tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src sslcontext.c
Date Wed, 01 Jun 2005 12:06:55 GMT
mturk       2005/06/01 05:06:55

  Modified:    jni/java/org/apache/tomcat/jni SSL.java SSLContext.java
               jni/native/src sslcontext.c
  Log:
  Add context options settings.
  
  Revision  Changes    Path
  1.6       +50 -1     jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
  
  Index: SSL.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- SSL.java	1 Jun 2005 06:38:09 -0000	1.5
  +++ SSL.java	1 Jun 2005 12:06:55 -0000	1.6
  @@ -88,6 +88,55 @@
       public static final int SSL_VERIFY_CLIENT_ONCE          = 4;
       public static final int SSL_VERIFY_PEER_STRICT          = (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
   
  +    public static final int SSL_OP_MICROSOFT_SESS_ID_BUG            = 0x00000001;
  +    public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG           = 0x00000002;
  +    public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000008;
  +    public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG      = 0x00000010;
  +    public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER       = 0x00000020;
  +    public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING           = 0x00000040;
  +    public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG         = 0x00000080;
  +    public static final int SSL_OP_TLS_D5_BUG                       = 0x00000100;
  +    public static final int SSL_OP_TLS_BLOCK_PADDING_BUG            = 0x00000200;
  +    
  +    /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  +     * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
  +     * the workaround is not needed.  Unfortunately some broken SSL/TLS
  +     * implementations cannot handle it at all, which is why we include
  +     * it in SSL_OP_ALL. */
  +    public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS      = 0x00000800;
  +    
  +    /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
  +     *             This used to be 0x000FFFFFL before 0.9.7. */
  +    public static final int SSL_OP_ALL                              = 0x00000FFF;
  +    
  +    /* As server, disallow session resumption on renegotiation */
  +    public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000;
  +    /* If set, always create a new key when using tmp_dh parameters */
  +    public static final int SSL_OP_SINGLE_DH_USE                    = 0x00100000;
  +    /* Set to always use the tmp_rsa key when doing RSA operations,
  +     * even when this violates protocol specs */
  +    public static final int SSL_OP_EPHEMERAL_RSA                    = 0x00200000;
  +    /* Set on servers to choose the cipher according to the server's
  +     * preferences */
  +    public static final int SSL_OP_CIPHER_SERVER_PREFERENCE         = 0x00400000;
  +    /* If set, a server will allow a client to issue a SSLv3.0 version number
  +     * as latest version supported in the premaster secret, even when TLSv1.0
  +     * (version 3.1) was announced in the client hello. Normally this is
  +     * forbidden to prevent version rollback attacks. */
  +    public static final int SSL_OP_TLS_ROLLBACK_BUG                 = 0x00800000;
  +    
  +    public static final int SSL_OP_NO_SSLv2                         = 0x01000000;
  +    public static final int SSL_OP_NO_SSLv3                         = 0x02000000;
  +    public static final int SSL_OP_NO_TLSv1                         = 0x04000000;
  +    
  +    /* The next flag deliberately changes the ciphertest, this is a check
  +     * for the PKCS#1 attack */
  +    public static final int SSL_OP_PKCS1_CHECK_1                    = 0x08000000;
  +    public static final int SSL_OP_PKCS1_CHECK_2                    = 0x10000000;
  +    public static final int SSL_OP_NETSCAPE_CA_DN_BUG               = 0x20000000;
  +    public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  = 0x40000000;
  +
  +
       /* Return OpenSSL version number */
       public static native int version();
   
  
  
  
  1.6       +13 -6     jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
  
  Index: SSLContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- SSLContext.java	1 Jun 2005 11:44:36 -0000	1.5
  +++ SSLContext.java	1 Jun 2005 12:06:55 -0000	1.6
  @@ -61,14 +61,14 @@
        * @return APR Status code.
        */
       public static native int free(long ctx);
  -    
  +
       /**
        * Set Virtual host id. Usually host:port combination.
        * @param ctx Context to use.
        * @param id  String that uniquely identifies this context.
        */
  -     public static native void setVhostId(long ctx, String id);
  - 
  +    public static native void setVhostId(long ctx, String id);
  +
       /**
        * Asssociate BIOCallback for input or output data capture.
        * <br />
  @@ -81,13 +81,20 @@
        * [DEBUG]  -- Debugging messaged
        * </PRE>
        * Callback can use that word to determine application logging level
  -     * by intercepting <b>write</b> call. 
  +     * by intercepting <b>write</b> call.
        * If the <b>bio</b> is set to 0 no error messages will be displayed.
        * Default is to use the stderr output stream.
        * @param ctx Server or Client context to use.
        * @param bio BIO handle to use, created with SSL.newBIO
        * @param dir BIO direction (1 for input 0 for output).
        */
  -     public static native void setBIO(long ctx, long bio, int dir);
  +    public static native void setBIO(long ctx, long bio, int dir);
   
  +    /**
  +     * Set OpenSSL Option.
  +     * @param ctx Server or Client context to use.
  +     * @param options  See SSL.SSL_OP_* for option flags.
  +     * @return true on success, false in case of error
  +     */
  +    public static native void setOptions(long ctx, int options)
   }
  
  
  
  1.10      +11 -1     jakarta-tomcat-connectors/jni/native/src/sslcontext.c
  
  Index: sslcontext.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- sslcontext.c	1 Jun 2005 11:44:37 -0000	1.9
  +++ sslcontext.c	1 Jun 2005 12:06:55 -0000	1.10
  @@ -259,6 +259,16 @@
       SSL_BIO_doref(bio_handle);
   }
   
  +TCN_IMPLEMENT_CALL(void, SSLContext, setOption)(TCN_STDARGS, jlong ctx,
  +                                                jint opt)
  +{
  +    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
  +
  +    UNREFERENCED_STDARGS;
  +    TCN_ASSERT(ctx != 0);
  +    SSL_CTX_set_options(c, opt);
  +}
  +
   #else
   /* OpenSSL is not supported
    * If someday we make OpenSSL optional
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message