mturk 2005/06/11 00:03:45
Modified: jni/examples/org/apache/tomcat/jni SSLServer.java
jni/java/org/apache/tomcat/jni SSLSocket.java
jni/native/include ssl_private.h
jni/native/os/netware system.c
jni/native/os/unix system.c
jni/native/os/win32 system.c
jni/native/src ssl.c sslcontext.c
Log:
Remove accept and connect. Use two new functions attach
and handshake.
Revision Changes Path
1.5 +96 -4
jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/SSLServer.java
Index: SSLServer.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/SSLServer.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SSLServer.java 9 Jun 2005 09:13:54 -0000 1.4
+++ SSLServer.java 11 Jun 2005 07:03:45 -0000 1.5
@@ -17,12 +17,14 @@
public static String serverAddr = null;
public static int serverPort = 0;
public static int serverNmax = 0;
+ public static int serverNrun = 0;
public static long serverPool = 0;
public static long serverCtx = 0;
public static String serverCert = null;
public static String serverKey = null;
public static String serverCiphers = null;
public static String serverPassword = null;
+ private static Acceptor serverAcceptor = null;
private static Object threadLock = new Object();
@@ -58,15 +60,105 @@
SSLContext.setCipherSuite(serverCtx, serverCiphers);
/* Load Server key and certificate */
SSLContext.setCertificate(serverCtx, serverCert, serverKey,
serverPassword, SSL.SSL_AIDX_RSA);
- SSLContext.setVerifyDepth(serverCtx, 10);
- SSLContext.setVerifyClient(serverCtx, SSL.SSL_CVERIFY_REQUIRE);
-
+ SSLContext.setVerify(serverCtx, SSL.SSL_CVERIFY_REQUIRE, 10);
+ serverAcceptor = new Acceptor();
+ serverAcceptor.start();
+
} catch (Exception e) {
e.printStackTrace();
}
}
+ public static void incThreads() {
+ synchronized(threadLock) {
+ serverNrun++;
+ }
+ }
+
+ public static void decThreads() {
+ synchronized(threadLock) {
+ serverNrun--;
+ }
+ }
+
+ /* Acceptor thread. Listens for new connections */
+ private class Acceptor extends Thread {
+ private long serverSock = 0;
+ private long inetAddress = 0;
+ private long pool = 0;
+ public Acceptor() throws Exception {
+ try {
+
+ pool = Pool.create(SSLServer.serverPool);
+ System.out.println("Accepting: " + SSLServer.serverAddr +
":" +
+ SSLServer.serverPort);
+ inetAddress = Address.info(SSLServer.serverAddr,
Socket.APR_INET,
+ SSLServer.serverPort, 0,
+ pool);
+ serverSock = Socket.create(Socket.APR_INET,
Socket.SOCK_STREAM,
+ Socket.APR_PROTO_TCP, pool);
+ long sa = Address.get(Socket.APR_LOCAL, serverSock);
+ Sockaddr addr = new Sockaddr();
+ if (Address.fill(addr, sa)) {
+ System.out.println("Host: " + addr.hostname);
+ System.out.println("Server: " + addr.servname);
+ System.out.println("IP: " + Address.getip(sa) +
+ ":" + addr.port);
+ }
+ int rc = Socket.bind(serverSock, inetAddress);
+ if (rc != 0) {
+ throw(new Exception("Can't create Acceptor: bind: " +
Error.strerror(rc)));
+ }
+ Socket.listen(serverSock, 5);
+ }
+ catch( Exception ex ) {
+ ex.printStackTrace();
+ throw(new Exception("Can't create Acceptor"));
+ }
+ }
+ public void run() {
+ int i = 0;
+ try {
+ while (true) {
+ long clientSock = Socket.accept(serverSock, pool);
+ System.out.println("Accepted id: " + i);
+
+ try {
+ long sa = Address.get(Socket.APR_REMOTE, clientSock);
+ Sockaddr raddr = new Sockaddr();
+ if (Address.fill(raddr, sa)) {
+ System.out.println("Remote Host: " +
Address.getnameinfo(sa, 0));
+ System.out.println("Remote IP: " +
Address.getip(sa) +
+ ":" + raddr.port);
+ }
+ sa = Address.get(Socket.APR_LOCAL, clientSock);
+ Sockaddr laddr = new Sockaddr();
+ if (Address.fill(laddr, sa)) {
+ System.out.println("Local Host: " +
laddr.hostname);
+ System.out.println("Local Server: " +
Address.getnameinfo(sa, 0));
+ System.out.println("Local IP: " +
Address.getip(sa) +
+ ":" + laddr.port);
+ }
+
+ } catch (Exception e) {
+ // Ignore
+ e.printStackTrace();
+ }
+
+ Socket.timeoutSet(clientSock, 10000000);
+ long sslSocket = SSLSocket.attach(SSLServer.serverCtx,
clientSock, pool);
+ i = SSLSocket.handshake(sslSocket);
+ System.out.println("Handskake : " + i);
+
+ SSLSocket.close(sslSocket);
+ }
+ }
+ catch( Exception ex ) {
+ ex.printStackTrace();
+ }
+ }
+ }
public static void main(String [] args) {
try {
Library.initialize(null);
1.5 +9 -18
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java
Index: SSLSocket.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SSLSocket.java 10 Jun 2005 17:15:56 -0000 1.4
+++ SSLSocket.java 11 Jun 2005 07:03:45 -0000 1.5
@@ -28,25 +28,21 @@
public class SSLSocket {
/**
- * Accept a SSL connection.
