You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2005/07/08 09:19:10 UTC
cvs commit: jakarta-tomcat-connectors/jni/native/src sslinfo.c
mturk 2005/07/08 00:19:10
Modified: jni/java/org/apache/tomcat/jni SSL.java
jni/native/include ssl_private.h
jni/native/src sslinfo.c
Log:
Add SSL_INFO_CLIENT_CERT_CHAIN param getter.
Right now the majority of info's are returned in PEM format,
meaning with :
---BEGIN XXX ----
....
---END XXX ---
We have to see how to return the actual data in byte array if desired.
Revision Changes Path
1.21 +5 -2 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
Index: SSL.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- SSL.java 17 Jun 2005 09:41:30 -0000 1.20
+++ SSL.java 8 Jul 2005 07:19:10 -0000 1.21
@@ -203,7 +203,10 @@
public static final int SSL_INFO_SERVER_A_SIG = 0x0205;
public static final int SSL_INFO_SERVER_A_KEY = 0x0206;
public static final int SSL_INFO_SERVER_CERT = 0x0207;
-
+ /* Return client certificate chain.
+ * Add certificate chain number to that flag (0 ... verify depth)
+ */
+ public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400;
/* Return OpenSSL version number */
public static native int version();
1.33 +2 -1 jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- ssl_private.h 7 Jul 2005 08:10:08 -0000 1.32
+++ ssl_private.h 8 Jul 2005 07:19:10 -0000 1.33
@@ -188,6 +188,7 @@
#define SSL_INFO_SERVER_A_SIG (0x0205)
#define SSL_INFO_SERVER_A_KEY (0x0206)
#define SSL_INFO_SERVER_CERT (0x0207)
+#define SSL_INFO_CLIENT_CERT_CHAIN (0x0400)
#define SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) \
((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
1.5 +15 -2 jakarta-tomcat-connectors/jni/native/src/sslinfo.c
Index: sslinfo.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslinfo.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sslinfo.c 17 Jun 2005 09:41:30 -0000 1.4
+++ sslinfo.c 8 Jul 2005 07:19:10 -0000 1.5
@@ -105,7 +105,7 @@
n = BIO_pending(bio);
result = malloc(n+1);
n = BIO_read(bio, result, n);
- result[n] = '\n';
+ result[n] = '\0';
BIO_free(bio);
return result;
}
@@ -399,6 +399,19 @@
}
rv = APR_SUCCESS;
}
+ else if (what & SSL_INFO_CLIENT_CERT_CHAIN) {
+ X509 *xs;
+ char *result;
+ STACK_OF(X509) *sk = SSL_get_peer_cert_chain(s->ssl);
+ int n = what & 0x0F;
+ if (n < sk_X509_num(sk)) {
+ xs = sk_X509_value(sk, n);
+ if ((result = get_cert_PEM(xs))) {
+ value = tcn_new_string(e, result);
+ free(result);
+ }
+ }
+ }
if (rv != APR_SUCCESS)
tcn_ThrowAPRException(e, rv);
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org