You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2016/03/04 21:03:10 UTC
svn commit: r1733644 - /tomcat/native/trunk/native/src/sslcontext.c
Author: rjung
Date: Fri Mar 4 20:03:10 2016
New Revision: 1733644
URL: http://svn.apache.org/viewvc?rev=1733644&view=rev
Log:
Add a few warnings concerning OpenSSL 1.1.0
support.
Modified:
tomcat/native/trunk/native/src/sslcontext.c
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1733644&r1=1733643&r2=1733644&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Fri Mar 4 20:03:10 2016
@@ -1534,6 +1534,10 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
* https://android.googlesource.com/platform/external/openssl/+/master/patches/0003-jsse.patch
*/
static const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher){
+ /* XXX cipher->algorithm_mkey is no longer available in OpenSSL 1.1.0 */
+ /* One could try to extract the info from
+ * char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+ * using ugly string parsing. */
switch (cipher->algorithm_mkey)
{
case SSL_kRSA:
@@ -1584,6 +1588,11 @@ static const char* SSL_authentication_me
case SSL2_VERSION:
return SSL_TXT_RSA;
default:
+ /* XXX ssl->s3->tmp.new_cipher is no longer available in OpenSSL 1.1.0 */
+ /* https://github.com/netty/netty-tcnative/blob/1.1.33/openssl-dynamic/src/main/c/sslcontext.c
+ * contains a different method, but i think this is not correct.
+ * Instead of choosing the cipher used for the current handshake it simply
+ * uses the first cipher available during the handshake. */
return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
}
}
@@ -1638,6 +1647,7 @@ static int SSL_cert_verify(X509_STORE_CT
OPENSSL_free(buf);
}
+ /* XXX SSL_authentication_method() currently does not work/compile when used with OpenSSL 1.1.0 */
authMethod = SSL_authentication_method(ssl);
authMethodString = (*e)->NewStringUTF(e, authMethod);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org