commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1172009 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/ native/modules/openssl/
Date Sat, 17 Sep 2011 16:23:47 GMT
Author: mturk
Date: Sat Sep 17 16:23:46 2011
New Revision: 1172009

URL: http://svn.apache.org/viewvc?rev=1172009&view=rev
Log:
Use less cryptic names

Added:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClientVerifyMode.java
      - copied, changed from r1170745, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLVerifyClient.java
Removed:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLVerifyClient.java
Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java?rev=1172009&r1=1172008&r2=1172009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLBio.java
Sat Sep 17 16:23:46 2011
@@ -62,18 +62,24 @@ public abstract class SSLBio extends Nat
 
     /**
      * Write bytes.
+     *
+     * @param b data to write
+     * @param len write data length
      */
-    public abstract int write(byte[] b);
+    public abstract int write(final byte[] b, int len);
 
     /**
      * Write string.
      */
-    public abstract int puts(String s);
+    public abstract int puts(final String s);
 
     /**
      * Read bytes.
+     *
+     * @param b buffer where the read data should be stored
+     * @param len maximum read length
      */
-    public abstract int read(byte[] buf);
+    public abstract int read(byte[] b, int len);
 
     /**
      * Read string.

Copied: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClientVerifyMode.java
(from r1170745, commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLVerifyClient.java)
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClientVerifyMode.java?p2=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClientVerifyMode.java&p1=commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLVerifyClient.java&r1=1170745&r2=1172009&rev=1172009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLVerifyClient.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLClientVerifyMode.java
Sat Sep 17 16:23:46 2011
@@ -19,15 +19,32 @@ package org.apache.commons.runtime.ssl;
 /**
  * Represents the SSL client verification mode.
  */
-public enum SSLVerifyClient
+public enum SSLClientVerifyMode
 {
 
     /**
      * No verification.
+     * <p>
+     * If used in server mode, the server will not send a client certificate
+     * request to the client, so the client will not send a certificate.
+     * </p>
+     * <p>
+     * In client mode, if not using an anonymous cipher (by default disabled),
+     * the server will send a certificate which will be checked. The result
+     * of the certificate verification process can be checked after the
+     * TLS/SSL handshake using the {@code SSL_get_verify_result} method.
+     * The handshake will be continued regardless of the verification result.
+     * </p>
      */
     NONE(            0),
     /**
-     * Optional.
+     * Optional verification.
+     * <p>
+     * In server mode, the server sends a client certificate request to the client.
+     * The certificate returned (if any) is checked. If the verification process
+     * fails, the handshake is immediately terminated with an alert message
+     * containing the reason for the verification failure.
+     * </p>
      */
     OPTIONAL(        1),
     /**
@@ -35,12 +52,16 @@ public enum SSLVerifyClient
      */
     OPTIONAL_NO_CA(  2),
     /**
-     * Require client verification.
+     * Required client verification.
+     * <p>
+     * If the client did not return a certificate, the TLS/SSL handshake
+     * is immediately terminated with a handshake failure alert.
+     * </p>
      */
     REQUIRE(         3);
 
     private int value;
-    private SSLVerifyClient(int v)
+    private SSLClientVerifyMode(int v)
     {
         value = v;
     }
@@ -50,9 +71,9 @@ public enum SSLVerifyClient
         return value;
     }
 
-    public static SSLVerifyClient valueOf(int value)
+    public static SSLClientVerifyMode valueOf(int value)
     {
-        for (SSLVerifyClient e : values()) {
+        for (SSLClientVerifyMode e : values()) {
             if (e.value == value)
                 return e;
         }

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1172009&r1=1172008&r2=1172009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Sat Sep 17 16:23:46 2011
@@ -39,7 +39,10 @@ public final class SSLContext extends Na
 
     private static native long         new0(int protocol, int mode)
         throws OperationNotImplementedException;
-    private static native void         setid0(long pointer, String id);
+    private static native void         setid0(long ctx, String id);
+    private static native void         setscachesize0(long ctx, int size);
+    private static native void         setpasscb0(long ctx, long cb);
+    private static native void         setverify0(long ctx, int mode, int depth);
 
     private SSLContext()
     {
@@ -70,5 +73,29 @@ public final class SSLContext extends Na
         setid0(super.pointer, id);
     }
 
