tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: OCSP with openSSL
Date Mon, 17 Jun 2019 14:29:06 GMT
On 17/06/2019 15:15, logo wrote:
> Hi Mark,
> 
> having been in contact with Усманов, I can confirm your summary.
> 
> May I add my question from February with additional info to this thread:
> https://markmail.org/message/zvziqrhm32bctm7e

Thanks.

Progress can be tracked here:
https://bz.apache.org/bugzilla/show_bug.cgi?id=56148

At the moment, the pure JSSE solutions (NIO+JSSE, NIO2+JSSE) support
OCSP stapling with appropriate configuration.

The OpenSSL ones (APR/native, NIO+OpenSSL, NIO2+OpenSSL) do not.

It might be simply a configuration issue with OpenSSL. It might need
code changes in APR/Native. I'm currently looking in to that.

Mark


> 
> Thanks.
> 
> Peter
> 
> Am 2019-06-17 15:44, schrieb Mark Thomas:
>> Coming back to this as it has been on my TODO list for a while.
>>
>> Having re-read the thread I think it would be helpful to first clarify
>> exactly what behaviour you are expecting and not seeing.
>>
>> The issue relates to OCSP checks when Tomcat is presenting it's server
>> certificate to the client.
>>
>> You are expecting Tomcat to use OCSP stapling to provide the OCSP
>> information to the client so that the client does not have to request it
>> itself.
>>
>> Tomcat is not providing the OCSP information. It appears that OCSP
>> stapling is not working.
>>
>> Is the above a fair summary? If not, please provide corrections.
>>
>> Thanks,
>>
>> Mark
>>
>>
>> On 27/05/2019 12:36, Усманов Азат Анварович wrote:
>>> Just a quick follow up , trying to get some answers, I added  include
>>> <stdio.h> to sslutils.c (which has alll the ocsp functions )   to
>>> print some info.I  added printf calls to every function defined in
>>> this file.  Interestingly enough  when I issue  the  openssl s_client
>>> -connect debug.ieml.ru:8443  -tls1_2 -status -proxy 192.168.1.6:3131
>>> both tls1_2 and tls 1_3  versions and when I access  the server from
>>> another machine via browser none of printf  calls are displayed, 
>>> however, when I issue ssllabs server test (which is also supposedly
>>> capable of detecting ocsp)   some of them start to appear.  sadly
>>> none of them are ocsp related. I did put basic  ifdef  test for
>>> HAVE_OCSP_STAPLING, surprisingly  it  shows that ocsp support is
>>> indeed enabled . So here are  both   the modified  sslutils.c file
>>> and tomcat log snippet (not sure if attachments are allowed on  the
>>> list  so posting it  here )
>>> Not sure where to go from here
>>> /* Licensed to the Apache Software Foundation (ASF) under one or more
>>>  * contributor license agreements.  See the NOTICE file distributed with
>>>  * this work for additional information regarding copyright ownership.
>>>  * The ASF licenses this file to You under the Apache License,
>>> Version 2.0
>>>  * (the "License"); you may not use this file except in compliance with
>>>  * the License.  You may obtain a copy of the License at
>>>  *
>>>  *     http://www.apache.org/licenses/LICENSE-2.0
>>>  *
>>>  * Unless required by applicable law or agreed to in writing, software
>>>  * distributed under the License is distributed on an "AS IS" BASIS,
>>>  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>>  * See the License for the specific language governing permissions and
>>>  * limitations under the License.
>>>  */
>>>
>>> /** SSL Utilities
>>>  */
>>>
>>> #include "tcn.h"
>>> #include <stdio.h>
>>> #ifdef HAVE_OPENSSL
>>> #include "apr_poll.h"
>>> #include "ssl_private.h"
>>>
>>>
>>> #ifdef WIN32
>>> extern int WIN32_SSL_password_prompt(tcn_pass_cb_t *data);
>>> #endif
>>>
>>> #ifdef HAVE_OCSP_STAPLING
>>> #include <openssl/bio.h>
>>> #include <openssl/ocsp.h>
>>> /* defines with the values as seen by the asn1parse -dump openssl
>>> command */
>>> #define ASN1_SEQUENCE 0x30
>>> #define ASN1_OID      0x06
>>> #define ASN1_STRING   0x86
>>> static int ssl_verify_OCSP(X509_STORE_CTX *ctx);
>>> static int ssl_ocsp_request(X509 *cert, X509 *issuer, X509_STORE_CTX
>>> *ctx);
>>> #endif
>>>
>>> /*  _________________________________________________________________
>>> **
>>> **  Additional High-Level Functions for OpenSSL
>>> **  _________________________________________________________________
>>> */
>>>
>>> /* we initialize this index at startup time
>>>  * and never write to it at request time,
>>>  * so this static is thread safe.
>>>  * also note that OpenSSL increments at static variable when
>>>  * SSL_get_ex_new_index() is called, so we _must_ do this at startup.
>>>  */
>>> static int SSL_app_data2_idx = -1;
>>> static int SSL_app_data3_idx = -1;
>>> static int SSL_app_data4_idx = -1;
>>>
>>> void SSL_init_app_data_idx(void)
>>> { printf(" SSL_init_app_data_idx\n");
>>>    #ifdef HAVE_OCSP_STAPLING
>>> printf("Hi OCSP \n");
>>> #else
>>> printf("Sorry no OCSP support\n");
>>> #endif
>>>
>>>     int i;
>>>
>>>     if (SSL_app_data2_idx > -1) {
>>>         return;
>>>     }
>>>
>>>     /* we _do_ need to call this twice */
>>>     for (i = 0; i <= 1; i++) {
>>>         SSL_app_data2_idx =
>>>             SSL_get_ex_new_index(0,
>>>                                  "Second Application Data for SSL",
>>>                                  NULL, NULL, NULL);
>>>     }
>>>
>>>     if (SSL_app_data3_idx > -1) {
>>>         return;
>>>     }
>>>
>>>     SSL_app_data3_idx =
>>>             SSL_get_ex_new_index(0,
>>>                                  "Third Application Data for SSL",
>>>                                   NULL, NULL, NULL);
>>>
>>>     if (SSL_app_data4_idx > -1) {
>>>         return;
>>>     }
>>>
>>>     SSL_app_data4_idx =
>>>             SSL_get_ex_new_index(0,
>>>                                  "Fourth Application Data for SSL",
