mturk 2005/06/10 00:53:24
Modified: jni/java/org/apache/tomcat/jni SSLContext.java
jni/native/src sslcontext.c
Log:
Combine verfyClient and verifyDepth to a single function
because they are related.
Revision Changes Path
1.18 +13 -27
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java
Index: SSLContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- SSLContext.java 10 Jun 2005 06:44:35 -0000 1.17
+++ SSLContext.java 10 Jun 2005 07:53:24 -0000 1.18
@@ -225,30 +225,6 @@
throws Exception;
/**
- * Set Maximum depth of CA Certificates in Client Certificate
verification
- * <br />
- * This directive sets how deeply mod_ssl should verify before deciding
that
- * the clients don't have a valid certificate. Notice that this
directive can
- * be used both in per-server and per-directory context. In per-server
context
- * it applies to the client authentication process used in the standard
SSL
- * handshake when a connection is established. In per-directory context
it forces
- * a SSL renegotation with the reconfigured client verification depth
after the
- * HTTP request was read but before the HTTP response is sent.
- * <br />
- * The depth actually is the maximum number of intermediate certificate
issuers,
- * i.e. the number of CA certificates which are max allowed to be
followed while
- * verifying the client certificate. A depth of 0 means that self-signed
client
- * certificates are accepted only, the default depth of 1 means the
client
- * certificate can be self-signed or has to be signed by a CA which is
directly
- * known to the server (i.e. the CA's certificate is under
- * <code>setCACertificatePath</code>), etc.
- * @param ctx Server or Client context to use.
- * @param depth Maximum depth of CA Certificates in Client Certificate
- * verification.
- */
- public static native void setVerifyDepth(long ctx, int depth);
-
- /**
* Set SSL connection shutdown type
* <br />
* The following levels are available for level:
@@ -263,7 +239,8 @@
public static native void setShutdowType(long ctx, int type);
/**
- * Set Type of Client Certificate verification
+ * Set Type of Client Certificate verification and Maximum depth of CA
Certificates
+ * in Client Certificate verification.
* <br />
* This directive sets the Certificate verification level for the Client
* Authentication. Notice that this directive can be used both in
per-server
@@ -281,10 +258,19 @@
* SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid
Certificate
* but it need not to be (successfully)
verifiable
* </PRE>
+ * <br />
+ * The depth actually is the maximum number of intermediate certificate
issuers,
+ * i.e. the number of CA certificates which are max allowed to be
followed while
+ * verifying the client certificate. A depth of 0 means that self-signed
client
+ * certificates are accepted only, the default depth of 1 means the
client
+ * certificate can be self-signed or has to be signed by a CA which is
directly
+ * known to the server (i.e. the CA's certificate is under
* <code>setCACertificatePath</code>), etc.
* @param ctx Server or Client context to use.
* @param level Type of Client Certificate verification.
+ * @param depth Maximum depth of CA Certificates in Client Certificate
+ * verification.
*/
- public static native void setVerifyClient(long ctx, int level);
+ public static native void setVerify(long ctx, int level, int depth);
}
1.32 +5 -14 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- sslcontext.c 10 Jun 2005 06:44:35 -0000 1.31
+++ sslcontext.c 10 Jun 2005 07:53:24 -0000 1.32
@@ -392,16 +392,6 @@
return rv;
}
-TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyDepth)(TCN_STDARGS, jlong ctx,
- jint depth)
-{
- tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
-
- UNREFERENCED_STDARGS;
- TCN_ASSERT(ctx != 0);
- c->verify_depth = depth;
-}
-
TCN_IMPLEMENT_CALL(void, SSLContext, setShutdownType)(TCN_STDARGS, jlong ctx,
jint type)
{
@@ -412,8 +402,8 @@
c->shutdown_type = type;
}
-TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyClient)(TCN_STDARGS, jlong ctx,
- jint level)
+TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx,
+ jint level, jint depth)
{
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
int verify = SSL_VERIFY_NONE;
@@ -424,7 +414,8 @@
if (c->verify_mode == SSL_CVERIFY_UNSET)
c->verify_mode = SSL_CVERIFY_NONE;
-
+ if (depth > 0)
+ c->verify_depth = depth;
/*
* Configure callbacks for SSL context
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
