commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1172997 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/SSLContext.java java/org/apache/commons/runtime/ssl/SSLServer.java native/include/acr/ssl.h native/modules/openssl/ctx.c native/modules/openssl/server.c
Date Tue, 20 Sep 2011 06:53:56 GMT
Author: mturk
Date: Tue Sep 20 06:53:55 2011
New Revision: 1172997

URL: http://svn.apache.org/viewvc?rev=1172997&view=rev
Log:
Set common server options within server class

Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Tue Sep 20 06:53:55 2011
@@ -60,13 +60,6 @@ public final class SSLContext extends Na
         throws SSLException;
     private static native void    setvmode0(long ctx, int mode, int depth)
         throws SSLException;
-    private static native void    setoption0(long ctx, int opt);
-    private static native void    clroption0(long ctx, int opt);
-
-
-    private static final int      SSL_COPT_NO_COMPRESSION       = 1;
-    private static final int      SSL_COPT_NO_TICKET            = 2;
-    private static final int      SSL_COPT_ALLOW_UNSAFE_RENEG   = 3;
 
     private SSLContext()
     {
@@ -313,41 +306,5 @@ public final class SSLContext extends Na
         }
     }
 
-    /**
-     * Sets compression support.
-     *
-     * @param on if {@code true} don't use compression even if supported.
-     */
-    public void setNoCompression(boolean on)
-    {
-        if (on)
-            setoption0(super.pointer, SSL_COPT_NO_COMPRESSION);
-        else
-            clroption0(super.pointer, SSL_COPT_NO_COMPRESSION);       
-    }
-
-    /**
-     * Disable use of RFC4507bis session tickets.
-     */
-    public void setNoTicket(boolean on)
-    {
-        if (on)
-            setoption0(super.pointer, SSL_COPT_NO_TICKET);
-        else
-            clroption0(super.pointer, SSL_COPT_NO_TICKET);
-    }
-
-    /**
-     * Enable use of legacy renegotiation (dangerous).
-     *
-     * @param on if {@code true} legacy renegotiation will be enabled.
-     */
-    public void allowLegacyRenegotiation(boolean on)
-    {
-        if (on)
-            setoption0(super.pointer, SSL_COPT_ALLOW_UNSAFE_RENEG);
-        else
-            clroption0(super.pointer, SSL_COPT_ALLOW_UNSAFE_RENEG);
-    }
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Tue Sep 20 06:53:55 2011
@@ -33,17 +33,23 @@ public final class SSLServer extends Nat
 {
 
     // Hide NativePointer
-    private final long  pointer = 0L;
-    private final String hostId;
-    private static native long         new0(String name);
-    private static native void         close0(long srv);
-    private static native void         setctx0(long srv, long ctx);
-    private static native void         setopt0(long src, int opt, boolean on);
-    private static native void         setservname0(long src, String name);
-
-    private SSLContext          ctx1 = null;
-    private SSLContext          ctx2 = null;
-    private String              serverName;
+    private final long            pointer = 0L;
+    private final String          hostId;
+    private static native long    new0(String name);
+    private static native void    close0(long srv);
+    private static native void    setctx0(long srv, long ctx);
+    private static native void    setservname0(long src, String name);
+
+    private static native void    setoption0(long srv, int opt, boolean on);
+    private static final int      SSL_COPT_NO_COMPRESSION       = 1;
+    private static final int      SSL_COPT_NO_TICKET            = 2;
+    private static final int      SSL_COPT_ALLOW_UNSAFE_RENEG   = 3;    
+    private static final int      SSL_COPT_TLSEXT_ALERT_FATAL   = 4;
+    
+    private SSLContext            ctx1 = null;
+    private SSLContext            ctx2 = null;
+    private String                serverName;
+
     private SSLServer()
     {
         hostId = null;
@@ -112,7 +118,7 @@ public final class SSLServer extends Nat
      * @param ctx the context to set
      * @return previous context or {@code null} if the context
      *          was not set already.
-     * @throws IllegalStateException if server instance is invalid.
+     * @throws IllegalStateException if server is invalid or closed.
      */
     public synchronized final SSLContext setContext(SSLContext ctx)
         throws IllegalStateException
@@ -131,7 +137,7 @@ public final class SSLServer extends Nat
      * @param name name to set.
      *
      * @throws NullPointerException if name is {@code null}.
-     * @throws IllegalStateException if server instance is invalid.
+     * @throws IllegalStateException if server is invalid or closed.
      */
     public void setServerName(String name)
         throws IllegalStateException
@@ -143,19 +149,62 @@ public final class SSLServer extends Nat
         serverName = name;
         setservname0(super.pointer, name);
     }
+
+    /**
+     * Sets compression support.
+     *
+     * @param on if {@code true} don't use compression even if supported.
+     * @throws IllegalStateException if server is invalid or closed.
+     */
+    public void setNoCompression(boolean on)
+        throws IllegalStateException
+    {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        setoption0(super.pointer, SSL_COPT_NO_COMPRESSION, on);
+    }
+
+    /**
+     * Disable use of RFC4507bis session tickets.
+     * @throws IllegalStateException if server is invalid or closed.
+     */
+    public void setNoTicket(boolean on)
+        throws IllegalStateException
+    {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        setoption0(super.pointer, SSL_COPT_NO_TICKET, on);
+    }
+
+    /**
+     * Enable use of legacy renegotiation (dangerous).
+     *
+     * @param on if {@code true} legacy renegotiation will be enabled.
+     * @throws IllegalStateException if server is invalid or closed.
+     */
+    public void allowLegacyRenegotiation(boolean on)
+        throws IllegalStateException
+    {
+        if (super.pointer == 0L)
+            throw new IllegalStateException();
+        setoption0(super.pointer, SSL_COPT_ALLOW_UNSAFE_RENEG, on);
+    }
+
     /**
      * On mismatch send fatal alert (default warning alert).
      *
      * @param on if {@code true} server will respond with fatal
      *          alert on servername mismatch.
      * @throws IllegalStateException if server instance is invalid.
+     * @throws IllegalStateException if server is invalid or closed.
      */
     public void setServerNameFatal(boolean on)
         throws IllegalStateException
     {
         if (super.pointer == 0L)
             throw new IllegalStateException();
-        setopt0(super.pointer, 1, on);
+        setoption0(super.pointer, SSL_COPT_TLSEXT_ALERT_FATAL, on);
     }
+    
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Tue Sep 20 06:53:55 2011
@@ -173,6 +173,7 @@
 #define SSL_COPT_NO_COMPRESSION         1
 #define SSL_COPT_NO_TICKET              2
 #define SSL_COPT_ALLOW_UNSAFE_RENEG     3
+#define SSL_COPT_TLSEXT_ALERT_FATAL     4
 
