You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@apache.org on 2012/03/11 00:59:25 UTC
svn commit: r1299312 - in /tomcat/native/trunk/native/src: sslext.c
sslnetwork.c
Author: costin
Date: Sat Mar 10 23:59:25 2012
New Revision: 1299312
URL: http://svn.apache.org/viewvc?rev=1299312&view=rev
Log:
Small fix for ssl_read/ssl_write if the socket is not blocking. Tomcat is not currently using apr
in non blocking mode, so it shouldn't be affected. Without the fix read would block.
Also added/fixed methods in sslext to set the mode - needed for non-blocking write.
Modified:
tomcat/native/trunk/native/src/sslext.c
tomcat/native/trunk/native/src/sslnetwork.c
Modified: tomcat/native/trunk/native/src/sslext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslext.c?rev=1299312&r1=1299311&r2=1299312&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslext.c (original)
+++ tomcat/native/trunk/native/src/sslext.c Sat Mar 10 23:59:25 2012
@@ -436,20 +436,38 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, debug)(
return 0;
}
-TCN_IMPLEMENT_CALL( jint, SSLExt, sslSetMode)(TCN_STDARGS, jlong tcsock, jint jmode)
+TCN_IMPLEMENT_CALL( jlong, SSLExt, sslSetMode)(TCN_STDARGS, jlong tcsock, jlong jmode)
{
tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
- int mode = SSL_get_mode(tcssl->ssl);
+ return (jlong) SSL_set_mode(tcssl->ssl, (long) jmode);
+}
+
+TCN_IMPLEMENT_CALL( jlong, SSLExt, sslCtxSetMode)(TCN_STDARGS, jlong tc_ssl_ctx, jlong jmode)
+{
+ tcn_ssl_ctxt_t *sslctx = J2P(tc_ssl_ctx, tcn_ssl_ctxt_t *);
+
+ return (jlong) SSL_CTX_set_mode(sslctx->ctx, (long) jmode);
+}
+
+TCN_IMPLEMENT_CALL( jstring, SSLExt, sslErrReasonErrorString)(TCN_STDARGS)
+{
+ const char * err = ERR_reason_error_string(ERR_get_error());
+ jstring res = 0;
- mode |= jmode;
- SSL_set_mode(tcssl->ssl, mode);
+ if (err != 0) {
+ res = AJP_TO_JSTRING(err);
+ }
- return mode;
+ return res;
}
#else
+TCN_IMPLEMENT_CALL( jstring, SSLExt, sslErrReasonErrorString)(TCN_STDARGS)
+{
+ return 0;
+}
/* OpenSSL is not supported.
* Create empty stubs.
*/
@@ -482,9 +500,13 @@ TCN_IMPLEMENT_CALL( jint, SSLExt, setTic
return (jint) -APR_ENOTIMPL;
}
-TCN_IMPLEMENT_CALL( jint, SSLExt, sslSetMode)(TCN_STDARGS, jlong tc_ssl_ctx,
- jint mode) {
- return (jint) -APR_ENOTIMPL;
+TCN_IMPLEMENT_CALL( jlong, SSLExt, sslSetMode)(TCN_STDARGS, jlong tc_ssl_ctx,
+ jlong mode) {
+ return (jlong) -APR_ENOTIMPL;
+}
+
+TCN_IMPLEMENT_CALL( jlong, SSLExt, sslCtxSetMode)(TCN_STDARGS, jlong tc_ssl_ctx, jint jmode)
+ return (jlong) -APR_ENOTIMPL;
}
#endif
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1299312&r1=1299311&r2=1299312&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslnetwork.c (original)
+++ tomcat/native/trunk/native/src/sslnetwork.c Sat Mar 10 23:59:25 2012
@@ -392,12 +392,14 @@ ssl_socket_recv(apr_socket_t *sock, char
tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)sock;
int s, i, wr = (int)(*len);
apr_status_t rv = APR_SUCCESS;
+ apr_int32_t nb;
if (con->reneg_state == RENEG_ABORT) {
*len = 0;
con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
return APR_ECONNABORTED;
}
+ apr_socket_opt_get(con->sock, APR_SO_NONBLOCK, &nb);
for (;;) {
if ((s = SSL_read(con->ssl, buf, wr)) <= 0) {
apr_status_t os = apr_get_netos_error();
@@ -418,6 +420,15 @@ ssl_socket_recv(apr_socket_t *sock, char
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
+ if (nb) {
+ if (i == SSL_ERROR_WANT_READ) {
+ *len = 0;
+ return APR_SUCCESS;
+ } else {
+ con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+ return rv;
+ }
+ }
if ((rv = wait_for_io_or_timeout(con, i)) != APR_SUCCESS) {
con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
return rv;
@@ -476,9 +487,14 @@ ssl_socket_send(apr_socket_t *sock, cons
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
- if (nb && i == SSL_ERROR_WANT_WRITE) {
- *len = 0;
- return APR_SUCCESS;
+ if (nb) {
+ if (i == SSL_ERROR_WANT_WRITE) {
+ *len = 0;
+ return APR_SUCCESS;
+ } else {
+ con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+ return rv;
+ }
}
if ((rv = wait_for_io_or_timeout(con, i)) != APR_SUCCESS) {
con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
@@ -489,6 +505,7 @@ ssl_socket_send(apr_socket_t *sock, cons
case SSL_ERROR_SSL:
if (!APR_STATUS_IS_EAGAIN(os) &&
!APR_STATUS_IS_EINTR(os)) {
+ // EINTR/EAGAIN are returned to the caller
con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
return os == APR_SUCCESS ? APR_EGENERAL : os;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org