>>>                                   NULL, NULL, NULL);
>>>
>>> }
>>>
>>> void *SSL_get_app_data2(SSL *ssl)
>>> {
>>>      printf("ssl_get_app_data2 \n");
>>>     return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx);
>>> }
>>>
>>> void SSL_set_app_data2(SSL *ssl, void *arg)
>>> {
>>> printf("ssl_set_app_data2 \n");
>>>
>>>     SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg);
>>>     return;
>>> }
>>>
>>>
>>> void *SSL_get_app_data3(const SSL *ssl)
>>> {
>>> printf("ssl_get_app_data3 \n");
>>>
>>>     return SSL_get_ex_data(ssl, SSL_app_data3_idx);
>>> }
>>>
>>> void SSL_set_app_data3(SSL *ssl, void *arg)
>>> {
>>> printf("ssl_set_app_data3 \n");
>>>     SSL_set_ex_data(ssl, SSL_app_data3_idx, arg);
>>> }
>>>
>>> void *SSL_get_app_data4(const SSL *ssl)
>>> {
>>> printf("ssl_get_app_data4 \n");
>>>     return SSL_get_ex_data(ssl, SSL_app_data4_idx);
>>> }
>>>
>>> void SSL_set_app_data4(SSL *ssl, void *arg)
>>> {
>>> printf("ssl_set_app_data4 \n");
>>>     SSL_set_ex_data(ssl, SSL_app_data4_idx, arg);
>>> }
>>>
>>> /* Simple echo password prompting */
>>> int SSL_password_prompt(tcn_pass_cb_t *data)
>>> {
>>>
>>>     printf(" SSL_password_prompt\n");
>>> int rv = 0;
>>>     data->password[0] = '\0';
>>>     if (data->cb.obj) {
>>>         JNIEnv *e;
>>>         jobject  o;
>>>         jstring  prompt;
>>>         tcn_get_java_env(&e);
>>>         prompt = AJP_TO_JSTRING(data->prompt);
>>>         if ((o = (*e)->CallObjectMethod(e, data->cb.obj,
>>>                             data->cb.mid[0], prompt))) {
>>>             TCN_ALLOC_CSTRING(o);
>>>             if (J2S(o)) {
>>>                 strncpy(data->password, J2S(o), SSL_MAX_PASSWORD_LEN);
>>>                 data->password[SSL_MAX_PASSWORD_LEN-1] = '\0';
>>>                 rv = (int)strlen(data->password);
>>>             }
>>>             TCN_FREE_CSTRING(o);
>>>         }
>>>     }
>>>     else {
>>> #ifdef WIN32
>>>         rv = WIN32_SSL_password_prompt(data);
>>> #else
>>>         EVP_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN,
>>>                            data->prompt, 0);
>>> #endif
>>>         rv = (int)strlen(data->password);
>>>     }
>>>     if (rv > 0) {
>>>         /* Remove LF char if present */
>>>         char *r = strchr(data->password, '\n');
>>>         if (r) {
>>>             *r = '\0';
>>>             rv--;
>>>         }
>>> #ifdef WIN32
>>>         if ((r = strchr(data->password, '\r'))) {
>>>             *r = '\0';
>>>             rv--;
>>>         }
>>> #endif
>>>     }
>>>     return rv;
>>> }
>>>
>>> int SSL_password_callback(char *buf, int bufsiz, int verify,
>>>                           void *cb)
>>> {   printf("SSL_password_callback\n");
>>>     tcn_pass_cb_t *cb_data = (tcn_pass_cb_t *)cb;
>>>
>>>     if (buf == NULL)
>>>         return 0;
>>>     *buf = '\0';
>>>     if (cb_data == NULL)
>>>         cb_data = &tcn_password_callback;
>>>     if (!cb_data->prompt)
>>>         cb_data->prompt = SSL_DEFAULT_PASS_PROMPT;
>>>     if (cb_data->password[0]) {
>>>         /* Return already obtained password */
>>>         strncpy(buf, cb_data->password, bufsiz);
>>>         buf[bufsiz - 1] = '\0';
>>>         return (int)strlen(buf);
>>>     }
>>>     else {
>>>         if (SSL_password_prompt(cb_data) > 0)
>>>             strncpy(buf, cb_data->password, bufsiz);
>>>     }
>>>     buf[bufsiz - 1] = '\0';
>>>     return (int)strlen(buf);
>>> }
>>>
>>> /*  _________________________________________________________________
>>> **
>>> **  Custom (EC)DH parameter support
>>> **  _________________________________________________________________
>>> */
>>> DH *SSL_dh_GetParamFromFile(const char *file)
>>> {
>>>    printf("SSL_dh_GetParamFromFile\n");
>>>  DH *dh = NULL;
>>>     BIO *bio;
>>>
>>>     if ((bio = BIO_new_file(file, "r")) == NULL)
>>>         return NULL;
>>>     dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
>>>     BIO_free(bio);
>>>     return dh;
>>> }
>>>
>>> #ifdef HAVE_ECC
>>> EC_GROUP *SSL_ec_GetParamFromFile(const char *file)
>>> {
>>>
>>>    printf("SSL_ec_GetParamFromFile\n");
>>> EC_GROUP *group = NULL;
>>>     BIO *bio;
>>>
>>>     if ((bio = BIO_new_file(file, "r")) == NULL)
>>>         return NULL;
>>>     group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
>>>     BIO_free(bio);
>>>     return (group);
>>> }
>>> #endif
>>>
>>> /*
>>>  * Hand out standard DH parameters, based on the authentication strength
>>>  */
>>> DH *SSL_callback_tmp_DH(SSL *ssl, int export, int keylen)
>>> {
>>> printf("SSL_callback_tmp_DH\n");
>>> EVP_PKEY *pkey = SSL_get_privatekey(ssl);
>>>     int type = pkey != NULL ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
>>>
>>>     /*
>>>      * OpenSSL will call us with either keylen == 512 or keylen == 1024
>>>      * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
>>>      * Adjust the DH parameter length according to the size of the
>>>      * RSA/DSA private key used for the current connection, and always
>>>      * use at least 1024-bit parameters.
>>>      * Note: This may cause interoperability issues with implementations
>>>      * which limit their DH support to 1024 bit - e.g. Java 7 and
>>> earlier.
>>>      * In this case, SSLCertificateFile can be used to specify fixed
>>>      * 1024-bit DH parameters (with the effect that OpenSSL skips this
>>>      * callback).
>>>      */
>>>     if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
>>>         keylen = EVP_PKEY_bits(pkey);
>>>     }
>>>     return SSL_get_dh_params(keylen);
>>> }
>>>
>>> /*
>>>  * Read a file that optionally contains the server certificate in PEM
>>>  * format, possibly followed by a sequence of CA certificates that
>>>  * should be sent to the peer in the SSL Certificate message.
