Author: mturk
Date: Thu Sep 8 09:37:41 2011
New Revision: 1166589
URL: http://svn.apache.org/viewvc?rev=1166589&view=rev
Log:
Rename classes and add initial OpenSSL test suite
Added:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Library.java
- copied, changed from r1166147, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMethod.java
(with props)
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMode.java
(with props)
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
(with props)
Modified:
commons/sandbox/runtime/trunk/build.xml
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ShutdownType.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestMain.java
Modified: commons/sandbox/runtime/trunk/build.xml
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/build.xml?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/build.xml (original)
+++ commons/sandbox/runtime/trunk/build.xml Thu Sep 8 09:37:41 2011
@@ -396,7 +396,9 @@ The Apache Software Foundation (http://w
<target name="test" depends="tests">
<runtest groups="init,core,private,${systemid.subsystem}"/>
</target>
-
+ <target name="testopenssl" depends="tests">
+ <runtest groups="init,openssl" name="openssl"/>
+ </target>
<target name="testsemaphore" depends="tests">
<parallel>
<sequential>
Copied: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Library.java
(from r1166147, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java)
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Library.java?p2=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Library.java&p1=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java&r1=1166147&r2=1166589&rev=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSL.java (original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Library.java
Thu Sep 8 09:37:41 2011
@@ -23,13 +23,14 @@ import org.apache.commons.runtime.System
import java.io.File;
/**
- * SSL library
+ * OpenSSL library
*/
-public final class SSL
+public final class Library
{
private static boolean inited = false;
private static Object lock;
- private SSL()
+
+ private Library()
{
// No instance
}
@@ -40,28 +41,18 @@ public final class SSL
}
- private static native int init0();
- private static native void fipsmode0(int mode)
+ private static native int init0(String engine);
+ private static native void fipsmode0(boolean enable)
throws UnsupportedOperationException;
private static native void rndfile0(String path);
- private static native void engine0(String name);
- public static void setFipsMode(int mode)
- throws IllegalStateException,
- UnsupportedOperationException
- {
- if (!inited)
- throw new IllegalStateException();
- fipsmode0(mode);
- }
-
- public static void initialize()
+ public static void initialize(String engine)
throws SystemException
{
synchronized(lock) {
if (!inited) {
- int rc = init0();
+ int rc = init0(engine);
if (rc != 0)
throw new SystemException(Status.describe(rc));
inited = true;
@@ -69,6 +60,26 @@ public final class SSL
}
}
+ public static boolean initialized()
+ {
+ synchronized(lock) {
+ return inited;
+ }
+ }
+
+ public static native boolean hasFipsMode();
+
+ public static void enableFipsMode(boolean enable)
+ throws IllegalStateException,
+ UnsupportedOperationException
+ {
+ if (!hasFipsMode())
+ throw new UnsupportedOperationException(Local.sm.get("fips.ENOTIMPL"));
+ if (!inited)
+ throw new IllegalStateException();
+ fipsmode0(enable);
+ }
+
public static void setRandomFile(File path)
throws IllegalArgumentException
{
@@ -78,12 +89,5 @@ public final class SSL
rndfile0(fpath);
}
- public static void setCryptoEngine(String name)
- throws IllegalArgumentException
- {
- if (name == null || name.length() < 1)
- throw new IllegalArgumentException();
- engine0(name);
- }
}
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/LocalStrings.properties
Thu Sep 8 09:37:41 2011
@@ -12,3 +12,5 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+fips.ENOTIMPL=FIPS was not available at build time. You will need an OpenSSL with FIPS support.
Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMethod.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMethod.java?rev=1166589&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMethod.java
(added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMethod.java
Thu Sep 8 09:37:41 2011
@@ -0,0 +1,69 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+/**
+ * Represents the SSL protocol method.
+ */
+public enum ProtocolMethod
+{
+ /**
+ * Unset mode.
+ */
+ NONE( 0),
+ /**
+ * SSLv2.