+    /**
+     * Set session cache size.
+     *
+     * @param size cache size to use. If {@code zero} the session
+     *          cache is turned off.
+     */
+    public void setSessionCacheSize(int size)
+    {
+        if (super.pointer != 0L)
+            setscachesize0(super.pointer, size);
+    }
+
+    /**
+     * Sets this context's verification flags.
+     *
+     * @param mode verification mode to use.
+     * @param depth sets the maximum depth for the certificate chain
+     *          verification that shall be allowed for this context.
+     */
+    public void setClientVerification(SSLClientVerifyMode mode, int depth)
+    {
+        if (super.pointer != 0L)
+            setverify0(super.pointer, mode.valueOf(), depth);
+    }
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1172009&r1=1172008&r2=1172009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Sep 17 16:23:46
2011
@@ -135,6 +135,7 @@ struct SSLAPIst {
     int                 (*fpMD5_Update)(MD5_CTX *, const void *, size_t);
 
     /*** OPENSSL  ***/
+    void                (*fpOPENSSL_add_all_algorithms_noconf)(void);
     void                (*fpOPENSSL_load_builtin_modules)(void);
 
     /*** PEM      ***/
@@ -267,8 +268,8 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
         ACR_THROW_SYS_ERRNO();
         return JNI_FALSE;
     }
-    LIBSSL_FPLOAD(SSLeay);
-    LIBSSL_FPLOAD(SSLeay_version);
+    CRYPTO_FPLOAD(SSLeay);
+    CRYPTO_FPLOAD(SSLeay_version);
     if (SSLeay() < 0x00908000L) {
         AcrThrow(env, ACR_EX_ERUNTIME,
                  "OpenSSL 0.9.8 or greater is required");
@@ -356,6 +357,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_FPLOAD(MD5_Update);
 
     /*** OPENSSL  ***/
+    CRYPTO_FPLOAD(OPENSSL_add_all_algorithms_noconf);
     CRYPTO_FPLOAD(OPENSSL_load_builtin_modules);
 
     /*** PEM      ***/
@@ -711,6 +713,11 @@ int MD5_Final(unsigned char *md, MD5_CTX
     return SSLAPI_CALL(MD5_Final)(md, c);
 }
 
+void OPENSSL_add_all_algorithms_noconf(void)
+{
+    SSLAPI_CALL(OPENSSL_add_all_algorithms_noconf)();
+}
+
 void OPENSSL_load_builtin_modules(void)
 {
     SSLAPI_CALL(OPENSSL_load_builtin_modules)();

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1172009&r1=1172008&r2=1172009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Sat Sep 17 16:23:46
2011
@@ -267,3 +267,13 @@ ACR_SSL_EXPORT(void, SSLContext, setpass
     SSL_CTX_set_default_passwd_cb(c->ctx, ssl_password_callback);
     SSL_CTX_set_default_passwd_cb_userdata(c->ctx, c->password_callback);
 }
+
+ACR_SSL_EXPORT(void, SSLContext, setscachesize0)(JNI_STDARGS, jlong ctx,
+                                                 jint size)
+{
+    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+    if (size < 1)
+        SSL_CTX_set_session_cache_mode(c->ctx, SSL_SESS_CACHE_OFF);
+    else        
+        SSL_CTX_sess_set_cache_size(c->ctx, size);
+}

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1172009&r1=1172008&r2=1172009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Sat Sep 17 16:23:46
2011
@@ -195,6 +195,7 @@ ACR_SSL_EXPORT(jint, SSL, init0)(JNI_STD
      */
     CRYPTO_malloc_init();
     ERR_load_crypto_strings();
+    OPENSSL_add_all_algorithms_noconf();
     SSL_load_error_strings();
     SSL_library_init();
 #ifndef OPENSSL_NO_ENGINE



Mime
View raw message