commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1173979 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/ native/include/acr/ native/modules/openssl/
Date Thu, 22 Sep 2011 07:46:30 GMT
Author: mturk
Date: Thu Sep 22 07:46:29 2011
New Revision: 1173979

URL: http://svn.apache.org/viewvc?rev=1173979&view=rev
Log:
Refactor server and context so that config params can be set in random order

Modified:
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Thu Sep 22 07:46:29 2011
@@ -49,19 +49,18 @@ public final class SSLContext extends Na
     private static native void    setsprefix0(long ctx, String prefix);
     private static native void    setid0(long ctx, String id);
     private static native void    setscachesize0(long ctx, int size);
-    private static native void    setpasscb0(long ctx, long cb);
     private static native void    setcrlcheck0(long ctx, int mode);
-    private static native void    setcafile0(long ctx, String caPath)
-        throws SSLException;
-    private static native void    setcapath0(long ctx, String caPath)
-        throws SSLException;
-    private static native void    setcacrlfile0(long ctx, String caPath)
-        throws SSLException;
-    private static native void    setcacrlpath0(long ctx, String caPath)
-        throws SSLException;
-    private static native void    setvmode0(long ctx, int mode, int depth)
-        throws SSLException;
+    private static native void    setpasscb0(long ctx, long cb);
+    private static native void    setvmode0(long ctx, int mode, int depth);
+
+    private static final int SET_CTX_CA_CERT_FILE       = 1;
+    private static final int SET_CTX_CA_CERT_PATH       = 2;
+    private static final int SET_CTX_CRL_FILE           = 3;
+    private static final int SET_CTX_CRL_PATH           = 4;
+    private static final int SET_CTX_CIPHER_SUITE       = 5;    
+    private static native void    setstropt0(long ctx, int opt, String val);
 
+    
     private SSLContext()
     {
         // No instance
@@ -137,7 +136,7 @@ public final class SSLContext extends Na
             throw new ObjectNotInitializedException();
         if (path == null)
             throw new NullPointerException();
-        setcafile0(super.pointer, path);
+        setstropt0(super.pointer, SET_CTX_CA_CERT_FILE, path);
     }
 
     /**
@@ -169,7 +168,7 @@ public final class SSLContext extends Na
             throw new ObjectNotInitializedException();
         if (path == null)
             throw new NullPointerException();
-        setcapath0(super.pointer, path);
+        setstropt0(super.pointer, SET_CTX_CA_CERT_PATH, path);
     }
 
     /**
@@ -192,8 +191,7 @@ public final class SSLContext extends Na
             throw new ObjectNotInitializedException();
         if (path == null)
             throw new NullPointerException();
-        setcacrlfile0(super.pointer, path);
-        has_crlset = true;
+        setstropt0(super.pointer, SET_CTX_CRL_FILE, path);
     }
 
     /**
@@ -213,8 +211,7 @@ public final class SSLContext extends Na
             throw new ObjectNotInitializedException();
         if (path == null)
             throw new NullPointerException();
-        setcacrlpath0(super.pointer, path);
-        has_crlset = true;
+        setstropt0(super.pointer, SET_CTX_CRL_PATH, path);
     }
 
     /**

Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Thu Sep 22 07:46:29 2011
@@ -40,6 +40,7 @@ public final class SSLServer extends Nat
     private static native long    new0(String name)
         throws OutOfMemoryError;
     private static native void    close0(long srv);
+    private static native void    setbio0(long srv, long bio);
     private static native void    setctx0(long srv, long ctx);
     private static native void    setservname0(long src, String name);
 
@@ -215,6 +216,30 @@ public final class SSLServer extends Nat
             throw new ClosedObjectException();
         setoption0(super.pointer, SSL_COPT_TLSEXT_ALERT_FATAL, on);
     }
-    
+
+    /**
+     * Set the SSLBio used for error reporting.
+     * <p>
+     * By default all error messages will be printed to the
+     * stderr stream. This method allow to redirect those messages
+     * to the provided callback.
+     * </p>
+     *
+     * @param bio SSLBio callback.
+     *
+     * @throws ClosedObjectException if server is closed.
+     * @throws ObjectNotInitializedException if {@code bio} is invalid.
+     */
+    public void setErrorReportBio(SSLBio bio)
+        throws ClosedObjectException,
+               ObjectNotInitializedException
+    {
+        if (super.pointer == 0L)
+            throw new ClosedObjectException();
+        long bh = ((NativePointer)bio).pointer;
+        if (bh == 0L)
+            throw new ObjectNotInitializedException();
+        setbio0(super.pointer, bh);
+    }
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h Thu Sep 22 07:46:29
2011
@@ -51,7 +51,7 @@
 