>>>  */
>>> int SSL_CTX_use_certificate_chain(SSL_CTX *ctx, const char *file,
>>>                                   int skipfirst)
>>> {
>>>      printf("SSL_CTX_use_certificate_chain\n");
>>>
>>>     BIO *bio;
>>>     X509 *x509;
>>>     unsigned long err;
>>>     int n;
>>>
>>>     if ((bio = BIO_new(BIO_s_file())) == NULL)
>>>         return -1;
>>>     if (BIO_read_filename(bio, file) <= 0) {
>>>         BIO_free(bio);
>>>         return -1;
>>>     }
>>>     /* optionally skip a leading server certificate */
>>>     if (skipfirst) {
>>>         if ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {
>>>             BIO_free(bio);
>>>             return -1;
>>>         }
>>>         X509_free(x509);
>>>     }
>>>
>>>     /* free a perhaps already configured extra chain */
>>>     SSL_CTX_clear_extra_chain_certs(ctx);
>>>
>>>     /* create new extra chain by loading the certs */
>>>     n = 0;
>>>     while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
>>>         if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
>>>             X509_free(x509);
>>>             BIO_free(bio);
>>>             return -1;
>>>         }
>>>         n++;
>>>     }
>>>     /* Make sure that only the error is just an EOF */
>>>     if ((err = ERR_peek_error()) > 0) {
>>>         if (!(   ERR_GET_LIB(err) == ERR_LIB_PEM
>>>               && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
>>>             BIO_free(bio);
>>>             return -1;
>>>         }
>>>         while (SSL_ERR_get() > 0) ;
>>>     }
>>>     BIO_free(bio);
>>>     return n;
>>> }
>>>
>>> /*
>>>  * This OpenSSL callback function is called when OpenSSL
>>>  * does client authentication and verifies the certificate chain.
>>>  */
>>>
>>>
>>> int SSL_callback_SSL_verify(int ok, X509_STORE_CTX *ctx)
>>> {
>>>      printf("SSL_callback_SSL_verify\n");
>>> /* Get Apache context back through OpenSSL context */
>>>     SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
>>>                                          
>>> SSL_get_ex_data_X509_STORE_CTX_idx());
>>>     tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)SSL_get_app_data(ssl);
>>>     /* Get verify ingredients */
>>>     int errnum   = X509_STORE_CTX_get_error(ctx);
>>>     int errdepth = X509_STORE_CTX_get_error_depth(ctx);
>>>     int verify   = con->ctx->verify_mode;
>>>     int depth    = con->ctx->verify_depth;
>>>
>>> #if defined(SSL_OP_NO_TLSv1_3)
>>>     con->pha_state = PHA_COMPLETE;
>>> #endif
>>>
>>>     if (verify == SSL_CVERIFY_UNSET ||
>>>         verify == SSL_CVERIFY_NONE) {
>>>         return 1;
>>>     }
>>>
>>>     if (SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) &&
>>>         (verify == SSL_CVERIFY_OPTIONAL_NO_CA)) {
>>>         ok = 1;
>>>         SSL_set_verify_result(ssl, X509_V_OK);
>>>     }
>>>
>>>     /*
>>>      * Expired certificates vs. "expired" CRLs: by default, OpenSSL
>>>      * turns X509_V_ERR_CRL_HAS_EXPIRED into a "certificate_expired(45)"
>>>      * SSL alert, but that's not really the message we should convey
>>> to the
>>>      * peer (at the very least, it's confusing, and in many cases,
>>> it's also
>>>      * inaccurate, as the certificate itself may very well not have
>>> expired
>>>      * yet). We set the X509_STORE_CTX error to something which
>>> OpenSSL's
>>>      * s3_both.c:ssl_verify_alarm_type() maps to
>>> SSL_AD_CERTIFICATE_UNKNOWN,
>>>      * i.e. the peer will receive a "certificate_unknown(46)" alert.
>>>      * We do not touch errnum, though, so that later on we will still
>>> log
>>>      * the "real" error, as returned by OpenSSL.
>>>      */
>>>     if (!ok && errnum == X509_V_ERR_CRL_HAS_EXPIRED) {
>>>         X509_STORE_CTX_set_error(ctx, -1);
>>>     }
>>>
>>> #ifdef HAVE_OCSP_STAPLING
>>>     /* First perform OCSP validation if possible */
>>>     if (ok) {
>>>         /* If there was an optional verification error, it's not
>>>          * possible to perform OCSP validation since the issuer may be
>>>          * missing/untrusted.  Fail in that case.
>>>          */
>>>         if (SSL_VERIFY_ERROR_IS_OPTIONAL(errnum)) {
>>>             X509_STORE_CTX_set_error(ctx,
>>> X509_V_ERR_APPLICATION_VERIFICATION);
>>>             errnum = X509_V_ERR_APPLICATION_VERIFICATION;
>>>             ok = 0;
>>>         }
>>>         else {
>>>             int ocsp_response = ssl_verify_OCSP(ctx);
>>>             if (ocsp_response == OCSP_STATUS_REVOKED) {
>>>                 ok = 0 ;
>>>                 errnum = X509_STORE_CTX_get_error(ctx);
>>>             }
>>>             else if (ocsp_response == OCSP_STATUS_UNKNOWN) {
>>>                 /* TODO: do nothing for time being */
>>>                 ;
>>>             }
>>>         }
>>>     }
>>> #endif
>>>     /*
>>>      * If we already know it's not ok, log the real reason
>>>      */
>>>     if (!ok) {
>>>         /* TODO: Some logging
>>>          * Certificate Verification: Error
>>>          */
>>>         if (con->peer) {
>>>             X509_free(con->peer);
>>>             con->peer = NULL;
>>>         }
>>>     }
>>>     if (errdepth > depth) {
>>>         /* TODO: Some logging
>>>          * Certificate Verification: Certificate Chain too long
>>>          */
>>>         ok = 0;
>>>     }
>>>     return ok;
>>> }
>>>
>>> /*
>>>  * This callback function is executed while OpenSSL processes the SSL
>>>  * handshake and does SSL record layer stuff.  It's used to trap
>>>  * client-initiated renegotiations, and for dumping everything to the
>>>  * log.
