You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/10/11 10:12:21 UTC

svn commit: r1843541 - in /tomcat/native/trunk: native/src/ssl.c xdocs/miscellaneous/changelog.xml

Author: markt
Date: Thu Oct 11 10:12:21 2018
New Revision: 1843541

URL: http://svn.apache.org/viewvc?rev=1843541&view=rev
Log:
Need to expose SSL_renegotiate_pending so NIO[2]+OPenSSL can implement CLIENT-CERT correctly

Modified:
    tomcat/native/trunk/native/src/ssl.c
    tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1843541&r1=1843540&r2=1843541&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/ssl.c (original)
+++ tomcat/native/trunk/native/src/ssl.c Thu Oct 11 10:12:21 2018
@@ -1527,6 +1527,19 @@ TCN_IMPLEMENT_CALL(jint, SSL, renegotiat
     return SSL_renegotiate(ssl_);
 }
 
+TCN_IMPLEMENT_CALL(jint, SSL, renegotiatePending)(TCN_STDARGS,
+                                                  jlong ssl /* SSL * */) {
+    SSL *ssl_ = J2P(ssl, SSL *);
+    if (ssl_ == NULL) {
+        tcn_ThrowException(e, "ssl is null");
+        return 0;
+    }
+
+    UNREFERENCED(o);
+
+    return SSL_renegotiate_pending(ssl_);
+}
+
 /* Read which protocol was negotiated for the given SSL *. */
 TCN_IMPLEMENT_CALL(jstring, SSL, getNextProtoNegotiated)(TCN_STDARGS,
                                                          jlong ssl /* SSL * */) {

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1843541&r1=1843540&r2=1843541&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Thu Oct 11 10:12:21 2018
@@ -46,6 +46,11 @@
     <add>
       <bug>62748</bug>: Add support for TLS 1.3. (schultz/markt)
     </add>
+    <add>
+      Expose the API necessary for CLIENT-CERT authentication to be correctly
+      supported when using Tomcat's JSSE implementation backed by OpenSSL.
+      (markt)
+    </add>
   </changelog>
 </section>
 <section name="Changes in 1.2.17">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org