+ */
+ SSLv2( 1),
+ /**
+ * SSLv3.
+ */
+ SSLv3( 2),
+ /**
+ * SSLv3 but can rollback to v2.
+ */
+ SSLv23( 3),
+ /**
+ * TLSv1.0.
+ */
+ TLSv1( 4),
+ /**
+ * DTLSv1.0.
+ */
+ DTLSv1( 5);
+
+ private int value;
+ private ProtocolMethod(int v)
+ {
+ value = v;
+ }
+
+ public int valueOf()
+ {
+ return value;
+ }
+
+ public static ProtocolMethod valueOf(int value)
+ {
+ for (ProtocolMethod e : values()) {
+ if (e.value == value)
+ return e;
+ }
+ return NONE;
+ }
+
+}
Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMethod.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMode.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMode.java?rev=1166589&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMode.java
(added)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMode.java
Thu Sep 8 09:37:41 2011
@@ -0,0 +1,58 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+/**
+ * Represents the SSL protocol mode.
+ */
+public enum ProtocolMode
+{
+
+ /**
+ * Client mode.
+ */
+ CLIENT( 0),
+ /**
+ * Server mode.
+ */
+ SERVER( 1),
+ /**
+ * Combined client server mode.
+ */
+ COMBINED( 2);
+
+ private int value;
+ private ProtocolMode(int v)
+ {
+ value = v;
+ }
+
+ public int valueOf()
+ {
+ return value;
+ }
+
+ public static ProtocolMode valueOf(int value)
+ {
+ for (ProtocolMode e : values()) {
+ if (e.value == value)
+ return e;
+ }
+ return COMBINED;
+ }
+
+}
Propchange: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ProtocolMode.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ShutdownType.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ShutdownType.java?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ShutdownType.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/ShutdownType.java
Thu Sep 8 09:37:41 2011
@@ -49,11 +49,6 @@ public enum ShutdownType
return value;
}
- public boolean isLocal()
- {
- return value > 1;
- }
-
public static ShutdownType valueOf(int value)
{
for (ShutdownType e : values()) {
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Thu Sep 8 09:37:41 2011
@@ -19,6 +19,7 @@
#include "acr/stdtypes.h"
#include "acr/callback.h"
+#include "acr/time.h"
#if HAVE_OPENSSL
/* Exclude unused OpenSSL features
@@ -111,10 +112,11 @@
* Define the SSL Protocol options
*/
#define SSL_PROTOCOL_NONE (0)
-#define SSL_PROTOCOL_SSLV2 (1<<0)
-#define SSL_PROTOCOL_SSLV3 (1<<1)
-#define SSL_PROTOCOL_TLSV1 (1<<2)
-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#define SSL_PROTOCOL_SSLV2 (1)
+#define SSL_PROTOCOL_SSLV3 (2)
+#define SSL_PROTOCOL_SSLV23 (3)
+#define SSL_PROTOCOL_TLSV1 (4)
+#define SSL_PROTOCOL_DTLSV1 (5)
#define SSL_MODE_CLIENT (0)
#define SSL_MODE_SERVER (1)
@@ -124,7 +126,6 @@
#define SSL_BIO_FLAG_CALLBACK (1<<1)
#define SSL_DEFAULT_CACHE_SIZE (256)
#define SSL_MAX_STR_LEN (2048)
-#define SSL_MAX_PASSWORD_LEN (256)
#define SSL_CVERIFY_UNSET (-1)
#define SSL_CVERIFY_NONE (0)
@@ -210,23 +211,27 @@ typedef struct ssl_pkc_t {
} ssl_pkc_t;
typedef struct ssl_pass_cb_t {
- char password[SSL_MAX_PASSWORD_LEN];
