tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c
Date Thu, 02 Jun 2005 09:52:46 GMT
mturk       2005/06/02 02:52:46

  Modified:    jni/java/org/apache/tomcat/jni SSL.java SSLContext.java
               jni/native/src ssl.c sslcontext.c
  Log:
  Add functions for defining acceptable CA names.
  
  Revision  Changes    Path
  1.8       +3 -1      jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
  
  Index: SSL.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- SSL.java	1 Jun 2005 12:50:51 -0000	1.7
  +++ SSL.java	2 Jun 2005 09:52:45 -0000	1.8
  @@ -160,6 +160,8 @@
        *        If null the default file will be tested.
        *        The seed file is $RANDFILE if that environment variable is
        *        set, $HOME/.rnd otherwise.
  +     *        In case both files are unavailable builtin
  +     *        random seed generator is used.
        */
       public static native boolean randLoad(String filename);
   
  
  
  
  1.10      +56 -4     jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
  
  Index: SSLContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- SSLContext.java	2 Jun 2005 07:44:38 -0000	1.9
  +++ SSLContext.java	2 Jun 2005 09:52:46 -0000	1.10
  @@ -222,7 +222,8 @@
        * preference. This can be used alternatively and/or additionally to
        * <code>setCACertificatePath</code>.
        * @param ctx Server or Client context to use.
  -     * @param file File of concatenated PEM-encoded CA Certificates for Client Auth.
  +     * @param file File of concatenated PEM-encoded CA Certificates for
  +     *             Client Auth.
        */
       public static native boolean setCACertificateFile(long ctx, String file);
   
  @@ -235,12 +236,63 @@
        * <br />
        * The files in this directory have to be PEM-encoded and are accessed through
        * hash filenames. So usually you can't just place the Certificate files there:
  -     * you also have to create symbolic links named hash-value.N. And you should always
  -     * make sure this directory contains the appropriate symbolic links.
  +     * you also have to create symbolic links named hash-value.N. And you should
  +     * always make sure this directory contains the appropriate symbolic links.
        * Use the Makefile which comes with mod_ssl to accomplish this task.
        * @param ctx Server or Client context to use.
        * @param path Directory of PEM-encoded CA Certificates for Client Auth.
        */
       public static native boolean setCACertificatePath(long ctx, String path);
   
  +    /**
  +     * Set File of concatenated PEM-encoded CA Certificates for defining
  +     * acceptable CA names
  +     * <br />
  +     * When a client certificate is requested by mod_ssl, a list of acceptable
  +     * Certificate Authority names is sent to the client in the SSL handshake.
  +     * These CA names can be used by the client to select an appropriate client
  +     * certificate out of those it has available.
  +     * <br />
  +     * If neither of the directives <code>setCADNRequestPath</code> or
  +     * <code>setCADNRequestFile</code> are given, then the set of acceptable
  +     * CA names sent to the client is the names of all the CA certificates given
  +     * by the <code>setCACertificateFile</code> and
  +     * <code>setCACertificatePath</code> directives; in other words, the names
  +     * of the CAs which will actually be used to verify the client certificate.
  +     * <br />
  +     * In some circumstances, it is useful to be able to send a set of acceptable
  +     * CA names which differs from the actual CAs used to verify the client
  +     * certificate - for example, if the client certificates are signed by
  +     * intermediate CAs. In such cases, CADNRequestPath and/or CADNRequestFile
  +     * can be used; the acceptable CA names are then taken from the complete
  +     * set of certificates in the directory and/or file specified by
  +     * this pair of directives.
  +     * <br />
  +     * setCADNRequestFile must specify an all-in-one file containing a
  +     * concatenation of PEM-encoded CA certificates.
  +     * @param ctx Server or Client context to use.
  +     * @param file File of concatenated PEM-encoded CA Certificates for defining
  +     *             acceptable CA names.
  +     */
  +    public static native boolean setCADNRequestFile(long ctx, String file);
  +
  +    /**
  +     * Set Directory of PEM-encoded CA Certificates for defining acceptable
  +     * CA names
  +     * <br />
  +     * This optional directive can be used to specify the set of acceptable
  +     * CA names which will be sent to the client when a client certificate is
  +     * requested. See the <code>setCADNRequestFile</code> directive for more
details.
  +     * <br />
  +     * The files in this directory have to be PEM-encoded and are accessed through
  +     * hash filenames. So usually you can't just place the Certificate files there:
  +     * you also have to create symbolic links named hash-value.N. And you should
  +     * always make sure this directory contains the appropriate symbolic links.
  +     * Use the Makefile which comes with mod_ssl to accomplish this task.
  +     * @param ctx Server or Client context to use.
  +     * @param path Directory of PEM-encoded CA Certificates for defining
  +     *             acceptable CA names.
  +     */
  +    public static native boolean setCADNRequestPath(long ctx, String path);
  +
   }
  
  
  
  1.18      +7 -4      jakarta-tomcat-connectors/jni/native/src/ssl.c
  
  Index: ssl.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- ssl.c	2 Jun 2005 07:44:39 -0000	1.17
  +++ ssl.c	2 Jun 2005 09:52:46 -0000	1.18
  @@ -194,7 +194,7 @@
   
   static int ssl_rand_load_file(const char *file)
   {
  -    char buffer[200];
  +    char buffer[APR_PATH_MAX];
       int n;
   
       if (file == NULL)
  @@ -215,7 +215,7 @@
    */
   static int ssl_rand_save_file(const char *file)
   {
  -    char buffer[200];
  +    char buffer[APR_PATH_MAX];
       int n;
   
       if (file == NULL)
  @@ -353,7 +353,10 @@
           tcn_ssl_engine = ee;
       }
   #endif
  -    /* Initialize PRNG */
  +    /* Initialize PRNG
  +     * This will in most cases call the builtin
  +     * low entropy seed.
  +     */
       ssl_rand_seed(NULL);
       /* For SSL_get_app_data2() at request time */
       SSL_init_app_data2_idx();
  
  
  
  1.16      +5 -5      jakarta-tomcat-connectors/jni/native/src/sslcontext.c
  
  Index: sslcontext.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- sslcontext.c	2 Jun 2005 07:44:39 -0000	1.15
  +++ sslcontext.c	2 Jun 2005 09:52:46 -0000	1.16
  @@ -514,8 +514,8 @@
       return rv;
   }
   
  -TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCANDRCertificateFile)(TCN_STDARGS, jlong ctx,
  -                                                                  jstring file)
  +TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCADNRequestFile)(TCN_STDARGS, jlong ctx,
  +                                                             jstring file)
   {
       tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
       jboolean rv = JNI_TRUE;
  @@ -530,8 +530,8 @@
       return rv;
   }
   
  -TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCANDRCertificatePath)(TCN_STDARGS, jlong ctx,
  -                                                                  jstring path)
  +TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCADNRequestPath)(TCN_STDARGS, jlong ctx,
  +                                                             jstring path)
   {
       tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
       jboolean rv = JNI_TRUE;
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message