 typedef struct acr_fd_t acr_fd_t;
 struct acr_fd_t {
-    volatile acr_atomic32_t refs;       /**< Reference  counter      */
+    acr_refcount_t          refs;       /**< Reference  counter      */
     int                     type;       /**< Descriptor type         */
     int                     timeout;    /**< Timeout in milliseconds */
     int                     flags;
@@ -68,7 +68,7 @@ struct acr_fd_t {
 
 typedef struct acr_sd_t acr_sd_t;
 struct acr_sd_t {
-    volatile acr_atomic32_t refs;       /**< Reference  counter      */
+    acr_refcount_t          refs;       /**< Reference  counter      */
     int                     type;       /**< Descriptor type         */
     int                     timeout;
     int                     flags;

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Thu Sep 22 07:46:29 2011
@@ -304,20 +304,23 @@ typedef struct acr_ssl_srv_t    acr_ssl_
 /* SSL context */
 typedef struct acr_ssl_ctx_t {
     SSL_CTX         *ctx;
+    /* Pointer to the context verify store */
+    X509_STORE      *store;
+    volatile acr_atomic32_t refs;
+    /* Inited is set when the context is validated
+     * and ready to use.
+     */
+    int              inited;
     int              protocol;
     int              mode;
     int              ssl_proxy;
     long             options;
-    BIO             *bio_os;
-    BIO             *bio_is;
     unsigned char    context_id[MD5_DIGEST_LENGTH];
 
     /* Back pointer to the server/proxy/client context */
     void            *container;
     /* Certificate revocation list */
     X509_STORE      *crls;
-    /* Pointer to the context verify store */
-    X509_STORE      *store;
     X509            *cert;      /* Main certificate       */
     EVP_PKEY        *skey;
     X509            *dcrt;      /* Additional certificate */
@@ -329,8 +332,16 @@ typedef struct acr_ssl_ctx_t {
     ssl_pass_cb_t   *password_callback;
 
     /* for client or downstream server authentication */
+    char            *ca_cert_path;
+    char            *ca_cert_file;
+    char            *cipher_suite;
     int              verify_depth;
     int              verify_mode;
+
+    char            *crl_path;
+    char            *crl_file;
+    int              crl_check;
+
     char             session_id_prefix[32];
     unsigned int     session_id_prefix_len;
 #ifndef OPENSSL_NO_TLSEXT
@@ -363,14 +374,18 @@ typedef struct acr_ssl_ctx_t {
 
 /* Server context */
 struct acr_ssl_srv_t {
-    char            *hostid;
-    int              hostid_len;
-    char            *servname;
     acr_ssl_ctx_t   *ctx;
     acr_ssl_ctx_t   *ctx2;
+    acr_refcount_t   refs;
+    char            *servname;
+    char            *hostid;
+    BIO             *bio;
+    int              hostid_len;
     long             options;
     int              enabled;
     int              tlsext_extension_error;
+    int              error_num;
+    char             error_str[ACR_ERR_BUFFSIZE];
 };
 
 #define ssl_ctx_get_extra_certs(ctx)        ((ctx)->extra_certs)
@@ -386,7 +401,7 @@ struct acr_ssl_srv_t {
  */
 typedef struct ssl_sd_t ssl_sd_t;
 struct ssl_sd_t {
-    volatile acr_atomic32_t refs;       /**< Reference  counter      */
+    acr_refcount_t          refs;       /**< Reference  counter      */
     int                     type;       /**< Descriptor type         */
     int                     timeout;
     int                     flags;
@@ -419,6 +434,12 @@ struct ssl_sd_t {
  * TODO: See which functions can be made static by moving them to
  * the module where they are used.
  */
+
+SSL_CTX    *ssl_ctx_retain(acr_ssl_ctx_t *c);
+int         ssl_ctx_release(acr_ssl_ctx_t *c);
+void        ssl_srv_retain(acr_ssl_srv_t *s);
+int         ssl_srv_release(acr_ssl_srv_t *s);
+
 void        ssl_init_app_data2_idx(void);
 void       *ssl_get_app_data2(SSL *);
 void        ssl_set_app_data2(SSL *, void *);

