You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by wr...@apache.org on 2013/01/25 07:39:18 UTC
svn commit: r1438346 - in /tomcat/native/branches/1.1.x: ./
native/src/sslcontext.c native/src/sslnetwork.c
xdocs/miscellaneous/changelog.xml
Author: wrowe
Date: Fri Jan 25 06:39:18 2013
New Revision: 1438346
URL: http://svn.apache.org/viewvc?rev=1438346&view=rev
Log:
Mladen and I seem to have been of the same mind, but we should pick up the change that Chuck suggested in the bug report as I had in r1438342, and also note a user facing change
Modified:
tomcat/native/branches/1.1.x/ (props changed)
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
Merged /tomcat/native/trunk:r1438342
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1438346&r1=1438345&r2=1438346&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Fri Jan 25 06:39:18 2013
@@ -148,7 +148,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
/* Default session context id and cache size */
SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
- (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
+ (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
&(c->context_id[0]), NULL, EVP_sha1(), NULL);
if (mode) {
SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1438346&r1=1438345&r2=1438346&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Fri Jan 25 06:39:18 2013
@@ -151,7 +151,7 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv
SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA);
SSL_set_tmp_dh_callback(ssl, SSL_callback_tmp_DH);
SSL_set_session_id_context(ssl, &(ctx->context_id[0]),
- sizeof(ctx->context_id));
+ sizeof ctx->context_id);
}
SSL_set_verify_result(ssl, X509_V_OK);
SSL_rand_seed(ctx->rand_file);
Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1438346&r1=1438345&r2=1438346&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Fri Jan 25 06:39:18 2013
@@ -38,6 +38,11 @@
</section>
<section name="Changes between 1.1.25 and 1.1.26">
<changelog>
+ <fix>
+ <bug>54468</bug>: Fix FIPS mode for listeners when using OpenSSL 1.0.1c
+ and later; resolves 'Low level API call to digest MD5 forbidden in FIPS
+ mode!' errors. (wrowe)
+ </fix>
<update>
add clearOptions function to allow access to OpenSSL's SSL_CTX_clear_options function. (schultz)
</update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1438346 - in /tomcat/native/branches/1.1.x: ./ native/src/sslcontext.c
native/src/sslnetwork.c xdocs/miscellaneous/changelog.xml
Posted by Mladen Turk <mt...@apache.org>.
On 01/25/2013 07:39 AM, wrowe@apache.org wrote:
> Author: wrowe
> Date: Fri Jan 25 06:39:18 2013
> New Revision: 1438346
>
> URL: http://svn.apache.org/viewvc?rev=1438346&view=rev
> Log:
> Mladen and I seem to have been of the same mind, but we should pick up the change that Chuck suggested in the bug report as I had in r1438342, and also note a user facing change
>
Ah, ok.
Thanks for catching this up.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org