You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/09/15 19:45:15 UTC
svn commit: r815415 - in /tomcat/native/branches/1.1.x: ./
native/src/sslnetwork.c
Author: markt
Date: Tue Sep 15 17:45:15 2009
New Revision: 815415
URL: http://svn.apache.org/viewvc?rev=815415&view=rev
Log:
Merge native component of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=46950 into the 1.1.x branch
Modified:
tomcat/native/branches/1.1.x/ (props changed)
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
svn:mergeinfo = /tomcat/native/trunk:815411
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=815415&r1=815414&r2=815415&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Tue Sep 15 17:45:15 2009
@@ -562,11 +562,60 @@
{
tcn_socket_t *s = J2P(sock, tcn_socket_t *);
tcn_ssl_conn_t *con;
+ int retVal;
UNREFERENCED_STDARGS;
TCN_ASSERT(sock != 0);
con = (tcn_ssl_conn_t *)s->opaque;
- return SSL_renegotiate(con->ssl);
+
+ /* Sequence to renegotiate is
+ * SSL_renegotiate()
+ * SSL_do_handshake()
+ * ssl->state = SSL_ST_ACCEPT
+ * SSL_do_handshake()
+ */
+ retVal = SSL_renegotiate(con->ssl);
+ if (retVal <= 0)
+ return APR_EGENERAL;
+
+ retVal = SSL_do_handshake(con->ssl);
+ if (retVal <= 0)
+ return APR_EGENERAL;
+
+ con->ssl->state = SSL_ST_ACCEPT;
+
+ retVal = SSL_do_handshake(con->ssl);
+ if (retVal <= 0)
+ return APR_EGENERAL;
+
+ return APR_SUCCESS;
+}
+
+TCN_IMPLEMENT_CALL(void, SSLSocket, setVerify)(TCN_STDARGS,
+ jlong sock,
+ jint cverify,
+ jint depth)
+{
+ tcn_socket_t *s = J2P(sock, tcn_socket_t *);
+ tcn_ssl_conn_t *con;
+ int verify = SSL_VERIFY_NONE;
+
+ UNREFERENCED_STDARGS;
+ TCN_ASSERT(sock != 0);
+ con = (tcn_ssl_conn_t *)s->opaque;
+
+ if (cverify == SSL_CVERIFY_UNSET)
+ cverify = SSL_CVERIFY_NONE;
+ if (depth > 0)
+ SSL_set_verify_depth(con->ssl, depth);
+
+ if (cverify == SSL_CVERIFY_REQUIRE)
+ verify |= SSL_VERIFY_PEER_STRICT;
+ if ((cverify == SSL_CVERIFY_OPTIONAL) ||
+ (cverify == SSL_CVERIFY_OPTIONAL_NO_CA))
+ verify |= SSL_VERIFY_PEER;
+
+ SSL_set_verify(con->ssl, verify, NULL);
}
#else
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org