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h Thu Sep 22 07:46:29
2011
@@ -173,6 +173,8 @@ typedef struct acr_buf_t {
     acr_size_t  use;
 } acr_buf_t;
 
+#define acr_refcount_t volatile acr_atomic32_t
+
 /**
  * Provide reasonable defines for some types
  */

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Thu Sep 22 07:46:29
2011
@@ -59,12 +59,12 @@ J_DECLARE_M_ID(0004) = {
 };
 
 typedef struct acr_bio_t {
-    volatile acr_atomic32_t refs;
-    jobject                 obj;
-    jbyteArray              rdb;
-    int                     rdb_len;
-    jbyteArray              wrb;
-    int                     wrb_len;
+    acr_refcount_t refs;
+    jobject        obj;
+    jbyteArray     rdb;
+    int            rdb_len;
+    jbyteArray     wrb;
+    int            wrb_len;
 } acr_bio_t;
 
 ACR_SSL_EXPORT(void, SSLBio, init0)(JNI_STDARGS)

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Thu Sep 22 07:46:29
2011
@@ -26,6 +26,18 @@
 #error "Cannot compile this file without HAVE_OPENSSL defined"
 #endif
 
+#define SET_CTX_CA_CERT_FILE            1
+#define SET_CTX_CA_CERT_PATH            2
+#define SET_CTX_CRL_FILE                3
+#define SET_CTX_CRL_PATH                4
+#define SET_CTX_CIPHER_SUITE            5
+
+
+#define SET_CTX_STRING(name, value)                     \
+    AcrFree(name);                                      \
+    name = AcrGetJavaStringA(env, value, 0)
+
+
 #define MAX_SESSION_ID_ATTEMPTS 10
 static int generate_session_id(const SSL *ssl, unsigned char *id,
                                unsigned int *id_len)
@@ -177,8 +189,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
         ACR_THROW(ACR_EX_ENOTIMPL, 0);
         return 0;
     }
-    if ((c->bio_os = BIO_new(BIO_s_file())) != 0)
-        BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+    c->refs          = 1;
     c->protocol      = protocol;
     c->mode          = mode;
     /* Set default Certificate verification level
@@ -188,6 +199,8 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
     c->verify_mode   = SSL_CVERIFY_UNSET;
     c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
 
+    c->crl_check     = UNSET;
+    
     SSL_CTX_set_quiet_shutdown(c->ctx, 1);
     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
     if (protocol != SSL_PROTOCOL_SSLV2 && protocol != SSL_PROTOCOL_SSLV23)
@@ -233,24 +246,43 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
     return P2J(c);
 }
 
-ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
+SSL_CTX *ssl_ctx_retain(acr_ssl_ctx_t *c)
 {
-    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    if (c != 0) {
+        AcrAtomic32Inc(&c->refs);
+        return c->ctx;
+    }
+    else
+        return 0;
+}
 
+int ssl_ctx_release(acr_ssl_ctx_t *c)
+{
     if (c == 0)
-        return;
+        return 0;
+    if (AcrAtomic32Dec(&c->refs) != 0)
+        return 0;
     if (c->crls != 0)
         X509_STORE_free(c->crls);
     if (c->ctx != 0)
         SSL_CTX_free(c->ctx);
-    ssl_bio_close(c->bio_is);
-    ssl_bio_close(c->bio_os);
 #ifdef HAVE_OCSP_STAPLING
     AcrFree(c->stapling_force_url);
-#endif    
+#endif
     AcrFree(c->ocsp_responder);
     AcrFree(c->rand_file);
+    AcrFree(c->ca_cert_file);
+    AcrFree(c->ca_cert_path);
+    AcrFree(c->crl_file);
+    AcrFree(c->crl_path);
+    AcrFree(c->cipher_suite);
     AcrFree(c);
+    return 1;
+}
+
+ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
+{
+    ssl_ctx_release(J2P(ctx, acr_ssl_ctx_t *));
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setid0)(JNI_STDARGS, jlong ctx, jstring id)
@@ -273,85 +305,117 @@ ACR_SSL_EXPORT(void, SSLContext, setspre
     } DONE_WITH_STR(prefix);
 }
 
