mturk 2005/06/09 23:44:35 Modified: jni/java/org/apache/tomcat/jni SSL.java SSLContext.java jni/native/include ssl_private.h jni/native/src sslcontext.c Log: Add option for setting the SSL connection shutdown type. Revision Changes Path 1.16 +5 -1 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java Index: SSL.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- SSL.java 9 Jun 2005 09:13:54 -0000 1.15 +++ SSL.java 10 Jun 2005 06:44:35 -0000 1.16 @@ -153,6 +153,10 @@ public static final int SSL_MODE_SERVER = 1; public static final int SSL_MODE_COMBINED = 2; + public static final int SSL_SHUTDOWN_TYPE_UNSET = 0; + public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1; + public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2; + public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3; /* Return OpenSSL version number */ public static native int version(); 1.17 +18 -4 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java Index: SSLContext.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- SSLContext.java 10 Jun 2005 06:25:08 -0000 1.16 +++ SSLContext.java 10 Jun 2005 06:44:35 -0000 1.17 @@ -41,7 +41,7 @@ * SSL_MODE_CLIENT * SSL_MODE_SERVER * SSL_MODE_COMBINED - * </PRE> + * </PRE> */ public static native long make(long pool, int protocol, int mode) throws Exception; @@ -134,7 +134,7 @@ * Certificate Revocation Lists (CRL) of Certification Authorities (CA) * whose clients you deal with. These are used for Client Authentication. * Such a file is simply the concatenation of the various PEM-encoded CRL - * files, in order of preference. + * files, in order of preference. * <br /> * The files in this directory have to be PEM-encoded and are accessed through * hash filenames. So usually you can't just place the Certificate files there: @@ -167,7 +167,7 @@ * @param ctx Server or Client context to use. * @param file File of PEM-encoded Server CA Certificates. * @param skipfirst Skip first certificate if chain file is inside - * certificate file. + * certificate file. */ public static native boolean setCertificateChainFile(long ctx, String file, boolean skipfirst); @@ -249,6 +249,20 @@ public static native void setVerifyDepth(long ctx, int depth); /** + * Set SSL connection shutdown type + * <br /> + * The following levels are available for level: + * <PRE> + * SSL_SHUTDOWN_TYPE_STANDARD + * SSL_SHUTDOWN_TYPE_UNCLEAN + * SSL_SHUTDOWN_TYPE_ACCURATE + * </PRE> + * @param ctx Server or Client context to use. + * @param type Shutdown type to use. + */ + public static native void setShutdowType(long ctx, int type); + + /** * Set Type of Client Certificate verification * <br /> * This directive sets the Certificate verification level for the Client 1.22 +8 -1 jakarta-tomcat-connectors/jni/native/include/ssl_private.h Index: ssl_private.h =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- ssl_private.h 10 Jun 2005 06:25:08 -0000 1.21 +++ ssl_private.h 10 Jun 2005 06:44:35 -0000 1.22 @@ -134,6 +134,11 @@ #define SSL_CVERIFY_OPTIONAL_NO_CA (3) #define SSL_VERIFY_PEER_STRICT (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) +#define SSL_SHUTDOWN_TYPE_UNSET (0) +#define SSL_SHUTDOWN_TYPE_STANDARD (1) +#define SSL_SHUTDOWN_TYPE_UNCLEAN (2) +#define SSL_SHUTDOWN_TYPE_ACCURATE (3) + #define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \ "In order to read them you have to provide the pass phrases.\n" \ "Enter password :" @@ -177,6 +182,7 @@ EVP_PKEY *keys[SSL_AIDX_MAX]; int ca_certs; + int shutdown_type; const char *cipher_suite; /* for client or downstream server authentication */ @@ -188,6 +194,7 @@ typedef struct { tcn_ssl_ctxt_t *ctx; SSL *ssl; + int shutdown_type; } tcn_ssl_conn_t; 1.31 +15 -4 jakarta-tomcat-connectors/jni/native/src/sslcontext.c Index: sslcontext.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- sslcontext.c 10 Jun 2005 06:25:08 -0000 1.30 +++ sslcontext.c 10 Jun 2005 06:44:35 -0000 1.31 @@ -156,8 +156,9 @@ /* Set default Certificate verification level * and depth for the Client Authentication */ - c->verify_depth = 1; - c->verify_mode = SSL_CVERIFY_UNSET; + c->verify_depth = 1; + c->verify_mode = SSL_CVERIFY_UNSET; + c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET; /* Set default password callback */ SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback); @@ -323,7 +324,7 @@ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); jboolean rv = JNI_FALSE; TCN_ALLOC_CSTRING(file); - + UNREFERENCED(o); TCN_ASSERT(ctx != 0); if (!J2S(file)) @@ -401,6 +402,16 @@ c->verify_depth = depth; } +TCN_IMPLEMENT_CALL(void, SSLContext, setShutdownType)(TCN_STDARGS, jlong ctx, + jint type) +{ + tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); + + UNREFERENCED_STDARGS; + TCN_ASSERT(ctx != 0); + c->shutdown_type = type; +} + TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyClient)(TCN_STDARGS, jlong ctx, jint level) {
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]