commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1188616 - in /commons/sandbox/runtime/trunk/src/main/native/modules/openssl: ctx.c server.c
Date Tue, 25 Oct 2011 11:35:50 GMT
Author: mturk
Date: Tue Oct 25 11:35:50 2011
New Revision: 1188616

URL: http://svn.apache.org/viewvc?rev=1188616&view=rev
Log:
Set store flags

Modified:
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1188616&r1=1188615&r2=1188616&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Oct 25 11:35:50
2011
@@ -438,9 +438,6 @@ ACR_SSL_EXPORT(void, SSLContext, setcrlc
         c->crl_check = X509_V_FLAG_CRL_CHECK;
     else if (ccmode == 2)
         c->crl_check = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
-#if 0
-    X509_STORE_set_flags(c->store, c->crl_check);
-#endif
 }
 
 ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx,

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1188616&r1=1188615&r2=1188616&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Tue Oct 25 11:35:50
2011
@@ -81,11 +81,20 @@ ACR_SSL_EXPORT(void, SSLServer, setctx0)
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
 
-    if (ssl_ctx_retain(c) != 0) {
-        s->ctx = c;
-        if (s->options != 0)
-            SSL_CTX_set_options(c->ctx, s->options);
-        
+    if (ssl_ctx_retain(c) == 0) {
+        /* XXX: Should we throw error here?
+         */
+        return;
+    }
+    s->ctx = c;
+    if (s->options != 0)
+        SSL_CTX_set_options(c->ctx, s->options);
+    if (c->store == 0)
+        c->store = SSL_CTX_get_cert_store(c->ctx);
+    if (c->crl_check != UNSET) {        
+        X509_STORE_set_flags(c->store, c->crl_check);
+        if (c->crls != 0)
+            X509_STORE_set_flags(c->crls, c->crl_check);
     }
 }
 
@@ -93,19 +102,31 @@ ACR_SSL_EXPORT(void, SSLServer, setctx2)
 {
     acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
     acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-    
-    if (ssl_ctx_retain(c) != 0) {
-        s->ctx2 = c;
-        if (s->options != 0)
-            SSL_CTX_set_options(c->ctx, s->options);
-        if (c->cipher_suite == 0 && s->ctx != 0 && s->ctx->cipher_suite
!= 0) {
-            if (!SSL_CTX_set_cipher_list(c->ctx, s->ctx->cipher_suite)) {
-                ssl_throw_errno(env, ACR_EX_ESSL);
-                ssl_ctx_release(c);
-                s->ctx2 = 0;
-            }
+    int crl_check;
+
+    if (ssl_ctx_retain(c) == 0 || s->ctx == 0) {
+        /* XXX: Should we throw error here?
+         */
+        return;
+    }
+    s->ctx2 = c;
+    if (s->options != 0)
+        SSL_CTX_set_options(c->ctx, s->options);
+    if (c->cipher_suite == 0 && s->ctx->cipher_suite != 0) {
+        if (!SSL_CTX_set_cipher_list(c->ctx, s->ctx->cipher_suite)) {
+            ssl_throw_errno(env, ACR_EX_ESSL);
+            ssl_ctx_release(c);
+            s->ctx2 = 0;
         }
     }
+    if (c->store == 0)
+        c->store = SSL_CTX_get_cert_store(c->ctx);
+    crl_check = c->crl_check != UNSET ? c->crl_check : s->ctx->crl_check;
+    if (crl_check != UNSET) {
+        X509_STORE_set_flags(c->store, crl_check);
+        if (c->crls != 0)
+            X509_STORE_set_flags(c->crls, crl_check);
+    }
 }
 
 ACR_SSL_EXPORT(void, SSLServer, setoption0)(JNI_STDARGS, jlong srv,



Mime
View raw message