You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by mi...@apache.org on 2020/05/12 09:04:00 UTC

[tomcat-native] branch master updated: Add support for SLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/master by this push:
     new 51f949d  Add support for SLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up
51f949d is described below

commit 51f949dc6e0b6e4e27972b8ba2d0a2626fc3c1c5
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Tue May 12 10:58:06 2020 +0200

    Add support for SLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up
    
    In libressl-portable/openbsd:0db809ee17 support was added for
    SSL_CTX_add0_chain_cert() and alike which were included in OpenBSD 6.5 base as
    well as LibreSSL 2.9.1 and up. This now makes TestSSLHostConfigCompat pass
    successfully with LibreSSL.
---
 native/src/sslcontext.c           | 2 +-
 xdocs/miscellaneous/changelog.xml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 1d584f7..f10b55e 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1262,7 +1262,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, jl
         ERR_error_string(SSL_ERR_get(), err);
         tcn_Throw(e, "Error reading certificate (%s)", err);
         rv = JNI_FALSE;
-#if defined(LIBRESSL_VERSION_NUMBER)
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20901000L
     } else {
         tcn_Throw(e, "Unable to use Java keystores with LibreSSL");
 #else
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 71cfd86..68ce2f4 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -45,6 +45,10 @@
     <fix>
       Disable keylog callback support for LibreSSL. (michaelo)
     </fix>
+    <add>
+      Add support for <code>SSLContext.addChainCertificateRaw()</code> with
+      LibreSSL 2.9.1 and up. (michaelo)
+    </add>
   </changelog>
 </section>
 <section name="Changes in 1.2.24">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org