svn commit: r1632988 - /tomcat/trunk/java/org/apache/tomcat/jni/SSL.java

[kkolinko]

Author: kkolinko
Date: Sun Oct 19 21:01:25 2014
New Revision: 1632988

URL: http://svn.apache.org/r1632988
Log:
Followup to the fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=53952
Deprecate SSL_OP_PKCS1_CHECK_1, SSL_OP_PKCS1_CHECK_2 flags.

Modified:
    tomcat/trunk/java/org/apache/tomcat/jni/SSL.java

Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1632988&r1=1632987&r2=1632988&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Sun Oct 19 21:01:25 2014
@@ -142,9 +142,18 @@ public final class SSL {
 
     public static final int SSL_OP_NO_TICKET                        = 
0x00004000;
 
-    /* The next flag deliberately changes the ciphertest, this is a check
-     * for the PKCS#1 attack */
+    // SSL_OP_PKCS1_CHECK_1 and SSL_OP_PKCS1_CHECK_2 flags are unsupported
+    // in the current version of OpenSSL library. See ssl.h changes in commit
+    // 7409d7ad517650db332ae528915a570e4e0ab88b (30 Apr 2011) of OpenSSL.
+    /**
+     * @deprecated Unsupported in the current version of OpenSSL
+     */
+    @Deprecated
     public static final int SSL_OP_PKCS1_CHECK_1                    = 
0x08000000;
+    /**
+     * @deprecated Unsupported in the current version of OpenSSL
+     */
+    @Deprecated
     public static final int SSL_OP_PKCS1_CHECK_2                    = 
0x10000000;
     public static final int SSL_OP_NETSCAPE_CA_DN_BUG               = 
0x20000000;
     public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  = 
0x40000000;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org