Return-Path: 
 <dev-return-161718-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-dev-archive@www.apache.org
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 321AA18A84
	for <apmail-tomcat-dev-archive@www.apache.org>;
 Wed, 29 Apr 2015 12:38:45 +0000 (UTC)
Received: (qmail 61169 invoked by uid 500); 29 Apr 2015 12:38:44 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 61092 invoked by uid 500); 29 Apr 2015 12:38:44 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 61082 invoked by uid 99); 29 Apr 2015 12:38:44 -0000
Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Apr 2015 12:38:44 +0000
Received: from hades.apache.org (localhost [127.0.0.1])
	by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id
 F0D33AC0623
	for <dev@tomcat.apache.org>; Wed, 29 Apr 2015 12:38:43 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1676733 - in /tomcat/native/trunk/native:
 include/ssl_private.h
 src/sslcontext.c
Date: Wed, 29 Apr 2015 12:38:43 -0000
To: dev@tomcat.apache.org
From: markt@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20150429123843.F0D33AC0623@hades.apache.org>

Author: markt
Date: Wed Apr 29 12:38:40 2015
New Revision: 1676733

URL: http://svn.apache.org/r1676733
Log:
Remove some ALPN debug code. Add an SNI callback (dummy implementation only so far)

Modified:
    tomcat/native/trunk/native/include/ssl_private.h
    tomcat/native/trunk/native/src/sslcontext.c

Modified: tomcat/native/trunk/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1676733&r1=1676732&r2=1676733&view=diff
==============================================================================
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Wed Apr 29 12:38:40 2015
@@ -259,8 +259,12 @@ struct tcn_ssl_ctxt_t {
     /* for client: List of protocols to request via ALPN.
      * for server: List of protocols to accept via ALPN.
      */
-    char *alpn;
-    int alpnlen;
+    char            *alpn;
+    int             alpnlen;
+    
+    /* References to Java SSLContext class used by SNI callbacks */
+    JNIEnv          *jnienv;
+    jobject         java_object;
 };
 
   

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676733&r1=1676732&r2=1676733&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 12:38:40 2015
@@ -62,6 +62,15 @@ static apr_status_t ssl_context_cleanup(
     return APR_SUCCESS;
 }
 
+/* Callback used when OpenSSL receives a client hello with a Server Name
+ * Indication extension.
+ */
+int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c)
+{
+    printf("SNI callback received");
+    return SSL_TLSEXT_ERR_OK;
+}
+ 
 /* Initialize server context */
 TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool,
                                             jint protocol, jint mode)
@@ -69,7 +78,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     apr_pool_t *p = J2P(pool, apr_pool_t *);
     tcn_ssl_ctxt_t *c = NULL;
     SSL_CTX *ctx = NULL;
-    UNREFERENCED(o);
 
     if (protocol == SSL_PROTOCOL_TLSV1_2) {
 #ifdef SSL_OP_NO_TLSv1_2
@@ -197,6 +205,13 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     SSL_CTX_set_default_passwd_cb(c->ctx, (pem_password_cb *)SSL_password_callback);
     SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void *)(&tcn_password_callback));
     SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake);
+    
+    /* Set Server Name Indication (SNI) callback */
+    c->jnienv      = e;
+    c->java_object = o;
+    SSL_CTX_set_tlsext_servername_callback(c->ctx, ssl_callback_ServerNameIndication);
+    SSL_CTX_set_tlsext_servername_arg(c->ctx, c);
+
     /*
      * Let us cleanup the ssl context when the pool is destroyed
      */
@@ -684,8 +699,6 @@ int cb_server_alpn(SSL *ssl,
     int i;
     unsigned short splen;
 
-    printf("inlen [%d]\n", inlen);
-    
     if (inlen == 0) {
         // Client specified an empty protocol list. Nothing to negotiate.
         return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -713,8 +726,6 @@ int cb_server_alpn(SSL *ssl,
         return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
     
-    printf("A\n");
-
     proposed_protos = apr_array_make(con->pool, 0, sizeof(char *));
     for (i = 0; i < tcsslctx->alpnlen; /**/) {
         unsigned int plen = tcsslctx->alpn[i++];
@@ -727,8 +738,6 @@ int cb_server_alpn(SSL *ssl,
         i += plen;
     }
     
-    printf("E\n");
-
     if (proposed_protos->nelts <= 0) {
         // Should never happen. The server did not specify any protocols.
         return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -744,8 +753,6 @@ int cb_server_alpn(SSL *ssl,
         }
     }
 
-    printf("F\n");
-
     size_t len = strlen((const char*)*out);
     if (len > 255) {
         // Agreed protocol name too long



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org