+ACR_SSL_EXPORT(void, SSLContext, setstropt0)(JNI_STDARGS, jlong ctx,
+                                             jint opt, jstring val)
+{
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    switch (opt) {
+        case SET_CTX_CA_CERT_FILE:
+            SET_CTX_STRING(c->ca_cert_file, val);
+        break;
+        case SET_CTX_CA_CERT_PATH:
+            SET_CTX_STRING(c->ca_cert_path, val);
+        break;
+        case SET_CTX_CRL_FILE:
+            SET_CTX_STRING(c->crl_file, val);
+        break;
+        case SET_CTX_CRL_PATH:
+            SET_CTX_STRING(c->crl_path, val);
+        break;
+        case SET_CTX_CIPHER_SUITE:
+            SET_CTX_STRING(c->cipher_suite, val);
+        break;
+        default:
+        break;
+    }
+}
+
 ACR_SSL_EXPORT(void, SSLContext, setcafile0)(JNI_STDARGS, jlong ctx,
                                              jstring cafile)
 {
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    SET_CTX_STRING(c->ca_cert_file, cafile);
+#if 0
     WITH_CSTR(cafile) {
         if (!SSL_CTX_load_verify_locations(c->ctx, J2S(cafile), 0))
             ssl_throw_errno(env, ACR_EX_ESSL);
         else
             c->store = SSL_CTX_get_cert_store(c->ctx);
     } DONE_WITH_STR(cafile);
+#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setcapath0)(JNI_STDARGS, jlong ctx,
                                              jstring capath)
 {
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    SET_CTX_STRING(c->ca_cert_path, capath);
+#if 0    
     WITH_CSTR(capath) {
         if (!SSL_CTX_load_verify_locations(c->ctx, 0, J2S(capath)))
             ssl_throw_errno(env, ACR_EX_ESSL);
         else
             c->store = SSL_CTX_get_cert_store(c->ctx);
     } DONE_WITH_STR(capath);
+#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setcacrlfile0)(JNI_STDARGS, jlong ctx,
                                                 jstring file)
 {
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+
+    SET_CTX_STRING(c->crl_file, file);
+#if 0
     if (c->store == 0)
         c->store = SSL_CTX_get_cert_store(c->ctx);
     WITH_CSTR(file) {
         if (!X509_STORE_load_locations(c->store, J2S(file), 0))
             ssl_throw_errno(env, ACR_EX_ESSL);
     } DONE_WITH_STR(file);
+#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setcacrlpath0)(JNI_STDARGS, jlong ctx,
                                                 jstring path)
 {
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+    SET_CTX_STRING(c->crl_path, path);
+#if 0
     if (c->store == 0)
         c->store = SSL_CTX_get_cert_store(c->ctx);
     WITH_CSTR(path) {
         if (!X509_STORE_load_locations(c->store, 0, J2S(path)))
             ssl_throw_errno(env, ACR_EX_ESSL);
     } DONE_WITH_STR(path);
+#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setcrlcheck0)(JNI_STDARGS, jlong ctx,
                                                jint ccmode)
 {
-    int vflags = 0;
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
-    if (c->store == 0) {
-        c->store = SSL_CTX_get_cert_store(c->ctx);
-        if (c->store == 0) {
-            /* XXX: This should never happen (TM) */
-            return;
-        }
-    }
     if (ccmode == 1)
-        vflags |= X509_V_FLAG_CRL_CHECK;
+        c->crl_check = X509_V_FLAG_CRL_CHECK;
     else if (ccmode == 2)
-        vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
-    X509_STORE_set_flags(c->store, vflags);
+        c->crl_check = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+#if 0
+    X509_STORE_set_flags(c->store, c->crl_check);
+#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx,
                                             jint mode, jint depth)
 {
-    int verify = SSL_VERIFY_NONE;
+//    int verify = SSL_VERIFY_NONE;
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
     if (depth > 0)
         c->verify_depth = depth;
+    c->verify_mode = mode;
+#if 0
     if (c->verify_depth == UNSET)
         c->verify_depth = 1;
-    c->verify_mode = mode;
     /*
      *  Configure callbacks for SSL context
      */
@@ -370,6 +434,7 @@ ACR_SSL_EXPORT(void, SSLContext, setvmod
     }
     
