tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cos...@apache.org
Subject svn commit: r1292127 - /tomcat/native/trunk/native/src/sslext.c
Date Wed, 22 Feb 2012 04:52:16 GMT
Author: costin
Date: Wed Feb 22 04:52:15 2012
New Revision: 1292127

URL: http://svn.apache.org/viewvc?rev=1292127&view=rev
Log:
Use fixed len for the buffers. Add back the code for getting/setting tickets.


Modified:
    tomcat/native/trunk/native/src/sslext.c

Modified: tomcat/native/trunk/native/src/sslext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslext.c?rev=1292127&r1=1292126&r2=1292127&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslext.c (original)
+++ tomcat/native/trunk/native/src/sslext.c Wed Feb 22 04:52:15 2012
@@ -33,11 +33,14 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setSess
 {
 	tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
 	tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
-	unsigned char bytes[len];
-	const unsigned char *bytesp = &bytes[0];
+	jbyte bytes[TCN_BUFFER_SZ];
+	const jbyte *bytesp = &bytes[0];
 
+	if (len > TCN_BUFFER_SZ) {
+		return -1;
+	}
 	(*e)->GetByteArrayRegion(e, buf, 0, len, bytes);
-	SSL_SESSION* ssl_session = d2i_SSL_SESSION(NULL, &bytesp, len);
+	SSL_SESSION* ssl_session = d2i_SSL_SESSION(NULL, (const unsigned char **)&bytesp, len);
 
 	SSL_set_session(tcssl->ssl, ssl_session);
 	return 0;
@@ -50,14 +53,14 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSLExt, g
 	SSL_SESSION *sess = SSL_get_session(tcssl->ssl);
 
 	int size = i2d_SSL_SESSION(sess, NULL);
-	if (size == 0) {
+	if (size == 0 || size > TCN_BUFFER_SZ) {
 		return NULL;
 	}
 
 	jbyteArray javaBytes = (*e)->NewByteArray(e, size);
 	if (javaBytes != NULL) {
-		unsigned char bytes[size];
-		unsigned char *bytesp = &bytes[0];
+		jbyte bytes[TCN_BUFFER_SZ];
+		unsigned char *bytesp = (unsigned char *)&bytes[0];
 
 		i2d_SSL_SESSION(sess, &bytesp);
 		(*e)->SetByteArrayRegion(e, javaBytes, 0, size, bytes);
@@ -66,8 +69,6 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSLExt, g
 	return javaBytes;
 }
 
-#ifdef EXP_TICKETS
-// Experimenting with tickets
 TCN_IMPLEMENT_CALL(jint, SSLExt, getTicket)(TCN_STDARGS, jlong tcsock, jbyteArray buf)
 {
 	tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
@@ -79,7 +80,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, getTick
 	if (!x->tlsext_tick || x->tlsext_ticklen > bufLen) {
 		return 0;
 	}
-	(*e)->SetByteArrayRegion(e, buf, 0, x->tlsext_ticklen, &x->tlsext_tick[0]);
+	(*e)->SetByteArrayRegion(e, buf, 0, x->tlsext_ticklen, (jbyte *) &x->tlsext_tick[0]);
 
 	return x->tlsext_ticklen;
 }
@@ -91,7 +92,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setTick
 	tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
 
 	char * requestedTicket = apr_pcalloc(tcssl->pool, len);
-	(*e)->GetByteArrayRegion(e, buf, 0, len, requestedTicket);
+	(*e)->GetByteArrayRegion(e, buf, 0, len, (jbyte *) requestedTicket);
 	SSL_set_session_ticket_ext(tcssl->ssl, requestedTicket, len);
 	return 0;
 }
@@ -101,12 +102,11 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setTick
 	tcn_ssl_ctxt_t *sslctx = J2P(tc_ssl_ctx, tcn_ssl_ctxt_t *);
 	unsigned char keys[48];
 
-	(*e)->GetByteArrayRegion(e, buf, 0, 48, keys);
+	(*e)->GetByteArrayRegion(e, buf, 0, 48, (jbyte *) keys);
 
 	SSL_CTX_set_tlsext_ticket_keys(sslctx->ctx, keys, sizeof(keys));
 	return 0;
 }
-#endif
 
 // Debug code - copied from openssl app
 
@@ -420,21 +420,6 @@ void msg_cb(int write_p, int version, in
 	(void)BIO_flush(bio);
 }
 
-/*
- TCN_IMPLEMENT_CALL(jint, SSLSocket, setTlsHostname)(TCN_STDARGS, jlong sock,
- jbyteArray buf, jint offset, jint tosend)
- {
- //SSL_set_tlsext_host_name
- return 0;
- }
-
- TCN_IMPLEMENT_CALL(jString, SSLSocket, getTlsHostname)(TCN_STDARGS, jlong sock,
- jbyteArray buf, jint offset, jint tosend)
- {
- return NULL;
- }
- */
-
 TCN_IMPLEMENT_CALL(jint, SSLExt, debug)(TCN_STDARGS, jlong tcsock)
 {
 	tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
@@ -484,7 +469,6 @@ TCN_IMPLEMENT_CALL( jbyteArray, SSLExt, 
 	return (jint)-APR_ENOTIMPL;
 }
 
-#ifdef EXP_TICKETS
 TCN_IMPLEMENT_CALL( jint, SSLExt, getTicket)(TCN_STDARGS, jlong tcsock, jbyteArray buf)
 {
 	return (jint)-APR_ENOTIMPL;
@@ -499,7 +483,6 @@ TCN_IMPLEMENT_CALL( jint, SSLExt, setTic
 {
 	return (jint)-APR_ENOTIMPL;
 }
-#endif
 
 TCN_IMPLEMENT_CALL( jint, SSLExt, sslSetMode)(TCN_STDARGS, jlong tc_ssl_ctx, jint mode)
 {
@@ -514,9 +497,12 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setSNI)
 {
 	tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
 	tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
-	unsigned char bytes[len];
+	unsigned char bytes[TCN_BUFFER_SZ];
 	const unsigned char *bytesp = &bytes[0];
 
+	if (len > TCN_BUFFER_SZ) {
+		return -1;
+	}
 	(*e)->GetByteArrayRegion(e, buf, 0, len, bytes);
 	SSL_set_tlsext_host_name(tcssl->ssl, &bytesp);
 	return 0;
@@ -609,7 +595,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, getNPN)
 
 #else
 
-TCN_IMPLEMENT_CALL(jlong, SSLExt, setNPN)(TCN_STDARGS, jlong tc_ssl_ctx,
+TCN_IMPLEMENT_CALL(jint, SSLExt, setNPN)(TCN_STDARGS, jlong tc_ssl_ctx,
 		jbyteArray buf, jint len)
 {
 	return (jint)-APR_ENOTIMPL;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message