tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: svn commit: r1149093 - /tomcat/native/branches/1.1.x/native/src/sslcontext.c
Date Thu, 21 Jul 2011 13:55:18 GMT
Why is this change needed? Look around current line 139, which already
handles that case. All the options are set there and the code before
your change mimics the code in httpd. I tested it recently and thought
it's correct for all protocol settings.

Regards,

Rainer

On 21.07.2011 11:56, jfclere@apache.org wrote:
> Author: jfclere
> Date: Thu Jul 21 09:56:43 2011
> New Revision: 1149093
> 
> URL: http://svn.apache.org/viewvc?rev=1149093&view=rev
> Log:
> Fix for 51056.
> 
> Modified:
>     tomcat/native/branches/1.1.x/native/src/sslcontext.c
> 
> Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
> URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1149093&r1=1149092&r2=1149093&view=diff
> ==============================================================================
> --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
> +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Thu Jul 21 09:56:43 2011
> @@ -90,7 +90,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
>          break;
>          case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
>          case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_TLSV1:
> -        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
>          case SSL_PROTOCOL_ALL:
>              if (mode == SSL_MODE_CLIENT)
>                  ctx = SSL_CTX_new(SSLv23_client_method());
> @@ -99,6 +98,16 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
>              else
>                  ctx = SSL_CTX_new(SSLv23_method());
>          break;
> +        case SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1:
> +            if (mode == SSL_MODE_CLIENT)
> +                ctx = SSL_CTX_new(SSLv23_client_method());
> +            else if (mode == SSL_MODE_SERVER)
> +                ctx = SSL_CTX_new(SSLv23_server_method());
> +            else
> +                ctx = SSL_CTX_new(SSLv23_method());
> +            if (ctx != NULL)
> +                SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
> +        break;
>          case SSL_PROTOCOL_TLSV1:
>              if (mode == SSL_MODE_CLIENT)
>                  ctx = SSL_CTX_new(TLSv1_client_method());

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message