- const char *prompt;
+ char *password;
+ char *prompt;
acr_callback_t cb;
} ssl_pass_cb_t;
+/* Default password callback that
+ * directly prompts the console
+ */
extern ssl_pass_cb_t ACRSSL_password_cb;
+/* Server context */
typedef struct acr_ssl_ctxt_t {
SSL_CTX *ctx;
BIO *bio_os;
BIO *bio_is;
- unsigned char context_id[MD5_DIGEST_LENGTH];
+ unsigned char context_id[MD5_DIGEST_LENGTH];
- int protocol;
- /* we are one or the other */
- int mode;
+ int protocol;
+ int mode;
+ int ssl_proxy;
/* certificate revocation list */
X509_STORE *crl;
@@ -237,20 +242,30 @@ typedef struct acr_ssl_ctxt_t {
X509 *certs[SSL_AIDX_MAX];
EVP_PKEY *keys[SSL_AIDX_MAX];
- int ca_certs;
- int shutdown_type;
+ int ca_certs;
+ int shutdown_type;
char *rand_file;
const char *cipher_suite;
/* for client or downstream server authentication */
- int verify_depth;
- int verify_mode;
+ int verify_depth;
+ int verify_mode;
+
+ int ocsp_enabled; /* true if OCSP verification enabled */
+ int ocsp_force_default; /* true if the default responder URL is
+ * used regardless of per-cert URL
+ */
+ const char *ocsp_responder; /* default responder URL */
+ long ocsp_resptime_skew;
+ long ocsp_resp_maxage;
+ acr_time_t ocsp_responder_timeout;
+
} acr_ssl_ctxt_t;
-#define SSL_CTX_get_extra_certs(ctx) ((ctx)->extra_certs)
-#define SSL_CTX_set_extra_certs(ctx, value) \
- do { \
- (ctx)->extra_certs = (value); \
+#define ACRSSL_CTX_get_extra_certs(ctx) ((ctx)->extra_certs)
+#define ACRSSL_CTX_set_extra_certs(ctx, value) \
+ do { \
+ (ctx)->extra_certs = (value); \
} while (0)
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Thu Sep 8 09:37:41
2011
@@ -19,7 +19,6 @@
#include "acr/misc.h"
#include "acr/dso.h"
#include "acr/string.h"
-#include "acr/time.h"
#include "acr/port.h"
#include "arch_sync.h"
#include "acr/ssl.h"
@@ -30,7 +29,6 @@
void *ACRSSL_temp_keys[SSL_TMP_KEY_MAX];
static char ssl_global_rand_file[PATH_MAX] = { 0 };
-static char ssl_global_engine[64] = { 0 };
ssl_pass_cb_t ACRSSL_password_cb;
/* Dynamic lock structure */
@@ -74,7 +72,7 @@ struct CRYPTO_dynlock_value {
static int ssl_tmp_key_init_rsa(int bits, int idx)
{
- if ((ACRSSL_temp_keys[idx] = RSA_generate_key(bits, RSA_F4, 0, 0)) != 0)
+ if ((ACRSSL_temp_keys[idx] = RSA_generate_key(bits, RSA_F4, 0, 0)) == 0)
return 1;
else
return 0;
@@ -82,7 +80,7 @@ static int ssl_tmp_key_init_rsa(int bits
static int ssl_tmp_key_init_dh(int bits, int idx)
{
- if ((ACRSSL_temp_keys[idx] = ACRSSL_dh_get_tmp_param(bits)) != 0)
+ if ((ACRSSL_temp_keys[idx] = ACRSSL_dh_get_tmp_param(bits)) == 0)
return 1;
else
return 0;
@@ -257,7 +255,7 @@ static int ssl_rand_load_file(const char
int ACRSSL_rand_seed(const char *file)
{
unsigned char stackdata[256];
- static volatile int counter = 0;
+ static volatile unsigned int counter = 0;
if (ssl_rand_load_file(file) < 0) {
int n;
@@ -268,9 +266,8 @@ int ACRSSL_rand_seed(const char *file)
unsigned int u;
} _ssl_seed;
if (counter == 0) {
- unsigned int *p = (unsigned int *)stackdata;
- for (n = 0; n < 64; n++)
