You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mi...@apache.org on 2020/05/12 09:04:00 UTC
[tomcat-native] branch master updated: Add support for
SLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/master by this push:
new 51f949d Add support for SLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up
51f949d is described below
commit 51f949dc6e0b6e4e27972b8ba2d0a2626fc3c1c5
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Tue May 12 10:58:06 2020 +0200
Add support for SLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up
In libressl-portable/openbsd:0db809ee17 support was added for
SSL_CTX_add0_chain_cert() and alike which were included in OpenBSD 6.5 base as
well as LibreSSL 2.9.1 and up. This now makes TestSSLHostConfigCompat pass
successfully with LibreSSL.
---
native/src/sslcontext.c | 2 +-
xdocs/miscellaneous/changelog.xml | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 1d584f7..f10b55e 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1262,7 +1262,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, jl
ERR_error_string(SSL_ERR_get(), err);
tcn_Throw(e, "Error reading certificate (%s)", err);
rv = JNI_FALSE;
-#if defined(LIBRESSL_VERSION_NUMBER)
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20901000L
} else {
tcn_Throw(e, "Unable to use Java keystores with LibreSSL");
#else
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 71cfd86..68ce2f4 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -45,6 +45,10 @@
<fix>
Disable keylog callback support for LibreSSL. (michaelo)
</fix>
+ <add>
+ Add support for <code>SSLContext.addChainCertificateRaw()</code> with
+ LibreSSL 2.9.1 and up. (michaelo)
+ </add>
</changelog>
</section>
<section name="Changes in 1.2.24">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org