mturk 2005/06/09 23:25:08
Modified: jni/java/org/apache/tomcat/jni SSLContext.java
jni/native/include ssl_private.h
jni/native/src sslcontext.c
Log:
Call certificate chain with option to skip the leading server certificate
Revision Changes Path
1.16 +5 -2
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
Index: SSLContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- SSLContext.java 9 Jun 2005 09:13:55 -0000 1.15
+++ SSLContext.java 10 Jun 2005 06:25:08 -0000 1.16
@@ -166,8 +166,11 @@
* confused in this situation.
* @param ctx Server or Client context to use.
* @param file File of PEM-encoded Server CA Certificates.
+ * @param skipfirst Skip first certificate if chain file is inside
+ * certificate file.
*/
- public static native boolean setCertificateChainFile(long ctx, String
file);
+ public static native boolean setCertificateChainFile(long ctx, String
file,
+ boolean skipfirst);
/**
* Set Certificate
1.21 +1 -2
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- ssl_private.h 8 Jun 2005 07:15:57 -0000 1.20
+++ ssl_private.h 10 Jun 2005 06:25:08 -0000 1.21
@@ -169,7 +169,6 @@
/* we are one or the other */
int mode;
- const char *cert_chain;
/* certificate revocation list */
X509_STORE *crl;
const char *cert_files[SSL_AIDX_MAX];
1.30 +10 -8 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- sslcontext.c 9 Jun 2005 09:13:55 -0000 1.29
+++ sslcontext.c 10 Jun 2005 06:25:08 -0000 1.30
@@ -317,18 +317,20 @@
}
TCN_IMPLEMENT_CALL(jboolean, SSLContext,
setCertificateChainFile)(TCN_STDARGS, jlong ctx,
- jstring
file)
+ jstring
file,
+ jboolean
skipfirst)
{
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
- jboolean rv = JNI_TRUE;
-
+ jboolean rv = JNI_FALSE;
+ TCN_ALLOC_CSTRING(file);
+
UNREFERENCED(o);
TCN_ASSERT(ctx != 0);
- if (!file)
+ if (!J2S(file))
return JNI_FALSE;
- if ((c->cert_chain = tcn_pstrdup(e, file, c->pool)) == NULL)
- rv = JNI_FALSE;
-
+ if (SSL_CTX_use_certificate_chain(c->ctx, J2S(file), skipfirst) > 0)
+ rv = JNI_TRUE;
+ TCN_FREE_CSTRING(file);
return rv;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
