You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by mt...@apache.org on 2014/04/18 11:10:48 UTC

svn commit: r1588429 - /tomcat/native/branches/1.1.x/native/src/ssl.c

Author: mturk
Date: Fri Apr 18 09:10:48 2014
New Revision: 1588429

URL: http://svn.apache.org/r1588429
Log:
Bz56396. Some OpenSSL versions do not fail, so ensure we recover only if actually failed to generate 512-bit keys

Modified:
    tomcat/native/branches/1.1.x/native/src/ssl.c

Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1588429&r1=1588428&r2=1588429&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
+++ tomcat/native/branches/1.1.x/native/src/ssl.c Fri Apr 18 09:10:48 2014
@@ -221,19 +221,22 @@ static const jint supported_ssl_opts = 0
 
 static int ssl_tmp_key_init_rsa(int bits, int idx)
 {
+    if (!(SSL_temp_keys[idx] =
+          RSA_generate_key(bits, RSA_F4, NULL, NULL))) {
 #ifdef OPENSSL_FIPS
-    /**
-     * With FIPS mode short RSA keys cannot be
-     * generated.
-     */
-    if (bits < 1024)
-        return 0;
+        /**
+         * With FIPS mode short RSA keys cannot be
+         * generated.
+         */
+        if (bits < 1024)
+            return 0;
+        else
 #endif
-    if (!(SSL_temp_keys[idx] =
-          RSA_generate_key(bits, RSA_F4, NULL, NULL)))
         return 1;
-    else
+    }
+    else {
         return 0;
+    }
 }
 
 static int ssl_tmp_key_init_dh(int bits, int idx)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org