tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: svn commit: r1843514 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslnetwork.c src/sslutils.c
Date Fri, 12 Oct 2018 12:55:07 GMT
Am 12.10.2018 um 14:40 schrieb Rainer Jung:
> Am 12.10.2018 um 14:02 schrieb Mark Thomas:
>> On 12/10/18 12:11, Rainer Jung wrote:
>>> Am 10.10.2018 um 23:54 schrieb Mark Thomas:
>>>> On 10/10/18 22:49, markt@apache.org wrote:
>>>>> Author: markt
>>>>> Date: Wed Oct 10 21:49:55 2018
>>>>> New Revision: 1843514
>>>>>
>>>>> URL: http://svn.apache.org/viewvc?rev=1843514&view=rev
>>>>> Log:
>>>>> Implement TLS 1.3 support for CLIENT-CERT when the APR/native
>>>>> connector is not configured with certificateVerification="required"
>>>>> (i.e. the equivalent of server initiated renegotiation to obtain a
>>>>> client cert)
>>>>>
>>>>> Modified:
>>>>>       tomcat/native/trunk/native/include/ssl_private.h
>>>>>       tomcat/native/trunk/native/src/sslnetwork.c
>>>>
>>>> There is a large amount of duplication in this commit for the above
>>>> file. A C programmer with more skill than me can probably find a simple
>>>> way to reduce it.
>>>
>>> I hope I have done it without breaking it in r1843645 and r1843651. It
>>> compiles with OpenSSL 1.0.2, 1.1.0 and 1.1.1 and the refactoring isn't
>>> very complex. Do you have an efficient way of testing whether I broke
>>> reneg or PHA?
>>
>> Thanks for cleaning up after me. Much appreciated.
>>
>> I've tested TLS 1.2 and TLS 1.3 with APR/native and NIO+OpenSSL and
>> reneg and PHA both work as expected.
>>
>> Many thanks,
> 
> Thanks for doing the hard part of it :)

Sorry, I forgot: of course big thanks to Chris and our community testers 
as well!

Rainer


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message