- p[n] = _bsd_arc4random();
+ for (n = 0; n < 256; n++)
+ stackdata[n] = (unsigned char)_bsd_arc4random();
RAND_seed(stackdata, 128);
}
_ssl_seed.t = AcrTimeNow();
@@ -282,15 +279,15 @@ int ACRSSL_rand_seed(const char *file)
/*
* seed in some current state of the run-time stack (128 bytes)
*/
- n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
- RAND_seed(stackdata + n, 128);
+ n = ssl_rand_choosenum(0, 127);
+ RAND_seed(stackdata + n, 128);
}
return RAND_status();
}
static int ssl_initialized = 0;
-ACR_SSL_EXPORT(jint, SSL, init0)(JNI_STDARGS)
+ACR_SSL_EXPORT(jint, Library, init0)(JNI_STDARGS, jstring engine)
{
int rc;
@@ -312,25 +309,27 @@ ACR_SSL_EXPORT(jint, SSL, init0)(JNI_STD
return rc;
#ifndef OPENSSL_NO_ENGINE
- if (ssl_global_engine[0] != 0) {
- ENGINE *ee = 0;
- if (strcmp(ssl_global_engine, "auto") == 0) {
- ENGINE_register_all_complete();
- }
- else {
- if ((ee = ENGINE_by_id(ssl_global_engine)) == 0 &&
- (ee = ssl_try_load_engine(ssl_global_engine)) == 0)
- rc = ACR_ENOTIMPL;
+ if (engine != 0) {
+ WITH_CSTR(engine) {
+ ENGINE *ee = 0;
+ if (strcmp(J2S(engine), "auto") == 0) {
+ ENGINE_register_all_complete();
+ }
else {
- if (strcmp(ssl_global_engine, "chil") == 0)
- ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
- if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
+ if ((ee = ENGINE_by_id(J2S(engine))) == 0 &&
+ (ee = ssl_try_load_engine(J2S(engine))) == 0)
rc = ACR_ENOTIMPL;
+ else {
+ if (strcmp(J2S(engine), "chil") == 0)
+ ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+ if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
+ rc = ACR_ENOTIMPL;
+ }
+ /* Free our "structural" reference. */
+ if (ee != 0)
+ ENGINE_free(ee);
}
- /* Free our "structural" reference. */
- if (ee != 0)
- ENGINE_free(ee);
- }
+ } DONE_WITH_STR(engine);
}
#endif
if (rc != 0) {
@@ -348,31 +347,34 @@ ACR_SSL_EXPORT(jint, SSL, init0)(JNI_STD
SSL_TMP_KEYS_INIT(rc);
if (rc != 0) {
-
+ /* One of the inits failed
+ */
return ACR_EINIT;
}
ssl_initialized = 1;
return 0;
}
-ACR_SSL_EXPORT(void, SSL, rndfile0)(JNI_STDARGS, jstring path)
+ACR_SSL_EXPORT(void, Library, rndfile0)(JNI_STDARGS, jstring path)
{
WITH_CSTR(path) {
strlcpy(ssl_global_rand_file, J2S(path), PATH_MAX);
} DONE_WITH_STR(path);
}
-ACR_SSL_EXPORT(void, SSL, engine0)(JNI_STDARGS, jstring name)
+ACR_SSL_EXPORT(jboolean, Library, hasFipsMode)(JNI_STDARGS)
{
- WITH_CSTR(name) {
- strlcpy(ssl_global_engine, J2S(name), 64);
- } DONE_WITH_STR(name);
+#if defined(OPENSSL_FIPS)
+ return JNI_TRUE;
+#else
+ return JNI_FALSE;
+#endif
}
-ACR_SSL_EXPORT(void, SSL, fipsmode0)(JNI_STDARGS, jint mode)
+ACR_SSL_EXPORT(void, Library, fipsmode0)(JNI_STDARGS, jboolean on)
{
#if defined(OPENSSL_FIPS)
- if(FIPS_mode_set((int)mode) == 0) {
+ if(FIPS_mode_set(on ? 1 : 0) == 0) {
unsigned long err = ERR_get_error();
char msg[256];
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c Thu Sep 8 09:37:41
2011
@@ -273,12 +273,12 @@ RSA *ACRSSL_callback_tmp_RSA(SSL *ssl, i
break;
case 2048:
