mturk 2005/06/11 11:22:25 Modified: jni/native/src ssl.c sslcontext.c Log: Native part of changes in SSL.java and SSLContext.java Revision Changes Path 1.33 +9 -1 jakarta-tomcat-connectors/jni/native/src/ssl.c Index: ssl.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- ssl.c 11 Jun 2005 07:03:45 -0000 1.32 +++ ssl.c 11 Jun 2005 18:22:25 -0000 1.33 @@ -760,6 +760,14 @@ return r; } +TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) +{ + char buf[256]; + UNREFERENCED(o); + ERR_error_string(ERR_get_error(), buf); + return tcn_new_string(e, buf, -1); +} + #else /* OpenSSL is not supported * If someday we make OpenSSL optional 1.34 +16 -6 jakarta-tomcat-connectors/jni/native/src/sslcontext.c Index: sslcontext.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- sslcontext.c 11 Jun 2005 07:03:45 -0000 1.33 +++ sslcontext.c 11 Jun 2005 18:22:25 -0000 1.34 @@ -145,11 +145,11 @@ */ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); #endif - /* Default vhost id and cache size */ + /* Default session context id and cache size */ SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE); MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME, (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1), - &(c->vhost_id[0])); + &(c->context_id[0])); if (mode) { SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA); SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); @@ -185,8 +185,8 @@ return apr_pool_cleanup_run(c->pool, c, ssl_context_cleanup); } -TCN_IMPLEMENT_CALL(void, SSLContext, setVhostId)(TCN_STDARGS, jlong ctx, - jstring id) +TCN_IMPLEMENT_CALL(void, SSLContext, setContextId)(TCN_STDARGS, jlong ctx, + jstring id) { tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); TCN_ALLOC_CSTRING(id); @@ -196,7 +196,7 @@ if (J2S(id)) { MD5((const unsigned char *)J2S(id), (unsigned long)strlen(J2S(id)), - &(c->vhost_id[0])); + &(c->context_id[0])); } TCN_FREE_CSTRING(id); } @@ -363,6 +363,7 @@ rv = JNI_FALSE; goto cleanup; } + c->store = SSL_CTX_get_cert_store(c->ctx); if (c->mode) { STACK_OF(X509_NAME) *ca_certs; c->ca_certs++; @@ -425,6 +426,15 @@ if ((c->verify_mode == SSL_CVERIFY_OPTIONAL) || (c->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)) verify |= SSL_VERIFY_PEER; + if (!c->store) { + if (SSL_CTX_set_default_verify_paths(c->ctx)) { + c->store = SSL_CTX_get_cert_store(c->ctx); + X509_STORE_set_flags(c->store, 0); + } + else { + /* XXX: See if this is fatal */ + } + } SSL_CTX_set_verify(c->ctx, verify, SSL_callback_SSL_verify); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]