Return-Path: X-Original-To: apmail-commons-commits-archive@minotaur.apache.org Delivered-To: apmail-commons-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 650A17F0F for ; Thu, 22 Sep 2011 07:46:53 +0000 (UTC) Received: (qmail 96957 invoked by uid 500); 22 Sep 2011 07:46:53 -0000 Delivered-To: apmail-commons-commits-archive@commons.apache.org Received: (qmail 96897 invoked by uid 500); 22 Sep 2011 07:46:53 -0000 Mailing-List: contact commits-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@commons.apache.org Delivered-To: mailing list commits@commons.apache.org Received: (qmail 96889 invoked by uid 99); 22 Sep 2011 07:46:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Sep 2011 07:46:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Sep 2011 07:46:50 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id D22072388900 for ; Thu, 22 Sep 2011 07:46:30 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1173979 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/ native/include/acr/ native/modules/openssl/ Date: Thu, 22 Sep 2011 07:46:30 -0000 To: commits@commons.apache.org From: mturk@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20110922074630.D22072388900@eris.apache.org> Author: mturk Date: Thu Sep 22 07:46:29 2011 New Revision: 1173979 URL: http://svn.apache.org/viewvc?rev=1173979&view=rev Log: Refactor server and context so that config params can be set in random order Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java (original) +++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java Thu Sep 22 07:46:29 2011 @@ -49,19 +49,18 @@ public final class SSLContext extends Na private static native void setsprefix0(long ctx, String prefix); private static native void setid0(long ctx, String id); private static native void setscachesize0(long ctx, int size); - private static native void setpasscb0(long ctx, long cb); private static native void setcrlcheck0(long ctx, int mode); - private static native void setcafile0(long ctx, String caPath) - throws SSLException; - private static native void setcapath0(long ctx, String caPath) - throws SSLException; - private static native void setcacrlfile0(long ctx, String caPath) - throws SSLException; - private static native void setcacrlpath0(long ctx, String caPath) - throws SSLException; - private static native void setvmode0(long ctx, int mode, int depth) - throws SSLException; + private static native void setpasscb0(long ctx, long cb); + private static native void setvmode0(long ctx, int mode, int depth); + + private static final int SET_CTX_CA_CERT_FILE = 1; + private static final int SET_CTX_CA_CERT_PATH = 2; + private static final int SET_CTX_CRL_FILE = 3; + private static final int SET_CTX_CRL_PATH = 4; + private static final int SET_CTX_CIPHER_SUITE = 5; + private static native void setstropt0(long ctx, int opt, String val); + private SSLContext() { // No instance @@ -137,7 +136,7 @@ public final class SSLContext extends Na throw new ObjectNotInitializedException(); if (path == null) throw new NullPointerException(); - setcafile0(super.pointer, path); + setstropt0(super.pointer, SET_CTX_CA_CERT_FILE, path); } /** @@ -169,7 +168,7 @@ public final class SSLContext extends Na throw new ObjectNotInitializedException(); if (path == null) throw new NullPointerException(); - setcapath0(super.pointer, path); + setstropt0(super.pointer, SET_CTX_CA_CERT_PATH, path); } /** @@ -192,8 +191,7 @@ public final class SSLContext extends Na throw new ObjectNotInitializedException(); if (path == null) throw new