You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2014/04/09 09:32:29 UTC
svn commit: r1585898 - in /tomcat/native/branches/1.1.x:
native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
Author: mturk
Date: Wed Apr 9 07:32:29 2014
New Revision: 1585898
URL: http://svn.apache.org/r1585898
Log:
Apply Ognjen's patch for bz55915
Modified:
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898&r1=1585897&r2=1585898&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 07:32:29 2014
@@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
&(c->context_id[0]), NULL, EVP_sha1(), NULL);
if (mode) {
+ /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
+ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
+ EC_KEY_free(ecdh);
SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
}
Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1585898&r1=1585897&r2=1585898&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Wed Apr 9 07:32:29 2014
@@ -39,6 +39,9 @@
<section name="Changes between 1.1.29 and 1.1.30">
<changelog>
<fix>
+ <bug>55915</bug>: Apply Ognjen's patch for ECDHE support. (mturk)
+ </fix>
+ <fix>
<bug>55663</bug>: Minor correction to the wording of the NOTICE file
to align it with the <a
href="http://www.apache.org/legal/src-headers.html#notice">requirements
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c
xdocs/miscellaneous/changelog.xml
Posted by Ognjen Blagojevic <og...@gmail.com>.
On 9.4.2014 9:32, mturk@apache.org wrote:
> Log:
> Apply Ognjen's patch for bz55915
For the record, I am an issue reporter, but patch was provided by Mike
Noordermeer.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c
xdocs/miscellaneous/changelog.xml
Posted by Mladen Turk <mt...@apache.org>.
On 04/09/2014 02:03 PM, Konstantin Kolinko wrote:
> 2014-04-09 11:32 GMT+04:00 <mt...@apache.org>:
>> Author: mturk
>> Date: Wed Apr 9 07:32:29 2014
>> New Revision: 1585898
>>
>> URL: http://svn.apache.org/r1585898
>> Log:
>> Apply Ognjen's patch for bz55915
>>
>> Modified:
>> tomcat/native/branches/1.1.x/native/src/sslcontext.c
>> tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
>>
>> Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
>> URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898&r1=1585897&r2=1585898&view=diff
>> ==============================================================================
>> --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
>> +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 07:32:29 2014
>> @@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
>> (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
>> &(c->context_id[0]), NULL, EVP_sha1(), NULL);
>> if (mode) {
>
> All the following is unconditional?
>
> I wonder whether OpenSSL always has these methods.
>
Yeah. I have added HAVE_ECS which I'll use for this section in case of 0.9.8x is used
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x:
native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-04-09 11:32 GMT+04:00 <mt...@apache.org>:
> Author: mturk
> Date: Wed Apr 9 07:32:29 2014
> New Revision: 1585898
>
> URL: http://svn.apache.org/r1585898
> Log:
> Apply Ognjen's patch for bz55915
>
> Modified:
> tomcat/native/branches/1.1.x/native/src/sslcontext.c
> tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
>
> Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
> URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898&r1=1585897&r2=1585898&view=diff
> ==============================================================================
> --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
> +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 07:32:29 2014
> @@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
> (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
> &(c->context_id[0]), NULL, EVP_sha1(), NULL);
> if (mode) {
All the following is unconditional?
I wonder whether OpenSSL always has these methods.
> + /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
> + EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
> + SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
> + EC_KEY_free(ecdh);
> SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
> SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
> }
>
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org