commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1170326 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/ native/include/acr/ native/modules/openssl/
Date Tue, 13 Sep 2011 19:59:36 GMT
Author: mturk
Date: Tue Sep 13 19:59:36 2011
New Revision: 1170326

URL: http://svn.apache.org/viewvc?rev=1170326&view=rev
Log:
Create almost complete ssl context

Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Tue Sep 13 19:59:36 2011
@@ -33,13 +33,19 @@ public final class SSLContext extends Na
     // Hide NativePointer
     private final long  pointer = 0L;
 
-    private static native long         new0();
+    private static native long         new0(int protocol, int mode);
+
+    private SSLContext()
+    {
+        // No instance
+    }
+
     /**
      * Creates a new object instance.
      */
-    public SSLContext()
+    public SSLContext(SSLProtocolMethod method, SSLProtocolMode mode)
     {
-        super.pointer = new0();
+        super.pointer = new0(method.valueOf(), mode.valueOf());
     }
 
 }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
Tue Sep 13 19:59:36 2011
@@ -42,9 +42,17 @@ public enum SSLProtocolMethod
      */
     TLSv1(      4),
     /**
+     * TLSv1.1.
+     */
+    TLSv11(     5),
+    /**
+     * TLSv1.2.
+     */
+    TLSv12(     6),
+    /**
      * DTLSv1.0.
      */
-    DTLSv1(     5);
+    DTLSv1(     7);
 
     private int value;
     private SSLProtocolMethod(int v)

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Tue Sep 13 19:59:36 2011
@@ -157,7 +157,9 @@
 #define SSL_PROTOCOL_SSLV3      2
 #define SSL_PROTOCOL_SSLV23     3
 #define SSL_PROTOCOL_TLSV1      4
-#define SSL_PROTOCOL_DTLSV1     5
+#define SSL_PROTOCOL_TLSV11     5
+#define SSL_PROTOCOL_TLSV12     6
+#define SSL_PROTOCOL_DTLSV1     7
 
 #define SSL_MODE_CLIENT         0
 #define SSL_MODE_SERVER         1
@@ -166,6 +168,7 @@
 #define SSL_BIO_FLAG_RDONLY     1
 #define SSL_BIO_FLAG_CALLBACK   2
 #define SSL_DEFAULT_CACHE_SIZE  256
+#define SSL_DEFAULT_VHOST_NAME  "unknown:443"
 #define SSL_MAX_STR_LEN         2048
 
 #define SSL_CVERIFY_UNSET          (-1)
@@ -361,6 +364,7 @@ void        ssl_init_app_data2_idx(void)
 void       *ssl_get_app_data2(SSL *);
 void        ssl_set_app_data2(SSL *, void *);
 int         ssl_password_callback(char *, int, int, void *);
+int         ssl_no_password_callback(char *buf, int bufsiz, int verify, void *cb);
 void        ssl_bio_close(BIO *);
 void        ssl_bio_doref(BIO *);
 DH         *ssl_dh_get_tmp_param(int);
@@ -372,6 +376,7 @@ void        ssl_vhost_algo_id(const unsi
 int         ssl_ctx_use_certificate_chain(SSL_CTX *, const char *, int);
 int         ssl_callback_ssl_verify(int, X509_STORE_CTX *);
 int         ssl_rand_seed(const char *file);
+void        ssl_throw_errno(JNI_STDENV, int cls);
 
 #endif
 #endif /* _ACR_SSL_H_ */

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Tue Sep 13 19:59:36
2011
@@ -122,11 +122,13 @@ struct SSLAPIst {
     unsigned long       (*fpERR_get_error)(void);
     void                (*fpERR_load_crypto_strings)(void);
     unsigned long       (*fpERR_peek_error)(void);
+    void                (*fpERR_put_error)(int, int, int, const char *, int);
 
     /*** EVP      ***/
     void                (*fpEVP_PKEY_free)(EVP_PKEY *);
     