NullPointerException(); - setcacrlfile0(super.pointer, path); - has_crlset = true; + setstropt0(super.pointer, SET_CTX_CRL_FILE, path); } /** @@ -213,8 +211,7 @@ public final class SSLContext extends Na throw new ObjectNotInitializedException(); if (path == null) throw new NullPointerException(); - setcacrlpath0(super.pointer, path); - has_crlset = true; + setstropt0(super.pointer, SET_CTX_CRL_PATH, path); } /** Modified: commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java (original) +++ commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java Thu Sep 22 07:46:29 2011 @@ -40,6 +40,7 @@ public final class SSLServer extends Nat private static native long new0(String name) throws OutOfMemoryError; private static native void close0(long srv); + private static native void setbio0(long srv, long bio); private static native void setctx0(long srv, long ctx); private static native void setservname0(long src, String name); @@ -215,6 +216,30 @@ public final class SSLServer extends Nat throw new ClosedObjectException(); setoption0(super.pointer, SSL_COPT_TLSEXT_ALERT_FATAL, on); } - + + /** + * Set the SSLBio used for error reporting. + *

+ * By default all error messages will be printed to the + * stderr stream. This method allow to redirect those messages + * to the provided callback. + *

+ * + * @param bio SSLBio callback. + * + * @throws ClosedObjectException if server is closed. + * @throws ObjectNotInitializedException if {@code bio} is invalid. + */ + public void setErrorReportBio(SSLBio bio) + throws ClosedObjectException, + ObjectNotInitializedException + { + if (super.pointer == 0L) + throw new ClosedObjectException(); + long bh = ((NativePointer)bio).pointer; + if (bh == 0L) + throw new ObjectNotInitializedException(); + setbio0(super.pointer, bh); + } } Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/acr/descriptor.h Thu Sep 22 07:46:29 2011 @@ -51,7 +51,7 @@ typedef struct acr_fd_t acr_fd_t; struct acr_fd_t { - volatile acr_atomic32_t refs; /**< Reference counter */ + acr_refcount_t refs; /**< Reference counter */ int type; /**< Descriptor type */ int timeout; /**< Timeout in milliseconds */ int flags; @@ -68,7 +68,7 @@ struct acr_fd_t { typedef struct acr_sd_t acr_sd_t; struct acr_sd_t { - volatile acr_atomic32_t refs; /**< Reference counter */ + acr_refcount_t refs; /**< Reference counter */ int type; /**< Descriptor type */ int timeout; int flags; Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Thu Sep 22 07:46:29 2011 @@ -304,20 +304,23 @@ typedef struct acr_ssl_srv_t acr_ssl_ /* SSL context */ typedef struct acr_ssl_ctx_t { SSL_CTX *ctx; + /* Pointer to the context verify store */ + X509_STORE *store; + volatile acr_atomic32_t refs; + /* Inited is set when the context is validated + * and ready to use. + */ + int inited; int protocol; int mode; int ssl_proxy; long options; - BIO *bio_os; - BIO *bio_is; unsigned char context_id[MD5_DIGEST_LENGTH]; /* Back pointer to the server/proxy/client context */ void *container; /* Certificate revocation list */ X509_STORE *crls; - /* Pointer to the context verify store */ - X509_STORE *store; X509 *cert; /* Main certificate */ EVP_PKEY *skey; X509 *dcrt; /* Additional certificate */ @@ -329,8 +332,16 @@ typedef struct acr_ssl_ctx_t { ssl_pass_cb_t *password_callback; /* for client or downstream server authentication */ + char *ca_cert_path; + char *ca_cert_file; + char *cipher_suite; int verify_depth; int verify_mode; + + char *crl_path; + char *crl_file; + int crl_check; + char session_id_prefix[32]; unsigned int session_id_prefix_len; #ifndef