tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src sslcontext.c
Date Fri, 10 Jun 2005 07:53:24 GMT
mturk       2005/06/10 00:53:24

  Modified:    jni/java/org/apache/tomcat/jni SSLContext.java
               jni/native/src sslcontext.c
  Log:
  Combine verfyClient and verifyDepth to a single function
  because they are related.
  
  Revision  Changes    Path
  1.18      +13 -27    jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
  
  Index: SSLContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- SSLContext.java	10 Jun 2005 06:44:35 -0000	1.17
  +++ SSLContext.java	10 Jun 2005 07:53:24 -0000	1.18
  @@ -225,30 +225,6 @@
           throws Exception;
   
       /**
  -     * Set Maximum depth of CA Certificates in Client Certificate verification
  -     * <br />
  -     * This directive sets how deeply mod_ssl should verify before deciding that
  -     * the clients don't have a valid certificate. Notice that this directive can
  -     * be used both in per-server and per-directory context. In per-server context
  -     * it applies to the client authentication process used in the standard SSL
  -     * handshake when a connection is established. In per-directory context it forces
  -     * a SSL renegotation with the reconfigured client verification depth after the
  -     * HTTP request was read but before the HTTP response is sent.
  -     * <br />
  -     * The depth actually is the maximum number of intermediate certificate issuers,
  -     * i.e. the number of CA certificates which are max allowed to be followed while
  -     * verifying the client certificate. A depth of 0 means that self-signed client
  -     * certificates are accepted only, the default depth of 1 means the client
  -     * certificate can be self-signed or has to be signed by a CA which is directly
  -     * known to the server (i.e. the CA's certificate is under
  -     * <code>setCACertificatePath</code>), etc.
  -     * @param ctx Server or Client context to use.
  -     * @param depth Maximum depth of CA Certificates in Client Certificate
  -     *              verification.
  -     */
  -    public static native void setVerifyDepth(long ctx, int depth);
  -
  -    /**
        * Set SSL connection shutdown type
        * <br />
        * The following levels are available for level:
  @@ -263,7 +239,8 @@
       public static native void setShutdowType(long ctx, int type);
   
       /**
  -     * Set Type of Client Certificate verification
  +     * Set Type of Client Certificate verification and Maximum depth of CA Certificates
  +     * in Client Certificate verification.
        * <br />
        * This directive sets the Certificate verification level for the Client
        * Authentication. Notice that this directive can be used both in per-server
  @@ -281,10 +258,19 @@
        * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
        *                              but it need not to be (successfully) verifiable
        * </PRE>
  +     * <br />
  +     * The depth actually is the maximum number of intermediate certificate issuers,
  +     * i.e. the number of CA certificates which are max allowed to be followed while
  +     * verifying the client certificate. A depth of 0 means that self-signed client
  +     * certificates are accepted only, the default depth of 1 means the client
  +     * certificate can be self-signed or has to be signed by a CA which is directly
  +     * known to the server (i.e. the CA's certificate is under
        * <code>setCACertificatePath</code>), etc.
        * @param ctx Server or Client context to use.
        * @param level Type of Client Certificate verification.
  +     * @param depth Maximum depth of CA Certificates in Client Certificate
  +     *              verification.
        */
  -    public static native void setVerifyClient(long ctx, int level);
  +    public static native void setVerify(long ctx, int level, int depth);
   
   }
  
  
  
  1.32      +5 -14     jakarta-tomcat-connectors/jni/native/src/sslcontext.c
  
  Index: sslcontext.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -u -r1.31 -r1.32
  --- sslcontext.c	10 Jun 2005 06:44:35 -0000	1.31
  +++ sslcontext.c	10 Jun 2005 07:53:24 -0000	1.32
  @@ -392,16 +392,6 @@
       return rv;
   }
   
  -TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyDepth)(TCN_STDARGS, jlong ctx,
  -                                                     jint depth)
  -{
  -    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
  -
  -    UNREFERENCED_STDARGS;
  -    TCN_ASSERT(ctx != 0);
  -    c->verify_depth = depth;
  -}
  -
   TCN_IMPLEMENT_CALL(void, SSLContext, setShutdownType)(TCN_STDARGS, jlong ctx,
                                                         jint type)
   {
  @@ -412,8 +402,8 @@
       c->shutdown_type = type;
   }
   
  -TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyClient)(TCN_STDARGS, jlong ctx,
  -                                                      jint level)
  +TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx,
  +                                                jint level, jint depth)
   {
       tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
       int verify = SSL_VERIFY_NONE;
  @@ -424,7 +414,8 @@
   
       if (c->verify_mode == SSL_CVERIFY_UNSET)
           c->verify_mode = SSL_CVERIFY_NONE;
  -
  +    if (depth > 0)
  +        c->verify_depth = depth;
       /*
        *  Configure callbacks for SSL context
        */
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message