     /*** MD5      ***/
+    unsigned char*      (*fpMD5)(const unsigned char *, size_t, unsigned char *);
     int                 (*fpMD5_Final)(unsigned char *, MD5_CTX *);
     int                 (*fpMD5_Init)(MD5_CTX *);
     int                 (*fpMD5_Update)(MD5_CTX *, const void *, size_t);
@@ -153,6 +155,8 @@ struct SSLAPIst {
     long                (*fpSSL_CTX_ctrl)(SSL_CTX *, int, long, void *);
     SSL_CTX*            (*fpSSL_CTX_new)(CONST_SSL_METHOD *);
     void                (*fpSSL_CTX_free)(SSL_CTX *);
+    void                (*fpSSL_CTX_set_tmp_rsa_callback)(SSL_CTX *, RSA *(*)(SSL *, int,
int));
+    void                (*fpSSL_CTX_set_tmp_dh_callback)(SSL_CTX *, DH *(*)(SSL *, int, int));
 
     /*** SSL      ***/
     void*               (*fpSSL_get_ex_data)(const SSL *, int);
@@ -172,6 +176,12 @@ struct SSLAPIst {
     CONST_SSL_METHOD*   (*fpTLSv1_method)(void);           /* TLSv1.0 */
     CONST_SSL_METHOD*   (*fpTLSv1_server_method)(void);    /* TLSv1.0 */
     CONST_SSL_METHOD*   (*fpTLSv1_client_method)(void);    /* TLSv1.0 */
+    CONST_SSL_METHOD*   (*fpTLSv1_1_method)(void);         /* TLSv1.1 */
+    CONST_SSL_METHOD*   (*fpTLSv1_1_server_method)(void);  /* TLSv1.1 */
+    CONST_SSL_METHOD*   (*fpTLSv1_1_client_method)(void);  /* TLSv1.1 */
+    CONST_SSL_METHOD*   (*fpTLSv1_2_method)(void);         /* TLSv1.2 */
+    CONST_SSL_METHOD*   (*fpTLSv1_2_server_method)(void);  /* TLSv1.2 */
+    CONST_SSL_METHOD*   (*fpTLSv1_2_client_method)(void);  /* TLSv1.2 */
 
     CONST_SSL_METHOD*   (*fpDTLSv1_method)(void);          /* DTLSv1.0 */
     CONST_SSL_METHOD*   (*fpDTLSv1_server_method)(void);   /* DTLSv1.0 */
@@ -277,6 +287,8 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     LIBSSL_FPLOAD(SSL_CTX_free);
     LIBSSL_FPLOAD(SSL_CTX_set_default_passwd_cb);
     LIBSSL_FPLOAD(SSL_CTX_set_default_passwd_cb_userdata);
+    LIBSSL_FPLOAD(SSL_CTX_set_tmp_dh_callback);
+    LIBSSL_FPLOAD(SSL_CTX_set_tmp_rsa_callback);
 
 
     /*** BIO      ***/
@@ -315,11 +327,13 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_FPLOAD(ERR_get_error);
     CRYPTO_FPLOAD(ERR_load_crypto_strings);
     CRYPTO_FPLOAD(ERR_peek_error);
+    CRYPTO_FPLOAD(ERR_put_error);
 
     /*** EVP      ***/
     CRYPTO_FPLOAD(EVP_PKEY_free);
     