>>>  */
>>> void SSL_callback_handshake(const SSL *ssl, int where, int rc)
>>> {
>>>          printf("SSL_callback_handshake\n");
>>>  tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)SSL_get_app_data(ssl);
>>> #ifdef HAVE_TLSV1_3
>>>     const SSL_SESSION *session = SSL_get_session(ssl);
>>> #endif
>>>
>>>     /* Retrieve the conn_rec and the associated SSLConnRec. */
>>>     if (con == NULL) {
>>>         return;
>>>     }
>>>
>>> #ifdef HAVE_TLSV1_3
>>>     /* TLS 1.3 does not use renegotiation so do not update the
>>> renegotiation
>>>      * state once we know we are using TLS 1.3. */
>>>     if (session != NULL) {
>>>         if (SSL_SESSION_get_protocol_version(session) ==
>>> TLS1_3_VERSION) {
>>>             return;
>>>         }
>>>     }
>>> #endif
>>>
>>>     /* If the reneg state is to reject renegotiations, check the SSL
>>>      * state machine and move to ABORT if a Client Hello is being
>>>      * read. */
>>>     if ((where & SSL_CB_HANDSHAKE_START) &&
>>>          con->reneg_state == RENEG_REJECT) {
>>>         con->reneg_state = RENEG_ABORT;
>>>     }
>>>     /* If the first handshake is complete, change state to reject any
>>>      * subsequent client-initated renegotiation. */
>>>     else if ((where & SSL_CB_HANDSHAKE_DONE) && con->reneg_state ==
>>> RENEG_INIT) {
>>>         con->reneg_state = RENEG_REJECT;
>>>     }
>>> }
>>>
>>> int SSL_callback_next_protos(SSL *ssl, const unsigned char **data,
>>>                              unsigned int *len, void *arg)
>>> {
>>>       printf("SSL_callback_next_protos\n");
>>> tcn_ssl_ctxt_t *ssl_ctxt = arg;
>>>
>>>     *data = ssl_ctxt->next_proto_data;
>>>     *len = ssl_ctxt->next_proto_len;
>>>
>>>     return SSL_TLSEXT_ERR_OK;
>>> }
>>>
>>> /* The code here is inspired by nghttp2
>>>  *
>>>  * See
>>> https://github.com/tatsuhiro-t/nghttp2/blob/ae0100a9abfcf3149b8d9e62aae216e946b517fb/src/shrpx_ssl.cc#L244
>>> */
>>> int select_next_proto(SSL *ssl, const unsigned char **out, unsigned
>>> char *outlen,
>>>         const unsigned char *in, unsigned int inlen, unsigned char
>>> *supported_protos,
>>>         unsigned int supported_protos_len, int failure_behavior) {
>>>    printf("select_next_proto\n");
>>>
>>>     unsigned int i = 0;
>>>     unsigned char target_proto_len;
>>>     const unsigned char *p;
>>>     const unsigned char *end;
>>>     const unsigned char *proto;
>>>     unsigned char proto_len = '\0';
>>>
>>>     while (i < supported_protos_len) {
>>>         target_proto_len = *supported_protos;
>>>         ++supported_protos;
>>>
>>>         p = in;
>>>         end = in + inlen;
>>>
>>>         while (p < end) {
>>>             proto_len = *p;
>>>             proto = ++p;
>>>
>>>             if (proto + proto_len <= end && target_proto_len ==
>>> proto_len &&
>>>                     memcmp(supported_protos, proto, proto_len) == 0) {
>>>
>>>                 // We found a match, so set the output and return
>>> with OK!
>>>                 *out = proto;
>>>                 *outlen = proto_len;
>>>
>>>                 return SSL_TLSEXT_ERR_OK;
>>>             }
>>>             // Move on to the next protocol.
>>>             p += proto_len;
>>>         }
>>>
>>>         // increment len and pointers.
>>>         i += target_proto_len;
>>>         supported_protos += target_proto_len;
>>>     }
>>>
>>>     if (supported_protos_len > 0 && inlen > 0 && failure_behavior ==
>>> SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL) {
>>>          // There were no match but we just select our last protocol
>>> and hope the other peer support it.
>>>          //
>>>          // decrement the pointer again so the pointer points to the
>>> start of the protocol.
>>>          p -= proto_len;
>>>          *out = p;
>>>          *outlen = proto_len;
>>>          return SSL_TLSEXT_ERR_OK;
>>>     }
>>>     // TODO: OpenSSL currently not support to fail with fatal error.
>>> Once this changes we can also support it here.
>>>     //       Issue https://github.com/openssl/openssl/issues/188 has
>>> been created for this.
>>>     // Nothing matched so not select anything and just accept.
>>>     return SSL_TLSEXT_ERR_NOACK;
>>> }
>>>
>>> int SSL_callback_select_next_proto(SSL *ssl, unsigned char **out,
>>> unsigned char *outlen,
>>>                          const unsigned char *in, unsigned int inlen,
>>>                          void *arg) {
>>>     printf("ssl_callback_select_next_proto\n");
>>>     tcn_ssl_ctxt_t *ssl_ctxt = arg;
>>>     return select_next_proto(ssl, (const unsigned char **) out,
>>> outlen, in, inlen, ssl_ctxt->next_proto_data,
>>> ssl_ctxt->next_proto_len, ssl_ctxt->next_selector_failure_behavior);
>>> }
>>>
>>> int SSL_callback_alpn_select_proto(SSL* ssl, const unsigned char
>>> **out, unsigned char *outlen,
>>>         const unsigned char *in, unsigned int inlen, void *arg) {
>>>     tcn_ssl_ctxt_t *ssl_ctxt = arg;
>>>       printf("ssl_callback_alpn_select_proto\n");
>>>     return select_next_proto(ssl, out, outlen, in, inlen,
>>> ssl_ctxt->alpn_proto_data, ssl_ctxt->alpn_proto_len,
>>> ssl_ctxt->alpn_selector_failure_behavior);
>>> }
>>> #ifdef HAVE_OCSP_STAPLING
>>>
>>> /* Function that is used to do the OCSP verification */
>>> static int ssl_verify_OCSP(X509_STORE_CTX *ctx)
>>> {
>>>      printf("ssl_verify_OCSP\n");
>>>
>>> X509 *cert, *issuer;
>>>     int r = OCSP_STATUS_UNKNOWN;
>>>      printf("Hello, OCSP\n");
>>>     cert = X509_STORE_CTX_get_current_cert(ctx);
>>>
>>>     if (!cert) {
>>>        printf("CERT NOT OK\n");
>>>  /* starting with OpenSSL 1.0, X509_STORE_CTX_get_current_cert()
>>>          * may yield NULL. Return early, but leave the ctx error as
>>> is. */
>>>         return OCSP_STATUS_UNKNOWN;
>>>     }
>>> #if OPENSSL_VERSION_NUMBER < 0x10100000L
>>>     else if (cert->valid && X509_check_issued(cert,cert) == X509_V_OK) {
>>> #else
>>>     /* No need to check cert->valid, because ssl_verify_OCSP() only
>>>      * is called if OpenSSL already successfully verified the
>>> certificate
>>>      * (parameter "ok" in SSL_callback_SSL_verify() must be true).
>>>      */
>>>     else if (X509_check_issued(cert,cert) == X509_V_OK) {
>>> #endif
>>>         /* don't do OCSP checking for valid self-issued certs */
>>>         X509_STORE_CTX_set_error(ctx, X509_V_OK);
>>>         return OCSP_STATUS_UNKNOWN;
>>>     }
>>>
>>>     /* if we can't get the issuer, we cannot perform OCSP
>>> verification */
>>>     issuer = X509_STORE_CTX_get0_current_issuer(ctx);
>>>     if (issuer != NULL) {
>>>         r = ssl_ocsp_request(cert, issuer, ctx);
>>>         switch (r) {
>>>         case OCSP_STATUS_OK:
>>>             X509_STORE_CTX_set_error(ctx, X509_V_OK);
>>>             break;
>>>         case OCSP_STATUS_REVOKED:
>>>             /* we set the error if we know that it is revoked */
>>>             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
>>>             break;
>>>         case OCSP_STATUS_UNKNOWN:
>>>             /* ssl_ocsp_request() sets the error correctly already. */
>>>             break;
>>>         }
>>>     }
>>>     return r;
>>> }
>>>
>>>
>>> /* Helps with error handling or realloc */
>>> static void *apr_xrealloc(void *buf, size_t oldlen, size_t len,
>>> apr_pool_t *p)
>>> {
>>>       printf("apr_xrealloc\n");
>>> void *newp = apr_palloc(p, len);
>>>
>>>     if(newp)
>>>         memcpy(newp, buf, oldlen);
>>>     return newp;
>>> }
>>>
>>> /* Parses an ASN.1 length.
