tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: tc-native and multiple certificates for a single virtual host
Date Tue, 23 Jun 2015 12:11:45 GMT
2015-06-22 9:06 GMT+03:00 jean-frederic clere <jfclere@gmail.com>:
> On 06/19/2015 10:01 PM, Mark Thomas wrote:
>>
>> I'm looking at integrating multiple certificate support with APR/native
>> and the new OpenSSLContext.
>>
>> I have a query about the following method that I hope those that have
>> been working in this area recently will be able to answer.
>>
>> SSLContext.setCertificate(long ctx, String cert, String key,
>>                            String password, int idx)
>>
>> The idx can either be 0 (RSA) or 1 (DSS).
>
>
> It is tested between 0 and <4.
>
>>
>> I know the tc-native enforces that idx is 0 or 1. Does it require that
>> idx is 0 for RSA keys and 1 for DSS keys?
>
>
> According the include:
> +++
> #define SSL_AIDX_RSA     (0)
> #define SSL_AIDX_DSA     (1)
> #define SSL_AIDX_ECC     (3)
> #define SSL_AIDX_MAX     (4)
> +++

As those look like indexes into an array, I wonder why "2" was skipped.

Those defines were introduced in r1681509
Note that they were backported to native 1.1.x in r1681515


>>
>> How does one specify an ECC key?
>
>
> Using 3 I guess but I don't see a different handling for the different type
> of key/cert... Basically it looks like the latest call tells which key/cert
> will be used.
>


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message