You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2021/11/05 22:12:37 UTC
[tomcat] branch main updated: Cleanups
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a862247 Cleanups
a862247 is described below
commit a862247ef8442ebec536b15f0588040550376c49
Author: remm <re...@apache.org>
AuthorDate: Fri Nov 5 23:12:18 2021 +0100
Cleanups
---
.../util/net/openssl/panama/OpenSSLContext.java | 22 ++++++++++++++++------
.../util/net/openssl/panama/OpenSSLEngine.java | 13 +++++--------
2 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index ee65359..27b9efc 100644
--- a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -872,11 +872,11 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
|| certificateVerifyMode == SSL_VERIFY_NONE()) {
return 1;
}
- /*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
- || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
- || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
- || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
- || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
+ /*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+ || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+ || (errnum == X509_V_ERR_CERT_UNTRUSTED)
+ || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
boolean verifyErrorIsOptional = (errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT())
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN())
|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY())
@@ -1173,7 +1173,17 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
cert = PEM_read_bio_X509_AUX(bio, MemoryAddress.NULL, openSSLCallbackPassword, MemoryAddress.NULL);
if (MemoryAddress.NULL.equals(cert) &&
- // FIXME: Unfortunately jextract doesn't convert this ERR_GET_REASON(ERR_peek_last_error())
+ // Missing ERR_GET_REASON(ERR_peek_last_error())
+ /*int ERR_GET_REASON(unsigned long errcode) {
+ * if (ERR_SYSTEM_ERROR(errcode))
+ * return errcode & ERR_SYSTEM_MASK;
+ * return errcode & ERR_REASON_MASK;
+ *}
+ *# define ERR_SYSTEM_ERROR(errcode) (((errcode) & ERR_SYSTEM_FLAG) != 0)
+ *# define ERR_SYSTEM_FLAG ((unsigned int)INT_MAX + 1)
+ *# define ERR_SYSTEM_MASK ((unsigned int)INT_MAX)
+ *# define ERR_REASON_MASK 0X7FFFFF
+ */
((ERR_peek_last_error() & 0X7FFFFF) == PEM_R_NO_START_LINE())) {
ERR_clear_error();
BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemoryAddress.NULL);
diff --git a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 29c4ce7..7b920ae 100644
--- a/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/modules/openssl-panama-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1302,10 +1302,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
if (certificateVerifyMode == -1 /*SSL_CVERIFY_UNSET*/ || certificateVerifyMode == SSL_VERIFY_NONE()) {
return 1;
}
- /*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
- || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
- || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
- || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
+ /*SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) -> ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
+ || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+ || (errnum == X509_V_ERR_CERT_UNTRUSTED)
|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))*/
boolean verifyErrorIsOptional = (errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT())
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN())
@@ -1358,9 +1358,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
}
- if (ok == 0) {
- // FIXME: debug logging
- }
if (errdepth > certificateVerificationDepth) {
// Certificate Verification: Certificate Chain too long
ok = 0;
@@ -1485,7 +1482,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
MemoryAddress buf = bufPointer.get(ValueLayout.ADDRESS, 0);
// HTTP request with the following header
- // POST urlPath HTTP/1.0
+ // POST urlPath HTTP/1.1
// Host: urlHost:urlPort
// Content-Type: application/ocsp-request
// Content-Length: ocspRequestData.length
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org