mturk 2005/06/10 03:31:09
Modified: jni/native/include ssl_private.h
jni/native/src sslnetwork.c
Log:
Add SSLSocket.create. This creates SSL from CTX.
Revision Changes Path
1.23 +3 -1
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- ssl_private.h 10 Jun 2005 06:44:35 -0000 1.22
+++ ssl_private.h 10 Jun 2005 10:31:09 -0000 1.23
@@ -194,7 +194,9 @@
typedef struct {
tcn_ssl_ctxt_t *ctx;
SSL *ssl;
+ X509 *cert;
int shutdown_type;
+ apr_socket_t *sock;
} tcn_ssl_conn_t;
1.2 +134 -1 jakarta-tomcat-connectors/jni/native/src/sslnetwork.c
Index: sslnetwork.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslnetwork.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sslnetwork.c 24 May 2005 10:53:20 -0000 1.1
+++ sslnetwork.c 10 Jun 2005 10:31:09 -0000 1.2
@@ -30,6 +30,139 @@
#ifdef HAVE_OPENSSL
#include "ssl_private.h"
+#ifdef TCN_DO_STATISTICS
+#include "apr_atomic.h"
+
+static volatile apr_uint32_t ssl_created = 0;
+static volatile apr_uint32_t ssl_closed = 0;
+static volatile apr_uint32_t ssl_cleared = 0;
+static volatile apr_uint32_t ssl_accepted = 0;
+
+void ssl_network_dump_statistics()
+{
+ fprintf(stderr, "SSL Network Statistics ..\n");
+ fprintf(stderr, "Sockets created : %d\n", ssl_created);
+ fprintf(stderr, "Sockets accepted : %d\n", ssl_accepted);
+ fprintf(stderr, "Sockets closed : %d\n", ssl_closed);
+ fprintf(stderr, "Sockets cleared : %d\n", ssl_cleared);
+}
+
+#endif
+
+static int ssl_smart_shutdown(SSL *ssl, int shutdown_type)
+{
+ int i;
+ int rc = 0;
+
+ switch (shutdown_type) {
+ case SSL_SHUTDOWN_TYPE_UNCLEAN:
+ /* perform no close notify handshake at all
+ * (violates the SSL/TLS standard!)
+ */
+ shutdown_type = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
+ break;
+ case SSL_SHUTDOWN_TYPE_ACCURATE:
+ /* send close notify and wait for clients close notify
+ * (standard compliant, but usually causes connection hangs)
+ */
+ shutdown_type = 0;
+ break;
+ default:
+ /*
+ * case SSL_SHUTDOWN_TYPE_UNSET:
+ * case SSL_SHUTDOWN_TYPE_STANDARD:
+ * send close notify, but don't wait for clients close notify
+ * (standard compliant and safe, so it's the DEFAULT!)
+ */
+ shutdown_type = SSL_RECEIVED_SHUTDOWN;
+ break;
+ }
+
+ SSL_set_shutdown(ssl, shutdown_type);
+ /*
+ * Repeat the calls, because SSL_shutdown internally dispatches through a
+ * little state machine. Usually only one or two interation should be
+ * needed, so we restrict the total number of restrictions in order to
+ * avoid process hangs in case the client played bad with the socket
+ * connection and OpenSSL cannot recognize it.
+ * max 2x pending + 2x data = 4
+ */
+ for (i = 0; i < 4; i++) {
+ if ((rc = SSL_shutdown(ssl)))
+ break;
+ }
+ return rc;
+}
+
+static apr_status_t ssl_socket_cleanup(void *data)
+{
+ tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)data;
+
+ if (con) {
+ if (con->ssl) {
+ ssl_smart_shutdown(con->ssl, con->shutdown_type);
+ SSL_free(con->ssl);
+ con->ssl = NULL;
+ }
+ if (con->cert) {
+ X509_free(con->cert);
+ con->cert = NULL;
+ }
+ if (con->sock) {
+ apr_socket_close(con->sock);
+ con->sock = NULL;
+ }
+ }
+
+#ifdef TCN_DO_STATISTICS
+ apr_atomic_inc32(&ssl_cleared);
+#endif
+ return APR_SUCCESS;
+}
+
+TCN_IMPLEMENT_CALL(jlong, SSLSocket, create)(TCN_STDARGS, jlong ctx,
+ jlong pool)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ apr_pool_t *p = J2P(pool, apr_pool_t *);
+ tcn_ssl_conn_t *con;
+ SSL *ssl;
+
+ UNREFERENCED(o);
+ TCN_ASSERT(pool != 0);
+ TCN_ASSERT(ctx != 0);
+
+ if ((con = apr_pcalloc(p, sizeof(tcn_ssl_conn_t))) == NULL) {
+ tcn_ThrowAPRException(e, apr_get_os_error());
+ goto cleanup;
+ }
+ if ((ssl = SSL_new(c->ctx)) == NULL) {
+ char err[256];
+ ERR_error_string(ERR_get_error(), err);
+ tcn_Throw(e, "SSL_new failed (%s)", err);
+ con = NULL;
+ goto cleanup;
+ }
+ SSL_clear(ssl);
+
+ con->ctx = c;
+ con->ssl = ssl;
+ con->shutdown_type = c->shutdown_type;
+ apr_pool_cleanup_register(p, (const void *)con,
+ ssl_socket_cleanup,
+ apr_pool_cleanup_null);
+
+#ifdef TCN_DO_STATISTICS
+ ssl_created++;
+#endif
+cleanup:
+ return P2J(con);
+
+}
+
+
+
+
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
