You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2016/02/03 17:01:51 UTC
Re: svn commit: r1713220 - /tomcat/native/trunk/native/src/sslcontext.c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jean-Frederic,
On 11/8/15 5:34 AM, jfclere@apache.org wrote:
> Author: jfclere Date: Sun Nov 8 10:34:31 2015 New Revision:
> 1713220
>
> URL: http://svn.apache.org/viewvc?rev=1713220&view=rev Log: Allow
> to use raw (well keystore) certificates and keys.
>
> Modified: tomcat/native/trunk/native/src/sslcontext.c
>
> Modified: tomcat/native/trunk/native/src/sslcontext.c URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext
.c?rev=1713220&r1=1713219&r2=1713220&view=diff
>
>
========================================================================
======
> --- tomcat/native/trunk/native/src/sslcontext.c (original) +++
> tomcat/native/trunk/native/src/sslcontext.c Sun Nov 8 10:34:31
> 2015 @@ -974,6 +974,120 @@ cleanup: return rv; }
>
> +TCN_IMPLEMENT_CALL(jboolean, SSLContext,
> setCertificateRaw)(TCN_STDARGS, jlong ctx, +
> jbyteArray javaCert, jbyteArray javaKey, jint idx) +{ +#ifdef
> HAVE_ECC +#if defined(SSL_CTX_set_ecdh_auto) + EC_KEY *eckey =
> NULL; +#endif +#endif
Should the inner #ifdef in fact be #ifndef?
Because it does not agree with this portion:
> +#ifdef HAVE_ECC + /* + * TODO try to read the ECDH curve
> name from somewhere... + */ +#if
> defined(SSL_CTX_set_ecdh_auto) + SSL_CTX_set_ecdh_auto(c->ctx,
> 1); +#else + eckey =
> EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +
> SSL_CTX_set_tmp_ecdh(c->ctx, eckey); + EC_KEY_free(eckey);
> +#endif +#endif
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlayJG8ACgkQ9CaO5/Lv0PA1vQCgmW9qG7hVeukRLnquPOWq0z6v
cxMAoKyree2WfwBRKGPHTLI+OKM9GzBs
=azpO
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1713220 -
/tomcat/native/trunk/native/src/sslcontext.c
Posted by jean-frederic clere <jf...@gmail.com>.
On 02/03/2016 05:01 PM, Christopher Schultz wrote:
> Jean-Frederic,
>
> On 11/8/15 5:34 AM, jfclere@apache.org wrote:
>> Author: jfclere Date: Sun Nov 8 10:34:31 2015 New Revision:
>> 1713220
>
>> URL: http://svn.apache.org/viewvc?rev=1713220&view=rev Log:
>> Allow to use raw (well keystore) certificates and keys.
>
>> Modified: tomcat/native/trunk/native/src/sslcontext.c
>
>> Modified: tomcat/native/trunk/native/src/sslcontext.c URL:
>> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext
>
>>
.c?rev=1713220&r1=1713219&r2=1713220&view=diff
>
>
> ========================================================================
>
>
======
>> --- tomcat/native/trunk/native/src/sslcontext.c (original) +++
>> tomcat/native/trunk/native/src/sslcontext.c Sun Nov 8 10:34:31
>> 2015 @@ -974,6 +974,120 @@ cleanup: return rv; }
>
>> +TCN_IMPLEMENT_CALL(jboolean, SSLContext,
>> setCertificateRaw)(TCN_STDARGS, jlong ctx, + jbyteArray javaCert,
>> jbyteArray javaKey, jint idx) +{ +#ifdef HAVE_ECC +#if
>> defined(SSL_CTX_set_ecdh_auto) + EC_KEY *eckey = NULL; +#endif
>> +#endif
>
> Should the inner #ifdef in fact be #ifndef?
Yes I missed this one, sorry,
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org