You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/09/15 19:45:15 UTC

svn commit: r815415 - in /tomcat/native/branches/1.1.x: ./ native/src/sslnetwork.c

Author: markt
Date: Tue Sep 15 17:45:15 2009
New Revision: 815415

URL: http://svn.apache.org/viewvc?rev=815415&view=rev
Log:
Merge native component of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=46950 into the 1.1.x branch

Modified:
    tomcat/native/branches/1.1.x/   (props changed)
    tomcat/native/branches/1.1.x/native/src/sslnetwork.c

Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
    svn:mergeinfo = /tomcat/native/trunk:815411

Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=815415&r1=815414&r2=815415&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Tue Sep 15 17:45:15 2009
@@ -562,11 +562,60 @@
 {
     tcn_socket_t *s   = J2P(sock, tcn_socket_t *);
     tcn_ssl_conn_t *con;
+    int retVal;
 
     UNREFERENCED_STDARGS;
     TCN_ASSERT(sock != 0);
     con = (tcn_ssl_conn_t *)s->opaque;
-    return SSL_renegotiate(con->ssl);
+
+    /* Sequence to renegotiate is
+     *  SSL_renegotiate()
+     *  SSL_do_handshake()
+     *  ssl->state = SSL_ST_ACCEPT
+     *  SSL_do_handshake()
+     */
+    retVal = SSL_renegotiate(con->ssl);
+    if (retVal <= 0)
+        return APR_EGENERAL;
+    
+    retVal = SSL_do_handshake(con->ssl);
+    if (retVal <= 0)
+        return APR_EGENERAL;
+
+    con->ssl->state = SSL_ST_ACCEPT;
+
+    retVal = SSL_do_handshake(con->ssl);
+    if (retVal <= 0)
+        return APR_EGENERAL;
+
+    return APR_SUCCESS;
+}
+
+TCN_IMPLEMENT_CALL(void, SSLSocket, setVerify)(TCN_STDARGS,
+                                               jlong sock,
+                                               jint cverify,
+                                               jint depth)
+{
+    tcn_socket_t *s   = J2P(sock, tcn_socket_t *);
+    tcn_ssl_conn_t *con;
+    int verify = SSL_VERIFY_NONE;
+
+    UNREFERENCED_STDARGS;
+    TCN_ASSERT(sock != 0);
+    con = (tcn_ssl_conn_t *)s->opaque;
+
+    if (cverify == SSL_CVERIFY_UNSET)
+        cverify = SSL_CVERIFY_NONE;
+    if (depth > 0)
+        SSL_set_verify_depth(con->ssl, depth);
+
+    if (cverify == SSL_CVERIFY_REQUIRE)
+        verify |= SSL_VERIFY_PEER_STRICT;
+    if ((cverify == SSL_CVERIFY_OPTIONAL) ||
+        (cverify == SSL_CVERIFY_OPTIONAL_NO_CA))
+        verify |= SSL_VERIFY_PEER;
+
+    SSL_set_verify(con->ssl, verify, NULL);
 }
 
 #else



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org