tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1676733 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslcontext.c
Date Wed, 29 Apr 2015 12:38:43 GMT
Author: markt
Date: Wed Apr 29 12:38:40 2015
New Revision: 1676733

URL: http://svn.apache.org/r1676733
Log:
Remove some ALPN debug code. Add an SNI callback (dummy implementation only so far)

Modified:
    tomcat/native/trunk/native/include/ssl_private.h
    tomcat/native/trunk/native/src/sslcontext.c

Modified: tomcat/native/trunk/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1676733&r1=1676732&r2=1676733&view=diff
==============================================================================
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Wed Apr 29 12:38:40 2015
@@ -259,8 +259,12 @@ struct tcn_ssl_ctxt_t {
     /* for client: List of protocols to request via ALPN.
      * for server: List of protocols to accept via ALPN.
      */
-    char *alpn;
-    int alpnlen;
+    char            *alpn;
+    int             alpnlen;
+    
+    /* References to Java SSLContext class used by SNI callbacks */
+    JNIEnv          *jnienv;
+    jobject         java_object;
 };
 
   

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676733&r1=1676732&r2=1676733&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 12:38:40 2015
@@ -62,6 +62,15 @@ static apr_status_t ssl_context_cleanup(
     return APR_SUCCESS;
 }
 
+/* Callback used when OpenSSL receives a client hello with a Server Name
+ * Indication extension.
+ */
+int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c)
+{
+    printf("SNI callback received");
+    return SSL_TLSEXT_ERR_OK;
+}
+ 
 /* Initialize server context */
 TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool,
                                             jint protocol, jint mode)
@@ -69,7 +78,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     apr_pool_t *p = J2P(pool, apr_pool_t *);
     tcn_ssl_ctxt_t *c = NULL;
     SSL_CTX *ctx = NULL;
-    UNREFERENCED(o);
 
     if (protocol == SSL_PROTOCOL_TLSV1_2) {
 #ifdef SSL_OP_NO_TLSv1_2
@@ -197,6 +205,13 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback);
     SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void *)(&tcn_password_callback));
     SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
+    
+    /* Set Server Name Indication (SNI) callback */
+    c->jnienv      = e;
+    c->java_object = o;
+    SSL_CTX_set_tlsext_servername_callback(c->ctx, ssl_callback_ServerNameIndication);
+    SSL_CTX_set_tlsext_servername_arg(c->ctx, c);
+
     /*
      * Let us cleanup the ssl context when the pool is destroyed
      */
@@ -684,8 +699,6 @@ int cb_server_alpn(SSL *ssl,
     int i;
     unsigned short splen;
 
-    printf("inlen [%d]\n", inlen);
-    
     if (inlen == 0) {
         // Client specified an empty protocol list. Nothing to negotiate.
         return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -713,8 +726,6 @@ int cb_server_alpn(SSL *ssl,
         return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
     
-    printf("A\n");
-
     proposed_protos = apr_array_make(con->pool, 0, sizeof(char *));
     for (i = 0; i < tcsslctx->alpnlen; /**/) {
         unsigned int plen = tcsslctx->alpn[i++];
@@ -727,8 +738,6 @@ int cb_server_alpn(SSL *ssl,
         i += plen;
     }
     
-    printf("E\n");
-
     if (proposed_protos->nelts <= 0) {
         // Should never happen. The server did not specify any protocols.
         return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -744,8 +753,6 @@ int cb_server_alpn(SSL *ssl,
         }
     }
 
-    printf("F\n");
-
     size_t len = strlen((const char*)*out);
     if (len > 255) {
         // Agreed protocol name too long



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message