You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2010/07/29 20:05:40 UTC
svn commit: r980527 - in /tomcat/native/trunk/native/src: ssl.c sslcontext.c
sslnetwork.c
Author: mturk
Date: Thu Jul 29 18:05:39 2010
New Revision: 980527
URL: http://svn.apache.org/viewvc?rev=980527&view=rev
Log:
Sync SSL renegotiation from 1.1.x branch
Modified:
tomcat/native/trunk/native/src/ssl.c
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/native/src/sslnetwork.c
Modified: tomcat/native/trunk/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=980527&r1=980526&r2=980527&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/ssl.c (original)
+++ tomcat/native/trunk/native/src/ssl.c Thu Jul 29 18:05:39 2010
@@ -813,6 +813,15 @@ TCN_IMPLEMENT_CALL(jstring, SSL, getLast
return tcn_new_string(e, buf);
}
+TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op)
+{
+#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+ if (op & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+ return JNI_TRUE;
+#endif
+ return JNI_FALSE;
+}
+
#else
/* OpenSSL is not supported.
* Create empty stubs.
@@ -918,4 +927,10 @@ TCN_IMPLEMENT_CALL(jstring, SSL, getLast
return NULL;
}
+TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op)
+{
+ UNREFERENCED_STDARGS;
+ UNREFERENCED(op);
+ return JNI_FALSE;
+}
#endif
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=980527&r1=980526&r2=980527&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Thu Jul 29 18:05:39 2010
@@ -230,6 +230,11 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
UNREFERENCED_STDARGS;
TCN_ASSERT(ctx != 0);
+#ifndef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+ /* Clear the flag if not supported */
+ if (opt & 0x00040000)
+ opt &= ~0x00040000;
+#endif
SSL_CTX_set_options(c->ctx, opt);
}
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=980527&r1=980526&r2=980527&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslnetwork.c (original)
+++ tomcat/native/trunk/native/src/sslnetwork.c Thu Jul 29 18:05:39 2010
@@ -448,12 +448,14 @@ ssl_socket_send(apr_socket_t *sock, cons
tcn_ssl_conn_t *con = (tcn_ssl_conn_t *)sock;
int s, i, wr = (int)(*len);
apr_status_t rv = APR_SUCCESS;
+ apr_int32_t nb;
if (con->reneg_state == RENEG_ABORT) {
*len = 0;
con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
return APR_ECONNABORTED;
}
+ apr_socket_opt_get(con->sock, APR_SO_NONBLOCK, &nb);
for (;;) {
if ((s = SSL_write(con->ssl, buf, wr)) <= 0) {
apr_status_t os = apr_get_netos_error();
@@ -469,6 +471,10 @@ ssl_socket_send(apr_socket_t *sock, cons
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
+ if (nb && i == SSL_ERROR_WANT_WRITE) {
+ *len = 0;
+ return APR_SUCCESS;
+ }
if ((rv = wait_for_io_or_timeout(con, i)) != APR_SUCCESS) {
con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
return rv;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org