     SSL_CTX_set_verify(c->ctx, verify, 0 /* ssl_callback_ssl_verify */);
+#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx,

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1173979&r1=1173978&r2=1173979&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Thu Sep 22 07:46:29
2011
@@ -26,6 +26,10 @@
 #error "Cannot compile this file without HAVE_OPENSSL defined"
 #endif
 
+#define SET_SRV_STRING(name, value)                     \
+    AcrFree(name);                                      \
+    name = AcrGetJavaStringA(env, value, 0)
+
 ACR_SSL_EXPORT(jlong, SSLServer, new0)(JNI_STDARGS, jstring hostid)
 {
     acr_ssl_srv_t *s;
@@ -38,39 +42,62 @@ ACR_SSL_EXPORT(jlong, SSLServer, new0)(J
         AcrFree(s);
         return 0;
     }
-    else {
-        s->hostid_len = strlen(s->hostid);
-        return P2J(s);
-    }
+    if ((s->bio = BIO_new(BIO_s_file())) != 0)
+        BIO_set_fp(s->bio, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+    s->refs       = 1;
+    s->hostid_len = strlen(s->hostid);
+    return P2J(s);
+}
+
+void ssl_srv_retain(acr_ssl_srv_t *s)
+{
+    if (s != 0)
+        AcrAtomic32Inc(&s->refs);
+}
+
+int ssl_srv_release(acr_ssl_srv_t *s)
+{
+    if (s == 0)
+        return 0;
+    if (AcrAtomic32Dec(&s->refs) != 0)
+        return 0;
+    ssl_ctx_release(s->ctx);
+    ssl_ctx_release(s->ctx2);
+    ssl_bio_close(s->bio);
+    AcrFree(s->hostid);
+    AcrFree(s->servname);
+    /* SSLServer cleanup */
+    AcrFree(s);
+    return 1;
 }
 
 ACR_SSL_EXPORT(void, SSLServer, close0)(JNI_STDARGS, jlong srv)
 {
-    acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
-    if (s != 0) {
-        AcrFree(s->hostid);
-        AcrFree(s->servname);
-        /* SSLServer cleanup */
-        AcrFree(s);
-    }
+    ssl_srv_release(J2P(srv, acr_ssl_srv_t *));
 }
 
 ACR_SSL_EXPORT(void, SSLServer, setctx0)(JNI_STDARGS, jlong srv, jlong ctx)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
-    s->ctx = J2P(ctx, acr_ssl_ctx_t *);
-    if (s->ctx != 0 && s->options != 0)
-        SSL_CTX_set_options(s->ctx->ctx, s->options);
+    if (ssl_ctx_retain(c) != 0) {
+        s->ctx = c;
+        if (s->options != 0)
+            SSL_CTX_set_options(c->ctx, s->options);
+    }
 }
 
 ACR_SSL_EXPORT(void, SSLServer, setctx2)(JNI_STDARGS, jlong srv, jlong ctx)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
-    s->ctx2 = J2P(ctx, acr_ssl_ctx_t *);
-    if (s->ctx2 != 0 && s->options != 0)
-        SSL_CTX_set_options(s->ctx2->ctx, s->options);
+    if (ssl_ctx_retain(c) != 0) {
+        s->ctx2 = c;
+        if (s->options != 0)
+            SSL_CTX_set_options(c->ctx, s->options);
+    }
 }
 
 ACR_SSL_EXPORT(void, SSLServer, setoption0)(JNI_STDARGS, jlong srv,
@@ -113,7 +140,16 @@ ACR_SSL_EXPORT(void, SSLServer, setoptio
 ACR_SSL_EXPORT(void, SSLServer, setservname0)(JNI_STDARGS, jlong srv, jstring name)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
-    /* Guard agains multiple invocations */
-    AcrFree(s->servname);
-    s->servname = AcrGetJavaStringA(env, name, 0);
+    SET_SRV_STRING(s->servname, name);
+}
+
+ACR_SSL_EXPORT(void, SSLServer, setbio0)(JNI_STDARGS, jlong srv, jlong bp)
+{
+    acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+    BIO *bio         = J2P(bp,  BIO *);
+
+    if (s->bio != 0 && s->bio != bio)
+        ssl_bio_close(s->bio);
+    s->bio = bio;
+    ssl_bio_doref(bio);
 }



Mime
View raw message