mturk 2005/06/11 11:22:25
Modified: jni/native/src ssl.c sslcontext.c
Log:
Native part of changes in SSL.java and SSLContext.java
Revision Changes Path
1.33 +9 -1 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- ssl.c 11 Jun 2005 07:03:45 -0000 1.32
+++ ssl.c 11 Jun 2005 18:22:25 -0000 1.33
@@ -760,6 +760,14 @@
return r;
}
+TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS)
+{
+ char buf[256];
+ UNREFERENCED(o);
+ ERR_error_string(ERR_get_error(), buf);
+ return tcn_new_string(e, buf, -1);
+}
+
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
1.34 +16 -6 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- sslcontext.c 11 Jun 2005 07:03:45 -0000 1.33
+++ sslcontext.c 11 Jun 2005 18:22:25 -0000 1.34
@@ -145,11 +145,11 @@
*/
SSL_CTX_set_options(c->ctx,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
- /* Default vhost id and cache size */
+ /* Default session context id and cache size */
SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
(unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
- &(c->vhost_id[0]));
+ &(c->context_id[0]));
if (mode) {
SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
@@ -185,8 +185,8 @@
return apr_pool_cleanup_run(c->pool, c, ssl_context_cleanup);
}
-TCN_IMPLEMENT_CALL(void, SSLContext, setVhostId)(TCN_STDARGS, jlong ctx,
- jstring id)
+TCN_IMPLEMENT_CALL(void, SSLContext, setContextId)(TCN_STDARGS, jlong ctx,
+ jstring id)
{
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
TCN_ALLOC_CSTRING(id);
@@ -196,7 +196,7 @@
if (J2S(id)) {
MD5((const unsigned char *)J2S(id),
(unsigned long)strlen(J2S(id)),
- &(c->vhost_id[0]));
+ &(c->context_id[0]));
}
TCN_FREE_CSTRING(id);
}
@@ -363,6 +363,7 @@
rv = JNI_FALSE;
goto cleanup;
}
+ c->store = SSL_CTX_get_cert_store(c->ctx);
if (c->mode) {
STACK_OF(X509_NAME) *ca_certs;
c->ca_certs++;
@@ -425,6 +426,15 @@
if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) ||
(c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
verify |= SSL_VERIFY_PEER;
+ if (!c->store) {
+ if (SSL_CTX_set_default_verify_paths(c->ctx)) {
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ X509_STORE_set_flags(c->store, 0);
+ }
+ else {
+ /* XXX: See if this is fatal */
+ }
+ }
SSL_CTX_set_verify(c->ctx, verify, SSL_callback_SSL_verify);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
