mturk 2005/06/09 23:44:35
Modified: jni/java/org/apache/tomcat/jni SSL.java SSLContext.java
jni/native/include ssl_private.h
jni/native/src sslcontext.c
Log:
Add option for setting the SSL connection shutdown type.
Revision Changes Path
1.16 +5 -1
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
Index: SSL.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- SSL.java 9 Jun 2005 09:13:54 -0000 1.15
+++ SSL.java 10 Jun 2005 06:44:35 -0000 1.16
@@ -153,6 +153,10 @@
public static final int SSL_MODE_SERVER = 1;
public static final int SSL_MODE_COMBINED = 2;
+ public static final int SSL_SHUTDOWN_TYPE_UNSET = 0;
+ public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1;
+ public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
+ public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
/* Return OpenSSL version number */
public static native int version();
1.17 +18 -4
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
Index: SSLContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- SSLContext.java 10 Jun 2005 06:25:08 -0000 1.16
+++ SSLContext.java 10 Jun 2005 06:44:35 -0000 1.17
@@ -41,7 +41,7 @@
* SSL_MODE_CLIENT
* SSL_MODE_SERVER
* SSL_MODE_COMBINED
- * </PRE>
+ * </PRE>
*/
public static native long make(long pool, int protocol, int mode)
throws Exception;
@@ -134,7 +134,7 @@
* Certificate Revocation Lists (CRL) of Certification Authorities (CA)
* whose clients you deal with. These are used for Client Authentication.
* Such a file is simply the concatenation of the various PEM-encoded CRL
- * files, in order of preference.
+ * files, in order of preference.
* <br />
* The files in this directory have to be PEM-encoded and are accessed
through
* hash filenames. So usually you can't just place the Certificate files
there:
@@ -167,7 +167,7 @@
* @param ctx Server or Client context to use.
* @param file File of PEM-encoded Server CA Certificates.
* @param skipfirst Skip first certificate if chain file is inside
- * certificate file.
+ * certificate file.
*/
public static native boolean setCertificateChainFile(long ctx, String
file,
boolean skipfirst);
@@ -249,6 +249,20 @@
public static native void setVerifyDepth(long ctx, int depth);
/**
+ * Set SSL connection shutdown type
+ * <br />
+ * The following levels are available for level:
+ * <PRE>
+ * SSL_SHUTDOWN_TYPE_STANDARD
+ * SSL_SHUTDOWN_TYPE_UNCLEAN
+ * SSL_SHUTDOWN_TYPE_ACCURATE
+ * </PRE>
+ * @param ctx Server or Client context to use.
+ * @param type Shutdown type to use.
+ */
+ public static native void setShutdowType(long ctx, int type);
+
+ /**
* Set Type of Client Certificate verification
* <br />
* This directive sets the Certificate verification level for the Client
1.22 +8 -1
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ssl_private.h 10 Jun 2005 06:25:08 -0000 1.21
+++ ssl_private.h 10 Jun 2005 06:44:35 -0000 1.22
@@ -134,6 +134,11 @@
#define SSL_CVERIFY_OPTIONAL_NO_CA (3)
#define SSL_VERIFY_PEER_STRICT
(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+#define SSL_SHUTDOWN_TYPE_UNSET (0)
+#define SSL_SHUTDOWN_TYPE_STANDARD (1)
+#define SSL_SHUTDOWN_TYPE_UNCLEAN (2)
+#define SSL_SHUTDOWN_TYPE_ACCURATE (3)
+
#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are
encrypted for security reasons.\n" \
"In order to read them you have to provide
the pass phrases.\n" \
"Enter password :"
@@ -177,6 +182,7 @@
EVP_PKEY *keys[SSL_AIDX_MAX];
int ca_certs;
+ int shutdown_type;
const char *cipher_suite;
/* for client or downstream server authentication */
@@ -188,6 +194,7 @@
typedef struct {
tcn_ssl_ctxt_t *ctx;
SSL *ssl;
+ int shutdown_type;
} tcn_ssl_conn_t;
1.31 +15 -4 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- sslcontext.c 10 Jun 2005 06:25:08 -0000 1.30
+++ sslcontext.c 10 Jun 2005 06:44:35 -0000 1.31
@@ -156,8 +156,9 @@
/* Set default Certificate verification level
* and depth for the Client Authentication
*/
- c->verify_depth = 1;
- c->verify_mode = SSL_CVERIFY_UNSET;
+ c->verify_depth = 1;
+ c->verify_mode = SSL_CVERIFY_UNSET;
+ c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
/* Set default password callback */
SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb
*)SSL_password_callback);
@@ -323,7 +324,7 @@
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
jboolean rv = JNI_FALSE;
TCN_ALLOC_CSTRING(file);
-
+
UNREFERENCED(o);
TCN_ASSERT(ctx != 0);
if (!J2S(file))
@@ -401,6 +402,16 @@
c->verify_depth = depth;
}
+TCN_IMPLEMENT_CALL(void, SSLContext, setShutdownType)(TCN_STDARGS, jlong ctx,
+ jint type)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+
+ UNREFERENCED_STDARGS;
+ TCN_ASSERT(ctx != 0);
+ c->shutdown_type = type;
+}
+
TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyClient)(TCN_STDARGS, jlong ctx,
jint level)
{
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