>>>  * On entry, asn1 points to the current tag.
>>>  * Updates the pointer to the ASN.1 structure to point to the start
>>> of the data.
>>>  * Returns 0 on success, 1 on failure.
>>>  */
>>> static int parse_asn1_length(unsigned char **asn1, int *len) {
>>>   printf("parse_asn1_length\n");
>>>     /* Length immediately follows tag so increment before reading
>>> first (and
>>>      * possibly only) length byte.
>>>      */
>>>     (*asn1)++;
>>>
>>>     if (**asn1 & 0x80) {
>>>         // MSB set. Remaining bits are number of bytes used to store
>>> the length.
>>>         int i, l;
>>>
>>>         // How many bytes for this length?
>>>         i = **asn1 & 0x7F;
>>>
>>>         if (i == 0) {
>>>             /* This is the indefinite form of length. Since
>>> certificates use DER
>>>              * this should never happen and is therefore an error.
>>>              */
>>>             return 1;
>>>         }
>>>         if (i > 3) {
>>>             /* Three bytes for length gives a maximum of 16MB which
>>> should be
>>>              * far more than is required. (2 bytes is 64K which is
>>> probably more
>>>              * than enough but play safe.)
>>>              */
>>>             return 1;
>>>         }
>>>
>>>         // Most significant byte is first
>>>         l = 0;
>>>         while (i > 0) {
>>>             l <<= 8;
>>>             (*asn1)++;
>>>             l += **asn1;
>>>             i--;
>>>         }
>>>         *len = l;
>>>     } else {
>>>         // Single byte length
>>>         *len = **asn1;
>>>     }
>>>
>>>     (*asn1)++;
>>>
>>>     return 0;
>>> }
>>>
>>> /* parses the ocsp url and updates the ocsp_urls and nocsp_urls
>>> variables
>>>    returns 0 on success, 1 on failure */
>>> static int parse_ocsp_url(unsigned char *asn1, char ***ocsp_urls,
>>>                           int *nocsp_urls, apr_pool_t *p)
>>> {
>>>   printf("parse_ocsp_url\n");
>>>     char **new_ocsp_urls, *ocsp_url;
>>>     int len, err = 0, new_nocsp_urls;
>>>
>>>     if (*asn1 == ASN1_STRING) {
>>>         err = parse_asn1_length(&asn1, &len);
>>>
>>>         if (!err) {
>>>             new_nocsp_urls = *nocsp_urls+1;
>>>             if ((new_ocsp_urls = apr_xrealloc(*ocsp_urls,*nocsp_urls,
>>> new_nocsp_urls, p)) == NULL)
>>>                 err = 1;
>>>         }
>>>         if (!err) {
>>>             *ocsp_urls  = new_ocsp_urls;
>>>             *nocsp_urls = new_nocsp_urls;
>>>             *(*ocsp_urls + *nocsp_urls) = NULL;
>>>             if ((ocsp_url = apr_palloc(p, len + 1)) == NULL) {
>>>                 err = 1;
>>>             }
>>>             else {
>>>                 memcpy(ocsp_url, asn1, len);
>>>                 ocsp_url[len] = '\0';
>>>                 *(*ocsp_urls + *nocsp_urls - 1) = ocsp_url;
>>>             }
>>>         }
>>>     }
>>>     return err;
>>>
>>> }
>>>
>>> /* parses the ANS1 OID and if it is an OCSP OID then calls the
>>> parse_ocsp_url function */
>>> static int parse_ASN1_OID(unsigned char *asn1, char ***ocsp_urls, int
>>> *nocsp_urls, apr_pool_t *p)
>>> {
>>>   printf("PARSE  OCSP_OID\n");
>>>   int len, err = 0 ;
>>>     const unsigned char OCSP_OID[] = {0x2b, 0x06, 0x01, 0x05, 0x05,
>>> 0x07, 0x30, 0x01};
>>>
>>>     err = parse_asn1_length(&asn1, &len);
>>>
>>>     if (!err && len == 8 && memcmp(asn1, OCSP_OID, 8) == 0) {
>>>         asn1+=len;
>>>         err = parse_ocsp_url(asn1, ocsp_urls, nocsp_urls, p);
>>>     }
>>>     return err;
>>> }
>>>
>>>
>>> /* Parses an ASN1 Sequence. It is a recursive function, since if it
>>> finds a  sequence
>>>    within the sequence it calls recursively itself. This function
>>> stops when it finds
>>>    the end of the ASN1 sequence (marked by '\0'), so if there are
>>> other sequences within
>>>    the same sequence the while loop parses the sequences */
>>>
>>> /* This algo was developed with AIA in mind so it was tested only
>>> with this extension */
>>> static int parse_ASN1_Sequence(unsigned char *asn1, char ***ocsp_urls,
>>>                                int *nocsp_urls, apr_pool_t *p)
>>> {
>>>      printf("parse_ASN1_Sequence\n");
>>>
>>>  int len = 0 , err = 0;
>>>
>>>     while (!err && *asn1 != '\0') {
>>>         switch(*asn1) {
>>>             case ASN1_SEQUENCE:
>>>                 err = parse_asn1_length(&asn1, &len);
>>>                 if (!err) {
>>>                     err = parse_ASN1_Sequence(asn1, ocsp_urls,
>>> nocsp_urls, p);
>>>                 }
>>>             break;
>>>             case ASN1_OID:
>>>                 err = parse_ASN1_OID(asn1,ocsp_urls,nocsp_urls, p);
>>>                 return err;
>>>             break;
>>>             default:
>>>                 err = 1; /* we shouldn't have any errors */
>>>             break;
>>>         }
>>>         asn1+=len;
>>>     }
>>>     return err;
>>> }
>>>
>>> /* the main function that gets the ASN1 encoding string and returns
>>>    a pointer to a NULL terminated "array" of char *, that contains
>>>    the ocsp_urls */
>>> static char **decode_OCSP_url(ASN1_OCTET_STRING *os, apr_pool_t *p)
>>> {
>>>         printf("decode_OCSP_url\n");
>>>
>>> char **response = NULL;
>>>     unsigned char *ocsp_urls;
>>>     int len, numofresponses = 0 ;
>>>
>>>     len = ASN1_STRING_length(os);
>>>
>>>     ocsp_urls = apr_palloc(p,  len + 1);
>>>     memcpy(ocsp_urls,os->data, len);
>>>     ocsp_urls[len] = '\0';
>>>
>>>     if ((response = apr_pcalloc(p, sizeof(char *))) == NULL)
>>>         return NULL;
>>>     if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p))
>>>         response = NULL;
>>>     return response;
>>> }
>>>
>>>
>>> /* stolen from openssl ocsp command */
>>> static int add_ocsp_cert(OCSP_REQUEST *req, X509 *cert, X509 *issuer)
>>> {
>>>       printf("add_ocsp_cert\n");
>>> OCSP_CERTID *id;
>>>
>>>     if (!issuer)
>>>         return 0;
>>>     id = OCSP_cert_to_id(NULL, cert, issuer);
>>>     if (!id)
>>>         return 0;
>>>     if (!OCSP_request_add0_id(req, id)) {
>>>         OCSP_CERTID_free(id);
>>>         return 0;
>>>     } else {
>>>         /* id will be freed by OCSP_REQUEST_free() */
>>>         return 1;
>>>     }
>>> }
>>>
>>>
>>> /* Creates the APR socket and connect to the hostname. Returns the
>>>    socket or NULL if there is an error.
