mturk 2005/05/20 02:25:39
Modified: jni/java/org/apache/tomcat/jni SSL.java
jni/native/src ssl.c
Log:
Add engine param to SSL.initialize to enable hardware devices.
Revision Changes Path
1.3 +70 -2
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
Index: SSL.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SSL.java 20 May 2005 07:31:41 -0000 1.2
+++ SSL.java 20 May 2005 09:25:39 -0000 1.3
@@ -24,6 +24,71 @@
public final class SSL {
+ /*
+ * Type definitions mostly from mod_ssl
+ */
+ public static final int UNSET = -1;
+ /*
+ * Define the certificate algorithm types
+ */
+ public static final int SSL_ALGO_UNKNOWN = 0;
+ public static final int SSL_ALGO_RSA = (1<<0);
+ public static final int SSL_ALGO_DSA = (1<<1);
+ public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA|SSL_ALGO_DSA);
+
+ public static final int SSL_AIDX_RSA = 0;
+ public static final int SSL_AIDX_DSA = 1;
+ public static final int SSL_AIDX_MAX = 2;
+ /*
+ * Define IDs for the temporary RSA keys and DH params
+ */
+
+ public static final int SSL_TMP_KEY_RSA_512 = 0;
+ public static final int SSL_TMP_KEY_RSA_1024 = 1;
+ public static final int SSL_TMP_KEY_DH_512 = 2;
+ public static final int SSL_TMP_KEY_DH_1024 = 3;
+ public static final int SSL_TMP_KEY_MAX = 4;
+
+ /*
+ * Define the SSL options
+ */
+ public static final int SSL_OPT_NONE = 0;
+ public static final int SSL_OPT_RELSET = (1<<0);
+ public static final int SSL_OPT_STDENVVARS = (1<<1);
+ public static final int SSL_OPT_EXPORTCERTDATA = (1<<3);
+ public static final int SSL_OPT_FAKEBASICAUTH = (1<<4);
+ public static final int SSL_OPT_STRICTREQUIRE = (1<<5);
+ public static final int SSL_OPT_OPTRENEGOTIATE = (1<<6);
+ public static final int SSL_OPT_ALL =
(SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE);
+
+ /*
+ * Define the SSL Protocol options
+ */
+ public static final int SSL_PROTOCOL_NONE = 0;
+ public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
+ public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
+ public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
+ public static final int SSL_PROTOCOL_ALL =
(SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
+
+ /*
+ * Define the SSL verify levels
+ */
+ public static final int SSL_CVERIFY_UNSET = UNSET;
+ public static final int SSL_CVERIFY_NONE = 0;
+ public static final int SSL_CVERIFY_OPTIONAL = 1;
+ public static final int SSL_CVERIFY_REQUIRE = 2;
+ public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3;
+
+ /* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
+ * are 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+ public static final int SSL_VERIFY_NONE = 0;
+ public static final int SSL_VERIFY_PEER = 1;
+ public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2;
+ public static final int SSL_VERIFY_CLIENT_ONCE = 4;
+ public static final int SSL_VERIFY_PEER_STRICT =
(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+
+
/* Return OpenSSL version number */
public static native int version();
@@ -34,9 +99,12 @@
* Initialize OpenSSL support.
* This function needs to be called once for the
* lifetime of JVM. Library.init() has to be called before.
+ * @param engine Support for external a Crypto Device ("engine"),
+ * usually
+ * a hardware accellerator card for crypto operations.
* @return APR status code
*/
- public static native int initialize();
+ public static native int initialize(String engine);
}
1.5 +38 -6 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ssl.c 20 May 2005 07:31:41 -0000 1.4
+++ ssl.c 20 May 2005 09:25:39 -0000 1.5
@@ -43,6 +43,9 @@
static apr_status_t ssl_init_cleanup(void *data)
{
UNREFERENCED(data);
+ if (!ssl_initialized)
+ return APR_SUCCESS;
+ ssl_initialized = 0;
/*
* Try to kill the internals of the SSL library.
*/
@@ -75,15 +78,20 @@
return APR_SUCCESS;
}
-TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS)
+TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
{
+ TCN_ALLOC_CSTRING(engine);
- UNREFERENCED_STDARGS;
- if (!tcn_global_pool)
+ UNREFERENCED(o);
+ if (!tcn_global_pool) {
+ TCN_FREE_CSTRING(engine);
return (jint)APR_EINVAL;
+ }
/* Check if already initialized */
- if (ssl_initialized++)
+ if (ssl_initialized++) {
+ TCN_FREE_CSTRING(engine);
return (jint)APR_SUCCESS;
+ }
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
@@ -98,13 +106,37 @@
OPENSSL_load_builtin_modules();
#endif
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
+ if (J2S(engine)) {
+ ENGINE *e;
+ apr_status_t err = APR_SUCCESS;
+ if (!(e = ENGINE_by_id(J2S(engine))) {
+ ssl_init_cleanup(NULL);
+ err = APR_ENOTIMPL;
+ }
+
+ if (strcmp(J2S(engine), "chil") == 0) {
+ ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+ }
+
+ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+ ssl_init_cleanup(NULL);
+ err = APR_ENOTIMPL;
+ }
+ ENGINE_free(e);
+ if (err != APR_SUCCESS) {
+ TCN_FREE_CSTRING(engine);
+ return (jint)err;
+ }
+ }
+#endif
/*
- * Let us cleanup the ssl library when the module is unloaded
+ * Let us cleanup the ssl library when the library is unloaded
*/
apr_pool_cleanup_register(tcn_global_pool, NULL,
ssl_init_cleanup,
apr_pool_cleanup_null);
-
+ TCN_FREE_CSTRING(engine);
return (jint)APR_SUCCESS;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