 /*
  * Define the SSL Protocol options
@@ -367,6 +368,7 @@ struct acr_ssl_srv_t {
     char            *servname;
     acr_ssl_ctx_t   *ctx;
     acr_ssl_ctx_t   *ctx2;
+    long             options;
     int              enabled;
     int              tlsext_extension_error;
 };

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Sep 20 06:53:55
2011
@@ -391,58 +391,3 @@ ACR_SSL_EXPORT(void, SSLContext, setscac
     else        
         SSL_CTX_sess_set_cache_size(c->ctx, size);
 }
-
-ACR_SSL_EXPORT(void, SSLContext, setoption0)(JNI_STDARGS, jlong ctx,
-                                            jint opt)
-{
-    long set = 0;
-    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
-    switch (opt) {
-        case SSL_COPT_NO_COMPRESSION:
-#ifdef SSL_OP_NO_COMPRESSION
-            set = SSL_OP_NO_COMPRESSION;
-#endif
-        break;
-        case SSL_COPT_NO_TICKET:
-#ifndef OPENSSL_NO_TLSEXT
-            set = SSL_OP_NO_TICKET;
-#endif
-        break;
-        case SSL_COPT_ALLOW_UNSAFE_RENEG:
-            set = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-        break;
-            
-    }
-    if (set != 0 && (c->options & set) == 0) {
-        SSL_CTX_set_options(c->ctx, set);
-        c->options |= set;
-    }
-}
-
-ACR_SSL_EXPORT(void, SSLContext, clroption0)(JNI_STDARGS, jlong ctx,
-                                            jint opt)
-{
-    long clr = 0;
-    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
-    switch (opt) {
-        case SSL_COPT_NO_COMPRESSION:
-#ifdef SSL_OP_NO_COMPRESSION
-            clr = SSL_OP_NO_COMPRESSION;
-#endif
-        break;
-        case SSL_COPT_NO_TICKET:
-#ifndef OPENSSL_NO_TLSEXT
-            clr = SSL_OP_NO_TICKET;
-#endif
-        break;
-        case SSL_COPT_ALLOW_UNSAFE_RENEG:
-            clr = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-        break;
-    }
-    if (clr != 0 && (c->options & clr) != 0) {
-        SSL_CTX_clear_options(c->ctx, clr);
-        c->options &= clr;
-    }
-}

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Tue Sep 20 06:53:55
2011
@@ -58,29 +58,56 @@ ACR_SSL_EXPORT(void, SSLServer, close0)(
 ACR_SSL_EXPORT(void, SSLServer, setctx0)(JNI_STDARGS, jlong srv, jlong ctx)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+
     s->ctx = J2P(ctx, acr_ssl_ctx_t *);
+    if (s->ctx != 0 && s->options != 0)
+        SSL_CTX_set_options(s->ctx->ctx, s->options);
 }
 
 ACR_SSL_EXPORT(void, SSLServer, setctx2)(JNI_STDARGS, jlong srv, jlong ctx)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+
     s->ctx2 = J2P(ctx, acr_ssl_ctx_t *);
+    if (s->ctx2 != 0 && s->options != 0)
+        SSL_CTX_set_options(s->ctx2->ctx, s->options);
 }
 
-ACR_SSL_EXPORT(void, SSLServer, setopt0)(JNI_STDARGS, jlong srv, jint opt, jboolean on)
+ACR_SSL_EXPORT(void, SSLServer, setoption0)(JNI_STDARGS, jlong srv,
+                                            jint opt, jint on)
 {
+    long set = 0L;
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
 
     switch (opt) {
-        case 1:
+        case SSL_COPT_NO_COMPRESSION:
+#ifdef SSL_OP_NO_COMPRESSION
+            set = SSL_OP_NO_COMPRESSION;
+#endif
+        break;
+        case SSL_COPT_NO_TICKET:
+#ifndef OPENSSL_NO_TLSEXT
+            set = SSL_OP_NO_TICKET;
+#endif
+        break;
+        case SSL_COPT_ALLOW_UNSAFE_RENEG:
+            set = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+        break;
+        case SSL_COPT_TLSEXT_ALERT_FATAL:
 #ifndef OPENSSL_NO_TLSEXT
             if (on)
                 s->tlsext_extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
             else
-                s->tlsext_extension_error = 0;
+                s->tlsext_extension_error = 0;                
 #endif
         break;
     }
+    if (set != 0L) {
+        if (on)
+            s->options |= set;
+        else
+            s->options &= set;
+    }
 }
 
 ACR_SSL_EXPORT(void, SSLServer, setservname0)(JNI_STDARGS, jlong srv, jstring name)



Mime
View raw message