>>> */
>>> static apr_socket_t *make_socket(char *hostname, int port, apr_pool_t
>>> *mp)
>>> {
>>>      printf("*make_socket\n");
>>> apr_sockaddr_t *sa_in;
>>>     apr_status_t status;
>>>     apr_socket_t *sock = NULL;
>>>
>>>
>>>     status = apr_sockaddr_info_get(&sa_in, hostname, APR_INET, port,
>>> 0, mp);
>>>
>>>     if (status == APR_SUCCESS)
>>>         status = apr_socket_create(&sock, sa_in->family, SOCK_STREAM,
>>> APR_PROTO_TCP, mp);
>>>     if (status == APR_SUCCESS)
>>>         status = apr_socket_connect(sock, sa_in);
>>>
>>>     if (status == APR_SUCCESS)
>>>         return sock;
>>>     return NULL;
>>> }
>>>
>>>
>>> /* Creates the request in a memory BIO in order to send it to the
>>> OCSP server.
>>>    Most parts of this function are taken from mod_ssl support for
>>> OCSP (with some
>>>    minor modifications
>>> */
>>> static BIO *serialize_request(OCSP_REQUEST *req, char *host, int
>>> port, char *path)
>>> {
>>>     printf("serialize_request\n");
>>> BIO *bio;
>>>     int len;
>>>
>>>     len = i2d_OCSP_REQUEST(req, NULL);
>>>
>>>     bio = BIO_new(BIO_s_mem());
>>>
>>>     BIO_printf(bio, "POST %s HTTP/1.0\r\n"
>>>       "Host: %s:%d\r\n"
>>>       "Content-Type: application/ocsp-request\r\n"
>>>       "Content-Length: %d\r\n"
>>>       "\r\n",
>>>       path, host, port, len);
>>>
>>>     if (i2d_OCSP_REQUEST_bio(bio, req) != 1) {
>>>         BIO_free(bio);
>>>         return NULL;
>>>     }
>>>
>>>     return bio;
>>> }
>>>
>>>
>>> /* Send the OCSP request to the OCSP server. Taken from mod_ssl OCSP
>>> support */
>>> static int ocsp_send_req(apr_socket_t *sock, BIO *req)
>>> {
>>>     printf("ocsp_send_req\n");
>>> int len;
>>>     char buf[TCN_BUFFER_SZ];
>>>     apr_status_t rv;
>>>
>>>     while ((len = BIO_read(req, buf, sizeof buf)) > 0) {
>>>         char *wbuf = buf;
>>>         apr_size_t remain = len;
>>>
>>>         do {
>>>             apr_size_t wlen = remain;
>>>             rv = apr_socket_send(sock, wbuf, &wlen);
>>>             wbuf += remain;
>>>             remain -= wlen;
>>>         } while (rv == APR_SUCCESS && remain > 0);
>>>
>>>         if (rv != APR_SUCCESS) {
>>>             return 0;
>>>         }
>>>     }
>>>
>>>     return 1;
>>> }
>>>
>>>
>>>
>>> /* Parses the buffer from the response and extracts the OCSP response.
>>>    Taken from openssl library */
>>> static OCSP_RESPONSE *parse_ocsp_resp(char *buf, int len)
>>> {
>>>  printf("parse_ocsp_resp\n");
>>>    BIO *mem = NULL;
>>>     char tmpbuf[1024];
>>>     OCSP_RESPONSE *resp = NULL;
>>>     char *p, *q, *r;
>>>     int retcode;
>>>
>>>     mem = BIO_new(BIO_s_mem());
>>>     if(mem == NULL)
>>>         return NULL;
>>>
>>>     BIO_write(mem, buf, len);  /* write the buffer to the bio */
>>>     if (BIO_gets(mem, tmpbuf, 512) <= 0) {
>>> #if OPENSSL_VERSION_NUMBER < 0x10100000L
>>>        
>>> OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
>>> #endif
>>>         goto err;
>>>     }
>>>     /* Parse the HTTP response. This will look like this:
>>>      * "HTTP/1.0 200 OK". We need to obtain the numeric code and
>>>      * (optional) informational message.
>>>      */
>>>
>>>     /* Skip to first white space (passed protocol info) */
>>>     for (p = tmpbuf; *p && !apr_isspace(*p); p++)
>>>         continue;
>>>     if (!*p) {
>>>         goto err;
>>>     }
>>>     /* Skip past white space to start of response code */
>>>     while (apr_isspace(*p))
>>>         p++;
>>>     if (!*p) {
>>>         goto err;
>>>     }
>>>     /* Find end of response code: first whitespace after start of
>>> code */
>>>     for (q = p; *q && !apr_isspace(*q); q++)
>>>         continue;
>>>     if (!*q) {
>>>         goto err;
>>>     }
>>>     /* Set end of response code and start of message */
>>>     *q++ = 0;
>>>     /* Attempt to parse numeric code */
>>>     retcode = strtoul(p, &r, 10);
>>>     if (*r)
>>>         goto err;
>>>     /* Skip over any leading white space in message */
>>>     while (apr_isspace(*q))
>>>         q++;
>>>     if (*q) {
>>>         /* Finally zap any trailing white space in message (include
>>> CRLF) */
>>>         /* We know q has a non white space character so this is OK */
>>>         for(r = q + strlen(q) - 1; apr_isspace(*r); r--) *r = 0;
>>>     }
>>>     if (retcode != 200) {
>>>         goto err;
>>>     }
>>>     /* Find blank line marking beginning of content */
>>>     while (BIO_gets(mem, tmpbuf, 512) > 0) {
>>>         for (p = tmpbuf; apr_isspace(*p); p++)
>>>             continue;
>>>         if (!*p)
>>>             break;
>>>     }
>>>     if (*p) {
>>>         goto err;
>>>     }
>>>     if (!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
>>>         goto err;
>>>     }
>>> err:
>>>     /* XXX No error logging? */
>>>     BIO_free(mem);
>>>     return resp;
>>> }
>>>
>>>
>>> /* Reads the response from the APR socket to a buffer, and parses the
>>> buffer to
>>>    return the OCSP response  */
>>> #define ADDLEN 512
>>> static OCSP_RESPONSE *ocsp_get_resp(apr_pool_t *mp, apr_socket_t *sock)
>>> {
>>>      printf("ocsp_get_resp\n");
>>> int buflen;
>>>     apr_size_t totalread = 0;
>>>     apr_size_t readlen;
>>>     char *buf, tmpbuf[ADDLEN];
>>>     apr_status_t rv = APR_SUCCESS;
>>>     apr_pool_t *p;
>>>     OCSP_RESPONSE *resp;
>>>
>>>     apr_pool_create(&p, mp);
>>>     buflen = ADDLEN;
>>>     buf = apr_palloc(p, buflen);
>>>     if (buf == NULL) {
>>>         apr_pool_destroy(p);
>>>         return NULL;
>>>     }
>>>
>>>     while (rv == APR_SUCCESS ) {
