Author: kkolinko Date: Sun Oct 19 21:01:25 2014 New Revision: 1632988 URL: http://svn.apache.org/r1632988 Log: Followup to the fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=53952 Deprecate SSL_OP_PKCS1_CHECK_1, SSL_OP_PKCS1_CHECK_2 flags.
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1632988&r1=1632987&r2=1632988&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original) +++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Sun Oct 19 21:01:25 2014 @@ -142,9 +142,18 @@ public final class SSL { public static final int SSL_OP_NO_TICKET = 0x00004000; - /* The next flag deliberately changes the ciphertest, this is a check - * for the PKCS#1 attack */ + // SSL_OP_PKCS1_CHECK_1 and SSL_OP_PKCS1_CHECK_2 flags are unsupported + // in the current version of OpenSSL library. See ssl.h changes in commit + // 7409d7ad517650db332ae528915a570e4e0ab88b (30 Apr 2011) of OpenSSL. + /** + * @deprecated Unsupported in the current version of OpenSSL + */ + @Deprecated public static final int SSL_OP_PKCS1_CHECK_1 = 0x08000000; + /** + * @deprecated Unsupported in the current version of OpenSSL + */ + @Deprecated public static final int SSL_OP_PKCS1_CHECK_2 = 0x10000000; public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000; public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x40000000; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org