     /*** MD5      ***/
+    CRYPTO_FPLOAD(MD5);
     CRYPTO_FPLOAD(MD5_Final);
     CRYPTO_FPLOAD(MD5_Init);
     CRYPTO_FPLOAD(MD5_Update);
@@ -373,7 +387,16 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     LIBSSL_LDDOPT(SSLv2_server_method);
     LIBSSL_LDDOPT(SSLv2_client_method);
 #endif
-
+#ifdef TLS1_1_VERSION
+    LIBSSL_LDDOPT(TLSv1_1_method);
+    LIBSSL_LDDOPT(TLSv1_1_server_method);
+    LIBSSL_LDDOPT(TLSv1_1_client_method);
+#endif
+#ifdef TLS1_2_VERSION
+    LIBSSL_LDDOPT(TLSv1_2_method);
+    LIBSSL_LDDOPT(TLSv1_2_server_method);
+    LIBSSL_LDDOPT(TLSv1_2_client_method);
+#endif
     return JNI_TRUE;
 failed:
     AcrThrowEx(env, ACR_EX_ENOENT, "Cannot find %s::%s()", dname, fname);
@@ -626,11 +649,21 @@ unsigned long ERR_peek_error(void)
     return SSLAPI_CALL(ERR_peek_error)();
 }
 
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+    SSLAPI_CALL(ERR_put_error)(lib, func, reason, file, line);
+}
+
 void EVP_PKEY_free(EVP_PKEY *pkey)
 {
     SSLAPI_CALL(EVP_PKEY_free)(pkey);
 }
 
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+{
+    return SSLAPI_CALL(MD5)(d, n, md);
+}
+
 int MD5_Init(MD5_CTX *c)
 {
     return SSLAPI_CALL(MD5_Init)(c);
@@ -712,6 +745,16 @@ void SSL_CTX_free(SSL_CTX *ctx)
     SSLAPI_CALL(SSL_CTX_free)(ctx);
 }
 
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *, int, int))
+{
+    SSLAPI_CALL(SSL_CTX_set_tmp_rsa_callback)(ctx, cb);
+}
+
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(SSL *, int, int))
+{
+    SSLAPI_CALL(SSL_CTX_set_tmp_dh_callback)(ctx, cb);
+}
+
 void *SSL_get_ex_data(const SSL *ssl, int idx)
 {
     return SSLAPI_CALL(SSL_get_ex_data)(ssl, idx);
@@ -755,6 +798,16 @@ IMPLEMENT_SSLOPT_METHOD(SSLv2)
 IMPLEMENT_SSLOPT_METHOD(SSLv2_server)
 IMPLEMENT_SSLOPT_METHOD(SSLv2_client)
 #endif
+#ifdef TLS1_1_VERSION
+IMPLEMENT_SSLOPT_METHOD(TLSv1_1_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_1_server_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_1_client_method)
+#endif
+#ifdef TLS1_2_VERSION
+IMPLEMENT_SSLOPT_METHOD(TLSv1_2_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_2_server_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_2_client_method)
+#endif
 
 IMPLEMENT_SSLAPI_METHOD(SSLv3)
 IMPLEMENT_SSLAPI_METHOD(SSLv3_server)

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Sep 13 19:59:36
2011
@@ -27,14 +27,160 @@
 #endif
 
 
-ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS)
+ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
 {
-    acr_ssl_ctxt_t *ctx;
+    acr_ssl_ctxt_t   *c;
+    CONST_SSL_METHOD *m = 0;
 
