * [ERROR] -- Critical error messages
+ * [WARN] -- Varning messages
+ * [INFO] -- Informational messages
+ * [DEBUG] -- Debugging messaged
+ * /PRE
+ * Callback can use that word to determine application logging level
+ * by intercepting bwrite/b call.
+ * If the bbio/b is set to 0 no error messages will be displayed.
+ * Default is to use the stderr output stream.
+ * @param ctx Server or Client context to use.
+ * @param bio BIO handle to use, created with SSL.newBIO
+ */
+ public static native void setErrBIO(long ctx, long bio);
+/**
+ * Asssociate BIOCallback for Password prompting.
+ * @param ctx Server or Client context to use.
+ * @param bio BIO handle to use, created with SSL.newBIO
+ */
+ public static native void setPPromptBIO(long ctx, long bio);
}
1.6 +4 -2
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ssl_private.h 1 Jun 2005 06:38:09 - 1.5
+++ ssl_private.h 1 Jun 2005 08:19:39 - 1.6
@@ -110,6 +110,8 @@
struct tcn_ssl_ctxt {
apr_pool_t *pool;
SSL_CTX *ctx;
+BIO *bio_err;
+BIO *pprompt;
unsigned char vhost_id[MD5_DIGEST_LENGTH];
int protocol;
@@ -144,6 +146,6 @@
voidSSL_init_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
voidSSL_set_app_data2(SSL *, void *);
-
+int SSL_password_prompt(tcn_ssl_ctxt_t *, char *, int);
#endif /* SSL_PRIVATE_H */
1.15 +2 -2 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ssl.c 1 Jun 2005 06:38:09 - 1.14
+++ ssl.c 1 Jun 2005 08:19:39 - 1.15
@@ -438,8 +438,8 @@
TCN_UNLOAD_CLASS(j-cb.env, j-cb.obj);
}
bi-init = 0;
+OPENSSL_free(bi-ptr);
}
-OPENSSL_free(bi-ptr);
bi-ptr = NULL;
return 1;
}
1.5 +67 -4 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sslcontext.c 1 Jun 2005 06:35:26 - 1.4
+++ sslcontext.c 1 Jun 2005 08:19:39 - 1.5
@@ -53,9 +53,16 @@
}
}
}
-else {
+else if (c-pk.c.certs) {
sk_X509_INFO_pop_free(c-pk.c.certs, X509_INFO_free);
+c-pk.c.certs = NULL;
}
+if (c-pprompt)
+BIO_free(c-pprompt);
+c-pprompt = NULL;
+if (c-bio_err)
+BIO_free(c-bio_err);
+c-bio_err = NULL;
}
return APR_SUCCESS;
}
@@ -98,7 +105,14 @@
c-mode = 1;
c-ctx = ctx;
c-pool = p;
-
+c-bio_err = BIO_new(BIO_s_file());
+c-pprompt = BIO_new(BIO_s_file());
+
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
mturk 2005/06/01 03:45:03
Modified:jni/native/include ssl_private.h
jni/native/src ssl.c sslcontext.c sslutils.c
Log:
Add reference counter to BIO handler, so that multiple context can
register the same BIO.