OPENSSL_NO_TLSEXT @@ -363,14 +374,18 @@ typedef struct acr_ssl_ctx_t { /* Server context */ struct acr_ssl_srv_t { - char *hostid; - int hostid_len; - char *servname; acr_ssl_ctx_t *ctx; acr_ssl_ctx_t *ctx2; + acr_refcount_t refs; + char *servname; + char *hostid; + BIO *bio; + int hostid_len; long options; int enabled; int tlsext_extension_error; + int error_num; + char error_str[ACR_ERR_BUFFSIZE]; }; #define ssl_ctx_get_extra_certs(ctx) ((ctx)->extra_certs) @@ -386,7 +401,7 @@ struct acr_ssl_srv_t { */ typedef struct ssl_sd_t ssl_sd_t; struct ssl_sd_t { - volatile acr_atomic32_t refs; /**< Reference counter */ + acr_refcount_t refs; /**< Reference counter */ int type; /**< Descriptor type */ int timeout; int flags; @@ -419,6 +434,12 @@ struct ssl_sd_t { * TODO: See which functions can be made static by moving them to * the module where they are used. */ + +SSL_CTX *ssl_ctx_retain(acr_ssl_ctx_t *c); +int ssl_ctx_release(acr_ssl_ctx_t *c); +void ssl_srv_retain(acr_ssl_srv_t *s); +int ssl_srv_release(acr_ssl_srv_t *s); + void ssl_init_app_data2_idx(void); void *ssl_get_app_data2(SSL *); void ssl_set_app_data2(SSL *, void *); Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h (original) +++ commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h Thu Sep 22 07:46:29 2011 @@ -173,6 +173,8 @@ typedef struct acr_buf_t { acr_size_t use; } acr_buf_t; +#define acr_refcount_t volatile acr_atomic32_t + /** * Provide reasonable defines for some types */ Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Thu Sep 22 07:46:29 2011 @@ -59,12 +59,12 @@ J_DECLARE_M_ID(0004) = { }; typedef struct acr_bio_t { - volatile acr_atomic32_t refs; - jobject obj; - jbyteArray rdb; - int rdb_len; - jbyteArray wrb; - int wrb_len; + acr_refcount_t refs; + jobject obj; + jbyteArray rdb; + int rdb_len; + jbyteArray wrb; + int wrb_len; } acr_bio_t; ACR_SSL_EXPORT(void, SSLBio, init0)(JNI_STDARGS) Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Thu Sep 22 07:46:29 2011 @@ -26,6 +26,18 @@ #error "Cannot compile this file without HAVE_OPENSSL defined" #endif +#define SET_CTX_CA_CERT_FILE 1 +#define SET_CTX_CA_CERT_PATH 2 +#define SET_CTX_CRL_FILE 3 +#define SET_CTX_CRL_PATH 4 +#define SET_CTX_CIPHER_SUITE 5 + + +#define SET_CTX_STRING(name, value) \ + AcrFree(name); \ + name = AcrGetJavaStringA(env, value, 0) + + #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) @@ -177,8 +189,7 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)( ACR_THROW(ACR_EX_ENOTIMPL, 0); return 0; } - if ((c->bio_os = BIO_new(BIO_s_file())) != 0) - BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + c->refs = 1; c->protocol = protocol; c->mode = mode; /* Set default Certificate verification level @@ -188,6 +199,8 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)( c->verify_mode = SSL_CVERIFY_UNSET; c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET; + c->crl_check = UNSET; + SSL_CTX_set_quiet_shutdown(c->ctx, 1); SSL_CTX_set_options(c->ctx, SSL_OP_ALL); if (protocol != SSL_PROTOCOL_SSLV2 && protocol != SSL_PROTOCOL_SSLV23) @@ -233,24 +246,43 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)( return P2J(c); } -ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx) +SSL_CTX *ssl_ctx_retain(acr_ssl_ctx_t *c) { - acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); + if (c != 0) { + AcrAtomic32Inc(&c->refs); + return c->ctx; + } + else + return 0; +} +int ssl_ctx_release(acr_ssl_ctx_t *c) +{ if (c == 0) - return; + return 0; + if (AcrAtomic32Dec(&c->refs) != 0) + return 0; if (c->crls != 0) X509_STORE_free(c->crls); if (c->ctx != 0) SSL_CTX_free(c->ctx); - ssl_bio_close(c->bio_is); - ssl_bio_close(c->bio_os); #ifdef HAVE_OCSP_STAPLING AcrFree(c->stapling_force_url); -#endif +#endif AcrFree(c->ocsp_responder); AcrFree(c->rand_file); + AcrFree(c->ca_cert_file); + AcrFree(c->ca_cert_path); + AcrFree(c->crl_file); + AcrFree(c->crl_path); + AcrFree(c->cipher_suite); AcrFree(c); + return 1; +} + +ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx) +{ + ssl_ctx_release(J2P(ctx, acr_ssl_ctx_t *)); } ACR_SSL_EXPORT(void, SSLContext, setid0)(JNI_STDARGS, jlong ctx, jstring id) @@ -273,85 +305,117 @@ ACR_SSL_EXPORT(void, SSLContext, setspre } DONE_WITH_STR(prefix); } +ACR_SSL_EXPORT(void, SSLContext, setstropt0)(JNI_STDARGS, jlong ctx, + jint opt, jstring val) +{ + acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); + switch (opt) { + case SET_CTX_CA_CERT_FILE: + SET_CTX_STRING(c->ca_cert_file, val); + break; + case SET_CTX_CA_CERT_PATH: + SET_CTX_STRING(c->ca_cert_path, val); + break; + case SET_CTX_CRL_FILE: + SET_CTX_STRING(c->crl_file, val); + break; + case SET_CTX_CRL_PATH: + SET_CTX_STRING(c->crl_path, val); + break; + case SET_CTX_CIPHER_SUITE: + SET_CTX_STRING(c->cipher_suite, val); + break; + default: + break; + } +} + ACR_SSL_EXPORT(void, SSLContext, setcafile0)(JNI_STDARGS, jlong ctx, jstring cafile) { acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); + SET_CTX_STRING(c->ca_cert_file, cafile); +#if 0 WITH_CSTR(cafile) { if (!SSL_CTX_load_verify_locations(c->ctx, J2S(cafile), 0)) ssl_throw_errno(env, ACR_EX_ESSL); else c->store = SSL_CTX_get_cert_store(c->ctx); } DONE_WITH_STR(cafile); +#endif } ACR_SSL_EXPORT(void, SSLContext, setcapath0)(JNI_STDARGS, jlong ctx, jstring capath) { acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); + SET_CTX_STRING(c->ca_cert_path, capath); +#if 0 WITH_CSTR(capath) { if (!SSL_CTX_load_verify_locations(c->ctx, 0, J2S(capath))) ssl_throw_errno(env, ACR_EX_ESSL); else c->store = SSL_CTX_get_cert_store(c->ctx); } DONE_WITH_STR(capath); +#endif } ACR_SSL_EXPORT(void, SSLContext, setcacrlfile0)(JNI_STDARGS, jlong ctx, jstring file) { acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); + + SET_CTX_STRING(c->crl_file, file); +#if 0 if (c->store == 0) c->store = SSL_CTX_get_cert_store(c->ctx); WITH_CSTR(file) { if (!X509_STORE_load_locations(c->store, J2S(file), 0)) ssl_throw_errno(env, ACR_EX_ESSL); } DONE_WITH_STR(file); +#endif } ACR_SSL_EXPORT(void, SSLContext, setcacrlpath0)(JNI_STDARGS, jlong ctx, jstring path) { acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); + SET_CTX_STRING(c->crl_path, path); +#if 0 if (c->store == 0) c->store = SSL_CTX_get_cert_store(c->ctx); WITH_CSTR(path) { if (!X509_STORE_load_locations(c->store, 0, J2S(path))) ssl_throw_errno(env, ACR_EX_ESSL); } DONE_WITH_STR(path); +#endif } ACR_SSL_EXPORT(void, SSLContext, setcrlcheck0)(JNI_STDARGS, jlong ctx, jint ccmode) { - int vflags = 0; acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); - - if (c->store == 0) { - c->store = SSL_CTX_get_cert_store(c->ctx); - if (c->store == 0) { - /* XXX: This should never happen (TM) */ - return; - } - } if (ccmode == 1) - vflags |= X509_V_FLAG_CRL_CHECK; + c->crl_check = X509_V_FLAG_CRL_CHECK; else if (ccmode == 2) - vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL; - X509_STORE_set_flags(c->store, vflags); + c->crl_check = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL; +#if 0 + X509_STORE_set_flags(c->store, c->crl_check); +#endif } ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx, jint mode, jint