You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2016/02/03 17:01:51 UTC

Re: svn commit: r1713220 - /tomcat/native/trunk/native/src/sslcontext.c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean-Frederic,

On 11/8/15 5:34 AM, jfclere@apache.org wrote:
> Author: jfclere Date: Sun Nov  8 10:34:31 2015 New Revision:
> 1713220
> 
> URL: http://svn.apache.org/viewvc?rev=1713220&view=rev Log: Allow
> to use raw (well keystore) certificates and keys.
> 
> Modified: tomcat/native/trunk/native/src/sslcontext.c
> 
> Modified: tomcat/native/trunk/native/src/sslcontext.c URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext
.c?rev=1713220&r1=1713219&r2=1713220&view=diff
>
> 
========================================================================
======
> --- tomcat/native/trunk/native/src/sslcontext.c (original) +++
> tomcat/native/trunk/native/src/sslcontext.c Sun Nov  8 10:34:31
> 2015 @@ -974,6 +974,120 @@ cleanup: return rv; }
> 
> +TCN_IMPLEMENT_CALL(jboolean, SSLContext,
> setCertificateRaw)(TCN_STDARGS, jlong ctx, +
> jbyteArray javaCert, jbyteArray javaKey, jint idx) +{ +#ifdef
> HAVE_ECC +#if defined(SSL_CTX_set_ecdh_auto) +    EC_KEY *eckey =
> NULL; +#endif +#endif

Should the inner #ifdef in fact be #ifndef?

Because it does not agree with this portion:

> +#ifdef HAVE_ECC +    /* +     * TODO try to read the ECDH curve
> name from somewhere... +     */ +#if
> defined(SSL_CTX_set_ecdh_auto) +    SSL_CTX_set_ecdh_auto(c->ctx,
> 1); +#else +    eckey =
> EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +
> SSL_CTX_set_tmp_ecdh(c->ctx, eckey); +    EC_KEY_free(eckey); 
> +#endif +#endif

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlayJG8ACgkQ9CaO5/Lv0PA1vQCgmW9qG7hVeukRLnquPOWq0z6v
cxMAoKyree2WfwBRKGPHTLI+OKM9GzBs
=azpO
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1713220 - /tomcat/native/trunk/native/src/sslcontext.c

Posted by jean-frederic clere <jf...@gmail.com>.

On 02/03/2016 05:01 PM, Christopher Schultz wrote:
> Jean-Frederic,
> 
> On 11/8/15 5:34 AM, jfclere@apache.org wrote:
>> Author: jfclere Date: Sun Nov  8 10:34:31 2015 New Revision: 
>> 1713220
> 
>> URL: http://svn.apache.org/viewvc?rev=1713220&view=rev Log:
>> Allow to use raw (well keystore) certificates and keys.
> 
>> Modified: tomcat/native/trunk/native/src/sslcontext.c
> 
>> Modified: tomcat/native/trunk/native/src/sslcontext.c URL: 
>> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext
>
>> 
.c?rev=1713220&r1=1713219&r2=1713220&view=diff
> 
> 
> ========================================================================
>
> 
======
>> --- tomcat/native/trunk/native/src/sslcontext.c (original) +++ 
>> tomcat/native/trunk/native/src/sslcontext.c Sun Nov  8 10:34:31 
>> 2015 @@ -974,6 +974,120 @@ cleanup: return rv; }
> 
>> +TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
>> setCertificateRaw)(TCN_STDARGS, jlong ctx, + jbyteArray javaCert,
>> jbyteArray javaKey, jint idx) +{ +#ifdef HAVE_ECC +#if
>> defined(SSL_CTX_set_ecdh_auto) +    EC_KEY *eckey = NULL; +#endif
>> +#endif
> 
> Should the inner #ifdef in fact be #ifndef?

Yes I missed this one, sorry,

Cheers

Jean-Frederic

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org