Revision ChangesPath
1.8 +6 -1
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ssl_private.h 1 Jun 2005 09:05:08 - 1.7
+++ ssl_private.h 1 Jun 2005 10:45:02 - 1.8
@@ -83,6 +83,9 @@
#define SSL_PROTOCOL_TLSV1 (12)
#define SSL_PROTOCOL_ALL
(SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#define SSL_BIO_FLAG_RDONLY (10)
+#define SSL_BIO_FLAG_CALLBACK (11)
+
/* public cert/private key */
typedef struct {
/*
@@ -147,5 +150,7 @@
void *SSL_get_app_data2(SSL *);
voidSSL_set_app_data2(SSL *, void *);
int SSL_password_prompt(tcn_ssl_ctxt_t *, char *, int);
+voidSSL_BIO_close(BIO *);
+voidSSL_BIO_doref(BIO *);
#endif /* SSL_PRIVATE_H */
1.16 +42 -9 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ssl.c 1 Jun 2005 08:19:39 - 1.15
+++ ssl.c 1 Jun 2005 10:45:03 - 1.16
@@ -400,10 +400,12 @@
/* OpenSSL Java Stream BIO */
typedef struct {
+intrefcount;
apr_pool_t *pool;
tcn_callback_t cb;
} BIO_JAVA;
+
static apr_status_t generic_bio_cleanup(void *data)
{
BIO *b = (BIO *)data;
@@ -414,12 +416,43 @@
return APR_SUCCESS;
}
+void SSL_BIO_close(BIO *bi)
+{
+if (bi == NULL)
+return;
+if (bi-ptr != NULL (bi-flags SSL_BIO_FLAG_CALLBACK)) {
+BIO_JAVA *j = (BIO_JAVA *)bi-ptr;
+j-refcount--;
+if (j-refcount == 0) {
+if (j-pool)
+apr_pool_cleanup_run(j-pool, bi, generic_bio_cleanup);
+else
+BIO_free(bi);
+}
+}
+else
+BIO_free(bi);
+}
+
+void SSL_BIO_doref(BIO *bi)
+{
+if (bi == NULL)
+return;
+if (bi-ptr != NULL (bi-flags SSL_BIO_FLAG_CALLBACK)) {
+BIO_JAVA *j = (BIO_JAVA *)bi-ptr;
+j-refcount++;
+}
+}
+
+
static int jbs_new(BIO *bi)
{
BIO_JAVA *j;
if ((j = OPENSSL_malloc(sizeof(BIO_JAVA))) == NULL)
return 0;
+j-pool = NULL;
+j-refcount = 1;
bi-shutdown = 1;
bi-init = 0;
bi-num = -1;
@@ -435,9 +468,9 @@
if (bi-ptr != NULL) {
BIO_JAVA *j = (BIO_JAVA *)bi-ptr;
if (bi-init) {
+bi-init = 0;
TCN_UNLOAD_CLASS(j-cb.env, j-cb.obj);
}
-bi-init = 0;
OPENSSL_free(bi-ptr);
}
bi-ptr = NULL;
@@ -552,6 +585,10 @@
goto init_failed;
}
j = (BIO_JAVA *)bio-ptr;
+if ((j = (BIO_JAVA *)bio-ptr) == NULL) {
+tcn_ThrowException(e, Create BIO failed);
+goto init_failed;
+}
j-pool = J2P(pool, apr_pool_t *);
if (j-pool) {
apr_pool_cleanup_register(j-pool, (const void *)bio,
@@ -568,7 +605,8 @@
/* TODO: Check if method id's are valid */
j-cb.obj= (*e)-NewGlobalRef(e, callback);
-bio-init = 1;
+bio-init = 1;
+bio-flags = SSL_BIO_FLAG_CALLBACK;
return P2J(bio);
init_failed:
return 0;
@@ -577,13 +615,8 @@
TCN_IMPLEMENT_CALL(jint, SSL, closeBIO)(TCN_STDARGS, jlong bio)
{
BIO *b = J2P(bio, BIO *);
-BIO_JAVA *j;
-
UNREFERENCED_STDARGS;
-j = (BIO_JAVA *)b-ptr;
-if (j-pool) {
-apr_pool_cleanup_run(j-pool, b, generic_bio_cleanup);
-}
+SSL_BIO_close(b);
return APR_SUCCESS;
}
1.7 +10 -7 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sslcontext.c 1 Jun 2005 09:05:08 - 1.6
+++ sslcontext.c 1 Jun 2005 10:45:03 - 1.7
@@ -57,11 +57,12 @@
sk_X509_INFO_pop_free(c-pk.c.certs, X509_INFO_free);
c-pk.c.certs = NULL;
}
+
if (c-bio_is)
-BIO_free(c-bio_is);
