You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2005/05/31 12:58:05 UTC
cvs commit: jakarta-tomcat-connectors/jni/native/src sslcontext.c
mturk 2005/05/31 03:58:05
Modified: jni/native/src sslcontext.c
Added: jni/java/org/apache/tomcat/jni SSLContext.java
Log:
Add SSLContext initialization.
Revision Changes Path
1.1 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
Index: SSLContext.java
===================================================================
/*
* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.jni;
/** SSL Context
*
* @author Mladen Turk
* @version $Revision: 1.1 $, $Date: 2005/05/31 10:58:05 $
*/
public final class SSLContext {
/**
* Initialize new Server context
* @param pool The pool to use.
* @param protocol The SSL protocol to use. It can be one of:
* <PRE>
* SSL_PROTOCOL_SSLV2
* SSL_PROTOCOL_SSLV3
* SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
* SSL_PROTOCOL_TLSV1
* SSL_PROTOCOL_ALL
* </PRE>
*/
public static native long initS(jlong pool, jint protocol);
/**
* Initialize new Client context
* @param pool The pool to use.
* @param protocol The SSL protocol to use. It can be one of:
* <PRE>
* SSL_PROTOCOL_SSLV2
* SSL_PROTOCOL_SSLV3
* SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
* SSL_PROTOCOL_TLSV1
* SSL_PROTOCOL_ALL
* </PRE>
*/
public static native long initC(jlong pool, jint protocol);
}
1.2 +127 -1 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sslcontext.c 24 May 2005 10:53:20 -0000 1.1
+++ sslcontext.c 31 May 2005 10:58:05 -0000 1.2
@@ -30,6 +30,132 @@
#ifdef HAVE_OPENSSL
#include "ssl_private.h"
+
+/* Initialize server context */
+TCN_IMPLEMENT_CALL(jlong, SSL, initS)(TCN_STDARGS, jlong pool,
+ jint protocol)
+{
+ apr_pool_t *p = J2P(pool, apr_pool_t *);
+ tcn_ssl_ctxt_t *c = NULL;
+ SSL_CTX *ctx = NULL;
+ UNREFERENCED(o);
+
+ switch (protocol) {
+ case SSL_PROTOCOL_SSLV2:
+ ctx = SSL_CTX_new(SSLv2_server_method());
+ break;
+ case SSL_PROTOCOL_SSLV3:
+ ctx = SSL_CTX_new(SSLv3_server_method());
+ break;
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+ case SSL_PROTOCOL_ALL:
+ ctx = SSL_CTX_new(SSLv23_server_method());
+ break;
+ case SSL_PROTOCOL_TLSV1:
+ ctx = SSL_CTX_new(TLSv1_server_method());
+ break;
+ }
+ if (!ctx) {
+ tcn_ThrowException(e, "Invalid Server SSL Protocol");
+ goto init_failed;
+ }
+ if ((c = apr_pcalloc(p, sizeof(tcn_ssl_ctxt_t))) == NULL) {
+ tcn_ThrowAPRException(e, apr_get_os_error());
+ goto init_failed;
+ }
+ /* server mode */
+ c->mode = 1;
+ c->ctx = ctx;
+ c->pool = p;
+
+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
+ if (!(protocol & SSL_PROTOCOL_SSLV2))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
+ if (!(protocol & SSL_PROTOCOL_SSLV3))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+ if (!(protocol & SSL_PROTOCOL_TLSV1))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+ /*
+ * Configure additional context ingredients
+ */
+ SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ /*
+ * Disallow a session from being resumed during a renegotiation,
+ * so that an acceptable cipher suite can be negotiated.
+ */
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+
+ return P2J(c);
+init_failed:
+ return 0;
+}
+
+/* Initialize client context */
+TCN_IMPLEMENT_CALL(jlong, SSL, initC)(TCN_STDARGS, jlong pool,
+ jint protocol)
+{
+ apr_pool_t *p = J2P(pool, apr_pool_t *);
+ tcn_ssl_ctxt_t *c = NULL;
+ SSL_CTX *ctx = NULL;
+ UNREFERENCED(o);
+
+ switch (protocol) {
+ case SSL_PROTOCOL_SSLV2:
+ ctx = SSL_CTX_new(SSLv2_client_method());
+ break;
+ case SSL_PROTOCOL_SSLV3:
+ ctx = SSL_CTX_new(SSLv3_client_method());
+ break;
+ case SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3:
+ case SSL_PROTOCOL_ALL:
+ ctx = SSL_CTX_new(SSLv23_client_method());
+ break;
+ case SSL_PROTOCOL_TLSV1:
+ ctx = SSL_CTX_new(TLSv1_client_method());
+ break;
+ }
+ if (!ctx) {
+ tcn_ThrowException(e, "Invalid Client SSL Protocol");
+ goto init_failed;
+ }
+ if ((c = apr_pcalloc(p, sizeof(tcn_ssl_ctxt_t))) == NULL) {
+ tcn_ThrowAPRException(e, apr_get_os_error());
+ goto init_failed;
+ }
+ /* client mode */
+ c->mode = 0;
+ c->ctx = ctx;
+ c->pool = p;
+
+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
+ if (!(protocol & SSL_PROTOCOL_SSLV2))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
+ if (!(protocol & SSL_PROTOCOL_SSLV3))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+ if (!(protocol & SSL_PROTOCOL_TLSV1))
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+ /*
+ * Configure additional context ingredients
+ */
+ SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ /*
+ * Disallow a session from being resumed during a renegotiation,
+ * so that an acceptable cipher suite can be negotiated.
+ */
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+
+ return P2J(c);
+init_failed:
+ return 0;
+}
+
+
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org