>>>         readlen = sizeof(tmpbuf);
>>>         rv = apr_socket_recv(sock, tmpbuf, &readlen);
>>>         if (rv == APR_SUCCESS) { /* if we have read something .. we
>>> can put it in the buffer*/
>>>             if ((totalread + readlen) >= buflen) {
>>>                 buf = apr_xrealloc(buf, buflen, buflen + ADDLEN, p);
>>>                 if (buf == NULL) {
>>>                     apr_pool_destroy(p);
>>>                     return NULL;
>>>                 }
>>>                 buflen += ADDLEN; /* if needed we enlarge the buffer */
>>>             }
>>>             memcpy(buf + totalread, tmpbuf, readlen); /* the copy to
>>> the buffer */
>>>             totalread += readlen; /* update the total bytes read */
>>>         }
>>>         else {
>>>             if (rv == APR_EOF && readlen == 0)
>>>                 ; /* EOF, normal situation */
>>>             else if (readlen == 0) {
>>>                 /* Not success, and readlen == 0 .. some error */
>>>                 apr_pool_destroy(p);
>>>                 return NULL;
>>>             }
>>>         }
>>>     }
>>>
>>>     resp = parse_ocsp_resp(buf, buflen);
>>>     apr_pool_destroy(p);
>>>     return resp;
>>> }
>>>
>>> /* Creates and OCSP request and returns the OCSP_RESPONSE */
>>> static OCSP_RESPONSE *get_ocsp_response(apr_pool_t *p, X509 *cert,
>>> X509 *issuer, char *url)
>>> {
>>>        printf("get_ocsp_response\n");
>>> OCSP_RESPONSE *ocsp_resp = NULL;
>>>     OCSP_REQUEST *ocsp_req = NULL;
>>>     BIO *bio_req;
>>>     char *hostname, *path, *c_port;
>>>     int port, use_ssl;
>>>     int ok = 0;
>>>     apr_socket_t *apr_sock = NULL;
>>>     apr_pool_t *mp;
>>>
>>>     if (OCSP_parse_url(url,&hostname, &c_port, &path, &use_ssl) == 0 )
>>>         goto end;
>>>
>>>     if (sscanf(c_port, "%d", &port) != 1)
>>>         goto end;
>>>
>>>     /* Create the OCSP request */
>>>     ocsp_req = OCSP_REQUEST_new();
>>>     if (ocsp_req == NULL)
>>>         goto end;
>>>
>>>     if (add_ocsp_cert(ocsp_req,cert,issuer) == 0 )
>>>         goto free_req;
>>>
>>>     /* create the BIO with the request to send */
>>>     bio_req = serialize_request(ocsp_req, hostname, port, path);
>>>     if (bio_req == NULL) {
>>>         goto free_req;
>>>     }
>>>
>>>     apr_pool_create(&mp, p);
>>>     apr_sock = make_socket(hostname, port, mp);
>>>     if (apr_sock == NULL) {
>>>         goto free_bio;
>>>     }
>>>
>>>     ok = ocsp_send_req(apr_sock, bio_req);
>>>     if (ok) {
>>>         ocsp_resp = ocsp_get_resp(mp, apr_sock);
>>>     }
>>>     apr_socket_close(apr_sock);
>>>
>>> free_bio:
>>>     BIO_free(bio_req);
>>>     apr_pool_destroy(mp);
>>>
>>> free_req:
>>>     OCSP_REQUEST_free(ocsp_req);
>>>
>>> end:
>>>     OPENSSL_free(hostname);
>>>     OPENSSL_free(c_port);
>>>     OPENSSL_free(path);
>>>
>>>     return ocsp_resp;
>>> }
>>>
>>> /* Process the OCSP_RESPONSE and returns the corresponding
>>>    answert according to the status.
>>> */
>>> static int process_ocsp_response(OCSP_RESPONSE *ocsp_resp, X509
>>> *cert, X509 *issuer)
>>> {
>>>        printf("process_ocsp_response\n");
>>> int r, o = V_OCSP_CERTSTATUS_UNKNOWN, i;
>>>     OCSP_BASICRESP *bs;
>>>     OCSP_SINGLERESP *ss;
>>>     OCSP_CERTID *certid;
>>>
>>>     r = OCSP_response_status(ocsp_resp);
>>>
>>>     if (r != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
>>>         return OCSP_STATUS_UNKNOWN;
>>>     }
>>>     bs = OCSP_response_get1_basic(ocsp_resp);
>>>
>>>     certid = OCSP_cert_to_id(NULL, cert, issuer);
>>>     if (certid == NULL) {
>>>         return OCSP_STATUS_UNKNOWN;
>>>     }
>>>     ss = OCSP_resp_get0(bs, OCSP_resp_find(bs, certid, -1)); /* find
>>> by serial number and get the matching response */
>>>
>>>
>>>     i = OCSP_single_get0_status(ss, NULL, NULL, NULL, NULL);
>>>     if (i == V_OCSP_CERTSTATUS_GOOD)
>>>         o =  OCSP_STATUS_OK;
>>>     else if (i == V_OCSP_CERTSTATUS_REVOKED)
>>>         o = OCSP_STATUS_REVOKED;
>>>     else if (i == V_OCSP_CERTSTATUS_UNKNOWN)
>>>         o = OCSP_STATUS_UNKNOWN;
>>>
>>>     /* we clean up */
>>>     OCSP_CERTID_free(certid);
>>>     OCSP_BASICRESP_free(bs);
>>>     return o;
>>> }
>>>
>>> static int ssl_ocsp_request(X509 *cert, X509 *issuer, X509_STORE_CTX
>>> *ctx)
>>> {
>>>      printf("ssl_ocsp_request\n");
>>>    char **ocsp_urls = NULL;
>>>     int nid;
>>>     X509_EXTENSION *ext;
>>>     ASN1_OCTET_STRING *os;
>>>     apr_pool_t *p;
>>>
>>>     apr_pool_create(&p, NULL);
>>>
>>>     /* Get the proper extension */
>>>     nid = X509_get_ext_by_NID(cert,NID_info_access,-1);
>>>     if (nid >= 0 ) {
>>>         ext = X509_get_ext(cert,nid);
>>>         os = X509_EXTENSION_get_data(ext);
>>>
>>>         ocsp_urls = decode_OCSP_url(os, p);
>>>     }
>>>      printf("OCSP request\n");
>>>
>>>     /* if we find the extensions and we can parse it check
>>>        the ocsp status. Otherwise, return OCSP_STATUS_UNKNOWN */
>>>     if (ocsp_urls != NULL) {
>>>     printf("ocsp url not null\n");
>>>         OCSP_RESPONSE *resp;
>>>         int rv = OCSP_STATUS_UNKNOWN;
>>>         /* for the time being just check for the fist response .. a
>>> better
>>>            approach is to iterate for all the possible ocsp urls */
>>>         resp = get_ocsp_response(p, cert, issuer, ocsp_urls[0]);
>>>         if (resp != NULL) {
>>>             rv = process_ocsp_response(resp, cert, issuer);
>>>         } else {
>>>             /* correct error code for application errors? */
>>>             X509_STORE_CTX_set_error(ctx,
>>> X509_V_ERR_APPLICATION_VERIFICATION);