depth) { - int verify = SSL_VERIFY_NONE; +// int verify = SSL_VERIFY_NONE; acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); if (depth > 0) c->verify_depth = depth; + c->verify_mode = mode; +#if 0 if (c->verify_depth == UNSET) c->verify_depth = 1; - c->verify_mode = mode; /* * Configure callbacks for SSL context */ @@ -370,6 +434,7 @@ ACR_SSL_EXPORT(void, SSLContext, setvmod } SSL_CTX_set_verify(c->ctx, verify, 0 /* ssl_callback_ssl_verify */); +#endif } ACR_SSL_EXPORT(void, SSLContext, setpasscb0)(JNI_STDARGS, jlong ctx, Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1173979&r1=1173978&r2=1173979&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Thu Sep 22 07:46:29 2011 @@ -26,6 +26,10 @@ #error "Cannot compile this file without HAVE_OPENSSL defined" #endif +#define SET_SRV_STRING(name, value) \ + AcrFree(name); \ + name = AcrGetJavaStringA(env, value, 0) + ACR_SSL_EXPORT(jlong, SSLServer, new0)(JNI_STDARGS, jstring hostid) { acr_ssl_srv_t *s; @@ -38,39 +42,62 @@ ACR_SSL_EXPORT(jlong, SSLServer, new0)(J AcrFree(s); return 0; } - else { - s->hostid_len = strlen(s->hostid); - return P2J(s); - } + if ((s->bio = BIO_new(BIO_s_file())) != 0) + BIO_set_fp(s->bio, stderr, BIO_NOCLOSE | BIO_FP_TEXT); + s->refs = 1; + s->hostid_len = strlen(s->hostid); + return P2J(s); +} + +void ssl_srv_retain(acr_ssl_srv_t *s) +{ + if (s != 0) + AcrAtomic32Inc(&s->refs); +} + +int ssl_srv_release(acr_ssl_srv_t *s) +{ + if (s == 0) + return 0; + if (AcrAtomic32Dec(&s->refs) != 0) + return 0; + ssl_ctx_release(s->ctx); + ssl_ctx_release(s->ctx2); + ssl_bio_close(s->bio); + AcrFree(s->hostid); + AcrFree(s->servname); + /* SSLServer cleanup */ + AcrFree(s); + return 1; } ACR_SSL_EXPORT(void, SSLServer, close0)(JNI_STDARGS, jlong srv) { - acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *); - if (s != 0) { - AcrFree(s->hostid); - AcrFree(s->servname); - /* SSLServer cleanup */ - AcrFree(s); - } + ssl_srv_release(J2P(srv, acr_ssl_srv_t *)); } ACR_SSL_EXPORT(void, SSLServer, setctx0)(JNI_STDARGS, jlong srv, jlong ctx) { acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *); + acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); - s->ctx = J2P(ctx, acr_ssl_ctx_t *); - if (s->ctx != 0 && s->options != 0) - SSL_CTX_set_options(s->ctx->ctx, s->options); + if (ssl_ctx_retain(c) != 0) { + s->ctx = c; + if (s->options != 0) + SSL_CTX_set_options(c->ctx, s->options); + } } ACR_SSL_EXPORT(void, SSLServer, setctx2)(JNI_STDARGS, jlong srv, jlong ctx) { acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *); + acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *); - s->ctx2 = J2P(ctx, acr_ssl_ctx_t *); - if (s->ctx2 != 0 && s->options != 0) - SSL_CTX_set_options(s->ctx2->ctx, s->options); + if (ssl_ctx_retain(c) != 0) { + s->ctx2 = c; + if (s->options != 0) + SSL_CTX_set_options(c->ctx, s->options); + } } ACR_SSL_EXPORT(void, SSLServer, setoption0)(JNI_STDARGS, jlong srv, @@ -113,7 +140,16 @@ ACR_SSL_EXPORT(void, SSLServer, setoptio ACR_SSL_EXPORT(void, SSLServer, setservname0)(JNI_STDARGS, jlong srv, jstring name) { acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *); - /* Guard agains multiple invocations */ - AcrFree(s->servname); - s->servname = AcrGetJavaStringA(env, name, 0); + SET_SRV_STRING(s->servname, name); +} + +ACR_SSL_EXPORT(void, SSLServer, setbio0)(JNI_STDARGS, jlong srv, jlong bp) +{ + acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *); + BIO *bio = J2P(bp, BIO *); + + if (s->bio != 0 && s->bio != bio) + ssl_bio_close(s->bio); + s->bio = bio; + ssl_bio_doref(bio); }