+ * Attach APR socket on a SSL connection.
* @param ctx SSLContext to use.
- * @param sock APR Socket that already did physical accept.
+ * @param sock APR Socket that already did physical connect.
+ * @param pool The pool to use
* @param pool The pool to use
* @return The new socket that has been set up.
*/
- public static native long accept(long ctx, long sock, long pool)
+ public static native long attach(long ctx, long sock, long pool)
throws Exception;
/**
- * Connect on a SSL connection.
- * @param ctx SSLContext to use.
- * @param sock APR Socket that already did physical connect.
- * @param pool The pool to use
- * @return The new socket that has been set up.
+ * Do a SSL handshake.
+ * @param thesocket The socket to close
*/
- public static native long connect(long ctx, long sock, long pool)
- throws Exception;
-
+ public static native int handshake(long thesocket);
/**
* Shutdown a socket.
@@ -72,10 +68,5 @@
*/
public static native int close(long thesocket);
- /**
- * Get the SSL error code.
- * @param thesocket The SSL socket to use.
- * @retcode the "local" error code returned by SSL.
- * @return the error code.
- public static native int geterror(long thesocket, int retcode);
+
}
1.25 +13 -1
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ssl_private.h 10 Jun 2005 10:47:37 -0000 1.24
+++ ssl_private.h 11 Jun 2005 07:03:45 -0000 1.25
@@ -139,6 +139,17 @@
#define SSL_SHUTDOWN_TYPE_UNCLEAN (2)
#define SSL_SHUTDOWN_TYPE_ACCURATE (3)
+#define SSL_TO_APR_ERROR(X) (APR_OS_START_USERERR + 1000 + X)
+
+#define SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) \
+ ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
+ || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
+ || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
+ || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
+ || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
+
+
+
#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are
encrypted for security reasons.\n" \
"In order to read them you have to provide
the pass phrases.\n" \
"Enter password :"
@@ -198,6 +209,7 @@
X509 *cert;
int shutdown_type;
apr_socket_t *sock;
+ apr_pollset_t *pollset;
} tcn_ssl_conn_t;
1.5 +2 -1 jakarta-tomcat-connectors/jni/native/os/netware/system.c
Index: system.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/os/netware/system.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- system.c 24 May 2005 09:25:36 -0000 1.4
+++ system.c 11 Jun 2005 07:03:45 -0000 1.5
@@ -22,6 +22,7 @@
#include "apr.h"
#include "apr_pools.h"
#include "apr_network_io.h"
+#include "apr_poll.h"
#include "tcn.h"
1.6 +2 -1 jakarta-tomcat-connectors/jni/native/os/unix/system.c
Index: system.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/os/unix/system.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- system.c 28 May 2005 11:40:52 -0000 1.5
+++ system.c 11 Jun 2005 07:03:45 -0000 1.6
@@ -22,6 +22,7 @@
#include "apr.h"
#include "apr_pools.h"
#include "apr_network_io.h"
+#include "apr_pol.h"
#include "tcn.h"
#if defined(__linux__)
1.7 +3 -2 jakarta-tomcat-connectors/jni/native/os/win32/system.c
Index: system.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/os/win32/system.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- system.c 7 Jun 2005 12:41:44 -0000 1.6
+++ system.c 11 Jun 2005 07:03:45 -0000 1.7
@@ -24,6 +24,7 @@
#include <winsock.h>
#include "apr.h"
#include "apr_pools.h"
+#include "apr_poll.h"
#include "apr_network_io.h"
#include "apr_arch_misc.h" /* for apr_os_level */
#include "apr_arch_atime.h" /* for FileTimeToAprTime */
@@ -266,7 +267,7 @@
0, &id);
WaitForSingleObject(thread, INFINITE);
CloseHandle(thread);
- return strlen(data->password);
+ return (int)strlen(data->password);
}
1.32 +2 -1 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- ssl.c 9 Jun 2005 10:44:06 -0000 1.31
+++ ssl.c 11 Jun 2005 07:03:45 -0000 1.32
@@ -26,6 +26,7 @@
#include "apr_thread_mutex.h"
#include "apr_strings.h"
#include "apr_atomic.h"
+#include "apr_poll.h"
#include "tcn.h"
1.33 +2 -1 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- sslcontext.c 10 Jun 2005 07:53:24 -0000 1.32
+++ sslcontext.c 11 Jun 2005 07:03:45 -0000 1.33
@@ -24,6 +24,7 @@
#include "apr_file_io.h"
#include "apr_portable.h"
#include "apr_thread_mutex.h"
+#include "apr_poll.h"
#include "tcn.h"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