>>>         }
>>>
>>>         if (resp != NULL) {
>>>             OCSP_RESPONSE_free(resp);
>>>             apr_pool_destroy(p);
>>>             return rv;
>>>         }
>>>     }
>>>     apr_pool_destroy(p);
>>>     return OCSP_STATUS_UNKNOWN;
>>> }
>>>
>>> #endif /* HAVE_OCSP_STAPLING */
>>> #endif /* HAVE_OPENSSL  */
>>>
>>>
>>>
>>>
>>> -----------------------------------------tomcat log
>>> 27-May-2019 14:15:59.727 INFO [main]
>>> org.apache.catalina.startup.Catalina.start Server startup in 31619 ms
>>>  SSL_init_app_data_idx
>>> Hi OCSP
>>> ssl_set_app_data3
>>> ssl_set_app_data4
>>> ssl_set_app_data2
>>> ssl_get_app_data3
>>> ssl_get_app_data4
>>> ssl_get_app_data4
>>> SSL_dh_GetParamFromFile
>>> SSL_ec_GetParamFromFile
>>> SSL_CTX_use_certificate_chain
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_next_protos
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_next_protos
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_next_protos
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_next_protos
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_next_protos
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callback_alpn_select_proto
>>> select_next_proto
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_set_app_data2
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> SSL_callback_handshake
>>> ssl_callbac
>>>
>>>
>>>
>>> ________________________________
>>> От: Усманов Азат Анварович <usmanov@ieml.ru>
>>> Отправлено: 24 мая 2019 г. 7:21
>>> Кому: Tomcat Users List
>>> Тема: Re: OCSP with openSSL
>>>
>>>
>>>
>>> Chris,
>>> Yes the version is the same in
>>> /usr/local/openssl/bin/openssl as well.
>>> It is the same version Tomcat uses,I get this info in the logs
>>>
>>> 23-May-2019 12:55:42.145 INFO [main] org.apache.catalina.core.AprLife
>>> cycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL
>>> 1.1.1a  20 Nov 2018]
>>> ________________________________
>>> От: Christopher Schultz <chris@christopherschultz.net>
>>> Отправлено: 23 мая 2019 г. 18:04:29
>>> Кому: Усманов Азат Анварович
>>> Тема: Re: OCSP with openSSL
>>>
>>> Азат,
>>>
>>> On 5/22/19 14:02, Усманов Азат Анварович wrote:
>>>> [root] ~# openssl version
>>>> OpenSSL 1.1.1a  20 Nov 2018
>>>
>>> Great. Is this also the same version in /usr/local/openssl/bin/openssl?
>>>
>>>> [root] ~# openssl  ocsp -help
>>>> Usage: ocsp [options]
>>>
>>> Excellent.
>>>
>>> When you launch Tomcat, are you getting a message about the version of
>>> OpenSSL in use, and does it agree with above?
>>>
>>> AFAIK, OCSP is enabled by default in libtcnative. There were some posts
>>> a few months/years ago about someone trying to get it to work, and
>>> having to edit the JVM's security.properties file and all kinds of weird
>>> stuff. I must admit it didn't make any sense to me at the time. I'm
>>> sorry, but I don't personally have any experience with dealing with
>>> OCSP, but hopefully this additio0nal information will give someone else
>>> some good info.
>>>
>>> -chris
>>>
>>>> ________________________________
>>>> От: Christopher Schultz <chris@christopherschultz.net>
>>>> Отправлено: 22 мая 2019 г. 19:45
>>>> Кому: users@tomcat.apache.org
>>>> Тема: Re: OCSP with openSSL
>>>>
>>>> Усманов,
>>>>
>>>> On 5/22/19 07:28, Усманов Азат Анварович wrote:
>>>>> Mark,  I installed it  just   by  downloading  tcnative src  tar.gz
>>>>> file from tomcat  website and issued  ./configure
>>>>> --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.7.0_79
>>>>> -with-ssl=/usr/local/openssl && make && make install && make clean
>>>>> I'm not sure  how to specify any ocsp related configure options
>>>>> when building tomcat native    from source
>>>>
>>>> What is your OpenSSL version and capabilities?
>>>>
>>>> $ openssl version
>>>>
>>>> $ openssl -help
>>>>
>>>> $ openssl ocsp -help
>>>>
>>>> -chris
>>>>
>>>>> ________________________________ От: Mark Thomas
>>>>> <markt@apache.org> Отправлено: 22 мая 2019 г. 13:41 Кому:
>>>>> users@tomcat.apache.org Тема: Re: OCSP with openSSL
>>>>
>>>>> On 22/05/2019 11:28, Усманов Азат Анварович wrote:
>>>>>> Hi everyone! I have a web app running on tomcat and java 7 using
>>>>>> apr for TLS related issues. I m still unable to have OCSP
>>>>>> verification working with tomcat.
>>>>
>>>>> <snip/>
>>>>
>>>>>> I have tried running tcpdump on the server but don't' see any
>>>>>> Comodo related IP addresses in the output when I access the
>>>>>> server in question in the browser. At this point I don't know
>>>>>> what else to do, If it was java I would just put some
>>>>>> System.out.println statements in OCSP SSL related source code and
>>>>>> recompile the tomcat source, but since in my case tomcat uses
>>>>>> OpenSSL and tomcat native I'm not sure how/where to do that. the
>>>>>> only places I found in the TC-native source that mentions OCSP
>>>>>> is sslutils.c  source file. I'm not sure when/ if it is actually
>>>>>> gets called in my case. Maybe be someone with more c experience
>>>>>> c++ would help me with that.  I really want to get to the bottom
>>>>>> of this. Any help is appreciated my tomcat version  is 8.5.39 APR
>>>>>> based Apache Tomcat Native library [1.2.21] using APR version
>>>>>> [1.6.5]. Openssl version is [OpenSSL 1.1.1a  20 Nov 2018 OS:
>>>>>> Linux RHEL 6.6
>>>>
>>>>> How did you build the Tomcat Native library? Was OCSP enabled?
>>>>
>>>>> Mark
>>>>
>>>>> ---------------------------------------------------------------------
>>>>
>>>>
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message