idx = SSL_TMP_KEY_RSA_2048;
- if (ACRSSL_temp_keys[idx] == NULL)
+ if (ACRSSL_temp_keys[idx] == 0)
idx = SSL_TMP_KEY_RSA_1024;
break;
case 4096:
idx = SSL_TMP_KEY_RSA_4096;
- if (ACRSSL_temp_keys[idx] == NULL)
+ if (ACRSSL_temp_keys[idx] == 0)
idx = SSL_TMP_KEY_RSA_2048;
break;
case 1024:
@@ -352,7 +352,7 @@ int ACRSSL_CTX_use_certificate_chain(SSL
int n;
STACK_OF(X509) *extra_certs;
- if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
+ if ((bio = BIO_new(BIO_s_file_internal())) == 0)
return -1;
if (BIO_read_filename(bio, file) <= 0) {
BIO_free(bio);
@@ -360,21 +360,21 @@ int ACRSSL_CTX_use_certificate_chain(SSL
}
/* optionally skip a leading server certificate */
if (skipfirst) {
- if ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {
+ if ((x509 = PEM_read_bio_X509(bio, 0, 0, 0)) == 0) {
BIO_free(bio);
return -1;
}
X509_free(x509);
}
/* free a perhaps already configured extra chain */
- extra_certs = SSL_CTX_get_extra_certs(ctx);
- if (extra_certs != NULL) {
+ extra_certs = ACRSSL_CTX_get_extra_certs(ctx);
+ if (extra_certs != 0) {
sk_X509_pop_free(extra_certs, X509_free);
- SSL_CTX_set_extra_certs(ctx,NULL);
+ ACRSSL_CTX_set_extra_certs(ctx, 0);
}
/* create new extra chain by loading the certs */
n = 0;
- while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
+ while ((x509 = PEM_read_bio_X509(bio, 0, 0, 0)) != 0) {
if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
X509_free(x509);
BIO_free(bio);
Modified: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestMain.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestMain.java?rev=1166589&r1=1166588&r2=1166589&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestMain.java (original)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestMain.java Thu
Sep 8 09:37:41 2011
@@ -39,9 +39,6 @@ public class TestMain extends Assert
System.out.print(", Debug=" + Native.HAS_MAINTAINER_MODE);
System.out.println(".");
System.out.flush();
- if (Native.HAS_OPENSSL) {
- assertTrue(Native.ldopenssl());
- }
String[] args = Vm.arguments();
assertNotNull(args[0]);
}
Added: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java?rev=1166589&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
(added)
+++ commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
Thu Sep 8 09:37:41 2011
@@ -0,0 +1,44 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.runtime.ssl;
+
+import org.testng.annotations.*;
+import org.testng.Assert;
+import java.io.IOException;
+import java.io.File;
+import org.apache.commons.runtime.Native;
+
+public class TestOpenSSL extends Assert
+{
+
+ @BeforeSuite(groups = { "openssl" })
+ public void setUp()
+ {
+ if (Native.HAS_OPENSSL) {
+ assertTrue(Native.ldopenssl());
+ }
+ }
+
+ @Test(groups = { "openssl" })
+ public void sslInit()
+ {
+ Library.initialize(null);
+ assertTrue(Library.initialized());
+ }
+
+
+}
Propchange: commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
------------------------------------------------------------------------------
svn:eol-style = native
|