tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src sslcontext.c
Date Fri, 10 Jun 2005 06:44:35 GMT
mturk       2005/06/09 23:44:35

  Modified:    jni/java/org/apache/tomcat/jni SSL.java SSLContext.java
               jni/native/include ssl_private.h
               jni/native/src sslcontext.c
  Log:
  Add option for setting the SSL connection shutdown type.
  
  Revision  Changes    Path
  1.16      +5 -1      jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
  
  Index: SSL.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- SSL.java	9 Jun 2005 09:13:54 -0000	1.15
  +++ SSL.java	10 Jun 2005 06:44:35 -0000	1.16
  @@ -153,6 +153,10 @@
       public static final int SSL_MODE_SERVER         = 1;
       public static final int SSL_MODE_COMBINED       = 2;
   
  +    public static final int SSL_SHUTDOWN_TYPE_UNSET    = 0;
  +    public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1;
  +    public static final int SSL_SHUTDOWN_TYPE_UNCLEAN  = 2;
  +    public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
   
       /* Return OpenSSL version number */
       public static native int version();
  
  
  
  1.17      +18 -4     jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
  
  Index: SSLContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- SSLContext.java	10 Jun 2005 06:25:08 -0000	1.16
  +++ SSLContext.java	10 Jun 2005 06:44:35 -0000	1.17
  @@ -41,7 +41,7 @@
        * SSL_MODE_CLIENT
        * SSL_MODE_SERVER
        * SSL_MODE_COMBINED
  -     * </PRE>     
  +     * </PRE>
        */
       public static native long make(long pool, int protocol, int mode)
           throws Exception;
  @@ -134,7 +134,7 @@
        * Certificate Revocation Lists (CRL) of Certification Authorities (CA)
        * whose clients you deal with. These are used for Client Authentication.
        * Such a file is simply the concatenation of the various PEM-encoded CRL
  -     * files, in order of preference.     
  +     * files, in order of preference.
        * <br />
        * The files in this directory have to be PEM-encoded and are accessed through
        * hash filenames. So usually you can't just place the Certificate files there:
  @@ -167,7 +167,7 @@
        * @param ctx Server or Client context to use.
        * @param file File of PEM-encoded Server CA Certificates.
        * @param skipfirst Skip first certificate if chain file is inside
  -     *                  certificate file. 
  +     *                  certificate file.
        */
       public static native boolean setCertificateChainFile(long ctx, String file,
                                                            boolean skipfirst);
  @@ -249,6 +249,20 @@
       public static native void setVerifyDepth(long ctx, int depth);
   
       /**
  +     * Set SSL connection shutdown type
  +     * <br />
  +     * The following levels are available for level:
  +     * <PRE>
  +     * SSL_SHUTDOWN_TYPE_STANDARD
  +     * SSL_SHUTDOWN_TYPE_UNCLEAN
  +     * SSL_SHUTDOWN_TYPE_ACCURATE
  +     * </PRE>
  +     * @param ctx Server or Client context to use.
  +     * @param type Shutdown type to use.
  +     */
  +    public static native void setShutdowType(long ctx, int type);
  +
  +    /**
        * Set Type of Client Certificate verification
        * <br />
        * This directive sets the Certificate verification level for the Client
  
  
  
  1.22      +8 -1      jakarta-tomcat-connectors/jni/native/include/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- ssl_private.h	10 Jun 2005 06:25:08 -0000	1.21
  +++ ssl_private.h	10 Jun 2005 06:44:35 -0000	1.22
  @@ -134,6 +134,11 @@
   #define SSL_CVERIFY_OPTIONAL_NO_CA  (3)
   #define SSL_VERIFY_PEER_STRICT      (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
   
  +#define SSL_SHUTDOWN_TYPE_UNSET     (0)
  +#define SSL_SHUTDOWN_TYPE_STANDARD  (1)
  +#define SSL_SHUTDOWN_TYPE_UNCLEAN   (2)
  +#define SSL_SHUTDOWN_TYPE_ACCURATE  (3)
  +
   #define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security
reasons.\n"  \
                                   "In order to read them you have to provide the pass phrases.\n"
        \
                                   "Enter password :"
  @@ -177,6 +182,7 @@
       EVP_PKEY        *keys[SSL_AIDX_MAX];
   
       int             ca_certs;
  +    int             shutdown_type;
   
       const char      *cipher_suite;
       /* for client or downstream server authentication */
  @@ -188,6 +194,7 @@
   typedef struct {
       tcn_ssl_ctxt_t *ctx;
       SSL            *ssl;
  +    int             shutdown_type;
   } tcn_ssl_conn_t;
   
   
  
  
  
  1.31      +15 -4     jakarta-tomcat-connectors/jni/native/src/sslcontext.c
  
  Index: sslcontext.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- sslcontext.c	10 Jun 2005 06:25:08 -0000	1.30
  +++ sslcontext.c	10 Jun 2005 06:44:35 -0000	1.31
  @@ -156,8 +156,9 @@
       /* Set default Certificate verification level
        * and depth for the Client Authentication
        */
  -    c->verify_depth = 1;
  -    c->verify_mode  = SSL_CVERIFY_UNSET;
  +    c->verify_depth  = 1;
  +    c->verify_mode   = SSL_CVERIFY_UNSET;
  +    c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
   
       /* Set default password callback */
       SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback);
  @@ -323,7 +324,7 @@
       tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
       jboolean rv = JNI_FALSE;
       TCN_ALLOC_CSTRING(file);
  -    
  +
       UNREFERENCED(o);
       TCN_ASSERT(ctx != 0);
       if (!J2S(file))
  @@ -401,6 +402,16 @@
       c->verify_depth = depth;
   }
   
  +TCN_IMPLEMENT_CALL(void, SSLContext, setShutdownType)(TCN_STDARGS, jlong ctx,
  +                                                      jint type)
  +{
  +    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
  +
  +    UNREFERENCED_STDARGS;
  +    TCN_ASSERT(ctx != 0);
  +    c->shutdown_type = type;
  +}
  +
   TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyClient)(TCN_STDARGS, jlong ctx,
                                                         jint level)
   {
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message