-    ctx = ACR_TALLOC(acr_ssl_ctxt_t);
-    if (ctx == 0)
+    c = ACR_TALLOC(acr_ssl_ctxt_t);
+    if (c == 0)
         return 0;
-    return P2J(ctx);
+    switch (mode) {
+        case SSL_MODE_CLIENT:
+            switch (protocol) {
+                case SSL_PROTOCOL_SSLV2:
+#ifndef OPENSSL_NO_SSL2
+                    m = SSLv2_client_method();
+#endif
+                break;
+                case SSL_PROTOCOL_SSLV3:
+                    m = SSLv3_client_method();
+                break;
+                case SSL_PROTOCOL_SSLV23:
+                    m = SSLv23_client_method();
+                break;
+                case SSL_PROTOCOL_TLSV1:
+                    m = TLSv1_client_method();
+                break;
+                case SSL_PROTOCOL_DTLSV1:
+                    m = DTLSv1_client_method();
+                break;
+                case SSL_PROTOCOL_TLSV11:
+#ifdef TLS1_1_VERSION
+                    m = TLSv1_1_client_method();
+#endif
+                break;
+                case SSL_PROTOCOL_TLSV12:
+#ifdef TLS1_2_VERSION
+                    m = TLSv1_2_client_method();
+#endif
+                break;
+            }
+        break;
+        case SSL_MODE_SERVER:
+            switch (protocol) {
+                case SSL_PROTOCOL_SSLV2:
+#ifndef OPENSSL_NO_SSL2
+                    m = SSLv2_server_method();
+#endif
+                break;
+                case SSL_PROTOCOL_SSLV3:
+                    m = SSLv3_server_method();
+                break;
+                case SSL_PROTOCOL_SSLV23:
+                    m = SSLv23_server_method();
+                break;
+                case SSL_PROTOCOL_TLSV1:
+                    m = TLSv1_server_method();
+                break;
+                case SSL_PROTOCOL_DTLSV1:
+                    m = DTLSv1_server_method();
+                break;
+                case SSL_PROTOCOL_TLSV11:
+#ifdef TLS1_1_VERSION
+                    m = TLSv1_1_server_method();
+#endif
+                break;
+                case SSL_PROTOCOL_TLSV12:
+#ifdef TLS1_2_VERSION
+                    m = TLSv1_2_server_method();
+#endif
+                break;
+            }
+        break;
+        case SSL_MODE_COMBINED:
+            switch (protocol) {
+                case SSL_PROTOCOL_SSLV2:
+#ifndef OPENSSL_NO_SSL2
+                    m = SSLv2_method();
+#endif
+                break;
+                case SSL_PROTOCOL_SSLV3:
+                    m = SSLv3_method();
+                break;
+                case SSL_PROTOCOL_SSLV23:
+                    m = SSLv23_method();
+                break;
+                case SSL_PROTOCOL_TLSV1:
+                    m = TLSv1_method();
+                break;
+                case SSL_PROTOCOL_DTLSV1:
+                    m = DTLSv1_method();
+                break;
+                case SSL_PROTOCOL_TLSV11:
+#ifdef TLS1_1_VERSION
+                    m = TLSv1_1_method();
+#endif
+                break;
+                case SSL_PROTOCOL_TLSV12:
+#ifdef TLS1_2_VERSION
+                    m = TLSv1_2_method();
+#endif
+                break;
+            }
+        break;
+        default:
+        break;
+    }
+    if (m == 0 || (c->ctx == SSL_CTX_new(m)) == 0) {
+        AcrFree(c);
+        ACR_THROW(ACR_EX_EINVAL, 0);
+        return 0;
+    }
+    if ((c->bio_os = BIO_new(BIO_s_file())) != 0)
+        BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+    c->protocol      = protocol;
+    c->mode          = mode;
+    /* Set default Certificate verification level
+     * and depth for the Client Authentication
+     */
+    c->verify_depth  = 1;
+    c->verify_mode   = SSL_CVERIFY_UNSET;
+    c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
+
+    SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
+    if (protocol != SSL_PROTOCOL_SSLV2)
+        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
+    if (protocol != SSL_PROTOCOL_SSLV3)
+        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+    if (protocol != SSL_PROTOCOL_TLSV1)
+        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+    /*
+     * Configure additional context ingredients
+     */
+    SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+    /*
+     * Disallow a session from being resumed during a renegotiation,
+     * so that an acceptable cipher suite can be negotiated.
+     */
+    SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+    /* Default session context id and cache size */
+    SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
+    MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
+        (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
+        c->context_id);
+    if (mode != SSL_MODE_CLIENT) {
+        SSL_CTX_set_tmp_rsa_callback(c->ctx, ssl_callback_tmp_rsa);
+        SSL_CTX_set_tmp_dh_callback(c->ctx,  ssl_callback_tmp_dh);
+    }
+    
+    /* Set default password callback */
+    SSL_CTX_set_default_passwd_cb(c->ctx, ssl_no_password_callback);
+    SSL_CTX_set_default_passwd_cb_userdata(c->ctx, 0);
+    
+    return P2J(c);
 }
 
 ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
@@ -64,3 +210,11 @@ ACR_SSL_EXPORT(void, SSLContext, free0)(
     AcrFree(c);
 }
 
+ACR_SSL_EXPORT(void, SSLContext, setid0)(JNI_STDARGS, jlong ctx, jstring id)
+{
+    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+
+    WITH_CSTR(id) {
+        MD5((const unsigned char *)J2S(id), strlen(J2S(id)), c->context_id);
+    } DONE_WITH_STR(id);
+}

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Tue Sep 13 19:59:36
2011
@@ -239,18 +239,21 @@ ACR_SSL_EXPORT(jboolean, SSL, hasFipsMod
 #endif
 }
 
+ACR_SSL_EXPORT(jstring, SSL, errstr0)(JNI_STDARGS, jint err)
+{
+    char buf[256] = "";
+    ERR_error_string_n(err, buf, sizeof(buf));
+    return AcrNewJavaStringA(env, buf);
+}
+
 ACR_SSL_EXPORT(void, SSL, fipsmode0)(JNI_STDARGS, jboolean on)
 {
 #if defined(OPENSSL_FIPS)
-    if(FIPS_mode_set(on ? 1 : 0) == 0) {
-      unsigned long err = ERR_get_error();
-      char msg[256];
-
-      ERR_error_string_n(err, msg, 256);
-      ACR_THROW_MSG(ACR_EX_ENOSYS, msg);
-    }
+    if(FIPS_mode_set(on ? 1 : 0) == 0)
+        ssl_throw_errno(env, ACR_EX_ENOSYS);
 #else
-    ACR_THROW_MSG(ACR_EX_ENOSYS, "FIPS was not available at build time. You will need an
OpenSSL with FIPS support.");
+    ACR_THROW_MSG(ACR_EX_ENOSYS, "FIPS was not available at build time. "
+                                 "You will need an OpenSSL with FIPS support.");
 #endif
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c Tue Sep 13 19:59:36
2011
@@ -27,19 +27,24 @@
 #endif
 
 /* Global password callback */
-ssl_pass_cb_t *acr_ssl_password_cb;
+ssl_pass_cb_t *acr_ssl_password_cb = 0;
+
+int ssl_no_password_callback(char *buf, int bufsiz, int verify, void *cb)
+{
+    return -1;
+}
 
 int ssl_password_callback(char *buf, int bufsiz, int verify, void *cb)
 {
     ssl_pass_cb_t *pcb = (ssl_pass_cb_t *)cb;
 
     if (buf == 0 || bufsiz < 0)
-        return 0;
+        return -1;
     buf[0] = '\0';
     if (pcb == 0)
         pcb = acr_ssl_password_cb;
     if (pcb == 0)
-        return 0;
+        return -1;
     if (pcb->password == 0) {
         /* Call PasswordCallback.handler()
          */
@@ -50,7 +55,7 @@ int ssl_password_callback(char *buf, int
         strlcpy(buf, pcb->password, bufsiz);
         return (int)strlen(buf);
     }
-    return 0;
+    return -1;
 }
 
 ACR_SSL_EXPORT(jlong, PasswordCallback, new0)(JNI_STDARGS)

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c Tue Sep 13 19:59:36
2011
@@ -394,3 +394,9 @@ int ssl_ctx_use_certificate_chain(SSL_CT
     return n;
 }
 
+void ssl_throw_errno(JNI_STDENV, int cls)
+{
+    char msg[256];
+    ERR_error_string_n(ERR_get_error(), msg, sizeof(msg));
+    AcrThrow(env, cls, msg);
+}



Mime
View raw message