You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2016/03/04 21:03:10 UTC

svn commit: r1733644 - /tomcat/native/trunk/native/src/sslcontext.c

Author: rjung
Date: Fri Mar  4 20:03:10 2016
New Revision: 1733644

URL: http://svn.apache.org/viewvc?rev=1733644&view=rev
Log:
Add a few warnings concerning OpenSSL 1.1.0
support.

Modified:
    tomcat/native/trunk/native/src/sslcontext.c

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1733644&r1=1733643&r2=1733644&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Fri Mar  4 20:03:10 2016
@@ -1534,6 +1534,10 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
  * https://android.googlesource.com/platform/external/openssl/+/master/patches/0003-jsse.patch
  */
 static const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher){
+    /* XXX cipher->algorithm_mkey is no longer available in OpenSSL 1.1.0 */
+    /* One could try to extract the info from
+     * char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+     * using ugly string parsing. */
     switch (cipher->algorithm_mkey)
         {
     case SSL_kRSA:
@@ -1584,6 +1588,11 @@ static const char* SSL_authentication_me
         case SSL2_VERSION:
             return SSL_TXT_RSA;
         default:
+            /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */
+            /* https://github.com/netty/netty-tcnative/blob/1.1.33/openssl-dynamic/src/main/c/sslcontext.c
+             * contains a different method, but i think this is not correct.
+             * Instead of choosing the cipher used for the current handshake it simply
+             * uses the first cipher available during the handshake. */
             return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
         }
     }
@@ -1638,6 +1647,7 @@ static int SSL_cert_verify(X509_STORE_CT
         OPENSSL_free(buf);
     }
 
+    /* XXX SSL_authentication_method() currently does not work/compile when used with OpenSSL 1.1.0 */
     authMethod = SSL_authentication_method(ssl);
     authMethodString = (*e)->NewStringUTF(e, authMethod);
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org