You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2014/04/18 11:10:48 UTC
svn commit: r1588429 - /tomcat/native/branches/1.1.x/native/src/ssl.c
Author: mturk
Date: Fri Apr 18 09:10:48 2014
New Revision: 1588429
URL: http://svn.apache.org/r1588429
Log:
Bz56396. Some OpenSSL versions do not fail, so ensure we recover only if actually failed to generate 512-bit keys
Modified:
tomcat/native/branches/1.1.x/native/src/ssl.c
Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1588429&r1=1588428&r2=1588429&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
+++ tomcat/native/branches/1.1.x/native/src/ssl.c Fri Apr 18 09:10:48 2014
@@ -221,19 +221,22 @@ static const jint supported_ssl_opts = 0
static int ssl_tmp_key_init_rsa(int bits, int idx)
{
+ if (!(SSL_temp_keys[idx] =
+ RSA_generate_key(bits, RSA_F4, NULL, NULL))) {
#ifdef OPENSSL_FIPS
- /**
- * With FIPS mode short RSA keys cannot be
- * generated.
- */
- if (bits < 1024)
- return 0;
+ /**
+ * With FIPS mode short RSA keys cannot be
+ * generated.
+ */
+ if (bits < 1024)
+ return 0;
+ else
#endif
- if (!(SSL_temp_keys[idx] =
- RSA_generate_key(bits, RSA_F4, NULL, NULL)))
return 1;
- else
+ }
+ else {
return 0;
+ }
}
static int ssl_tmp_key_init_dh(int bits, int idx)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org