tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c sslutils.c
Date Tue, 07 Jun 2005 11:05:08 GMT
mturk       2005/06/07 04:05:07

  Modified:    jni/native/include ssl_private.h
               jni/native/src ssl.c sslcontext.c sslutils.c
  Log:
  Add global password callback handle.
  In case we set the callback BIO per context then it will be used to
  allow multple passwords and keys per vhost base.
  Since context are created from single thread we can have multiple passwords
  without setting per context BIO.
  
  Revision  Changes    Path
  1.18      +9 -3      jakarta-tomcat-connectors/jni/native/include/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- ssl_private.h	7 Jun 2005 09:13:22 -0000	1.17
  +++ ssl_private.h	7 Jun 2005 11:05:07 -0000	1.18
  @@ -118,6 +118,10 @@
   #define SSL_CVERIFY_OPTIONAL_NO_CA  (3)
   #define SSL_VERIFY_PEER_STRICT      (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
   
  +#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security
reasons.\n"  \
  +                                "In order to read them you have to provide the pass phrases.\n"
        \
  +                                "Enter password :"
  +
   extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
   
   typedef struct {
  @@ -132,9 +136,11 @@
   typedef struct {
       char            password[SSL_MAX_PASSWORD_LEN];
       const char     *prompt;
  -    tcn_ssl_ctxt_t *ctx;
  +    BIO            *bio;
   } tcn_pass_cb_t;
   
  +extern tcn_pass_cb_t tcn_password_callback;
  +
   struct tcn_ssl_ctxt_t {
       apr_pool_t      *pool;
       SSL_CTX         *ctx;
  @@ -162,7 +168,7 @@
       int             verify_depth;
       int             verify_mode;
       void            *temp_keys[SSL_TMP_KEY_MAX];
  -    tcn_pass_cb_t   password;
  +    tcn_pass_cb_t   *cb_data;
   };
   
   typedef struct {
  
  
  
  1.21      +4 -1      jakarta-tomcat-connectors/jni/native/src/ssl.c
  
  Index: ssl.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- ssl.c	6 Jun 2005 08:14:50 -0000	1.20
  +++ ssl.c	7 Jun 2005 11:05:07 -0000	1.21
  @@ -37,6 +37,7 @@
   
   ENGINE *tcn_ssl_engine = NULL;
   void *SSL_temp_keys[SSL_TMP_KEY_MAX];
  +tcn_pass_cb_t tcn_password_callback;
   
   /*
    * Handle the Temporary RSA Keys and DH Params
  @@ -404,6 +405,8 @@
           tcn_ssl_engine = ee;
       }
   #endif
  +
  +    memset(&tcn_password_callback, 0, sizeof(tcn_pass_cb_t));
       /* Initialize PRNG
        * This will in most cases call the builtin
        * low entropy seed.
  
  
  
  1.27      +15 -8     jakarta-tomcat-connectors/jni/native/src/sslcontext.c
  
  Index: sslcontext.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- sslcontext.c	7 Jun 2005 09:57:22 -0000	1.26
  +++ sslcontext.c	7 Jun 2005 11:05:07 -0000	1.27
  @@ -123,7 +123,6 @@
       c->ctx      = ctx;
       c->pool     = p;
       c->bio_os   = BIO_new(BIO_s_file());
  -    c->password.ctx = c;
       if (c->bio_os != NULL)
           BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
       SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
  @@ -162,7 +161,7 @@
   
       /* Set default password callback */
       SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback);
  -    SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void *)(&c->password));
  +    SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void *)(&tcn_password_callback));
       /*
        * Let us cleanup the ssl context when the pool is destroyed
        */
  @@ -214,9 +213,12 @@
           c->bio_os = bio_handle;
       }
       else if (dir == 1) {
  -        if (c->bio_os && c->bio_is != bio_handle)
  +        if (c->bio_is && c->bio_is != bio_handle)
               SSL_BIO_close(c->bio_is);
  -        c->bio_os = bio_handle;
  +        c->bio_is = bio_handle;
  +        if (!c->cb_data)
  +            c->cb_data = (tcn_pass_cb_t *)apr_pcalloc(c->pool, sizeof(tcn_pass_cb_t));
  +        c->cb_data->bio = bio_handle;
       }
       else
           return;
  @@ -426,6 +428,7 @@
   {
       BIO *bio = NULL;
       EVP_PKEY *key = NULL;
  +    void *cb_data = c->cb_data;
   
       if ((bio = BIO_new(BIO_s_file())) == NULL) {
           return NULL;
  @@ -434,9 +437,11 @@
           BIO_free(bio);
           return NULL;
       }
  +    if (!cb_data)
  +        cb_data = &tcn_password_callback;
       key = PEM_read_bio_PrivateKey(bio, NULL,
                   (pem_password_cb *)SSL_password_callback,
  -                (void *)(&c->password));
  +                cb_data);
       BIO_free(bio);
       return key;
   }
  @@ -481,8 +486,10 @@
           goto cleanup;
       }
       if (J2S(password)) {
  -        strncpy(c->password.password, J2S(password), SSL_MAX_PASSWORD_LEN);
  -        c->password.password[SSL_MAX_PASSWORD_LEN-1] = '\0';
  +        if (!c->cb_data)
  +            c->cb_data = &tcn_password_callback;
  +        strncpy(c->cb_data->password, J2S(password), SSL_MAX_PASSWORD_LEN);
  +        c->cb_data->password[SSL_MAX_PASSWORD_LEN-1] = '\0';
       }
       key_file  = J2S(key);
       cert_file = J2S(cert);
  
  
  
  1.20      +8 -14     jakarta-tomcat-connectors/jni/native/src/sslutils.c
  
  Index: sslutils.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- sslutils.c	7 Jun 2005 10:00:55 -0000	1.19
  +++ sslutils.c	7 Jun 2005 11:05:07 -0000	1.20
  @@ -73,19 +73,14 @@
       return;
   }
   
  -#define PROMPT_STRING "Enter password: "
   /* Simple echo password prompting */
   int SSL_password_prompt(tcn_pass_cb_t *data)
   {
       int rv = 0;
       data->password[0] = '\0';
  -    if (data->ctx && data->ctx->bio_is) {
  -        if (data->ctx->bio_is->flags & SSL_BIO_FLAG_RDONLY) {
  -            /* Use error BIO in case of stdin */
  -            BIO_puts(data->ctx->bio_os, data->prompt);
  -        }
  -        rv = BIO_gets(data->ctx->bio_is,
  -                      data->password, SSL_MAX_PASSWORD_LEN);
  +    if (data->bio) {
  +        rv = BIO_gets(data->bio, data->password,
  +                      SSL_MAX_PASSWORD_LEN);
       }
       else {
   #ifdef WIN32
  @@ -121,15 +116,14 @@
   {
       int rv = 0;
       tcn_pass_cb_t *cb_data = (tcn_pass_cb_t *)cb;
  -    tcn_pass_cb_t c;
   
       if (buf == NULL)
           return 0;
       *buf = '\0';
  -    if (cb_data == NULL) {
  -        memset(&c, 0, sizeof(tcn_pass_cb_t));
  -        cb_data = &c;
  -    }
  +    if (cb_data == NULL)
  +        cb_data = &tcn_password_callback;
  +    if (!cb_data->prompt)
  +        cb_data->prompt = SSL_DEFAULT_PASS_PROMPT;
       if (cb_data->password[0]) {
           /* Return already obtained password */
           strncpy(buf, cb_data->password, bufsiz);
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message