src sslnetwork.c

mturk Thu, 07 Jul 2005 01:36:00 -0700

mturk       2005/07/07 01:35:47

  Modified:    jni/java/org/apache/tomcat/jni SSLSocket.java
               jni/native/src sslnetwork.c
  Log:
  Add SSL renegotiate support to be able to attach a different context
  after the header has been read and before any resonse has been send.
  
  We'll see if Tomcat can use something like that. At least it has to
  explicitly configured, like in mod_ssl by using:
  SSLOptions +OptRenegotiate.
  
  Revision  Changes    Path
  1.16      +17 -1     
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java
  
  Index: SSLSocket.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLSocket.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- SSLSocket.java    18 Jun 2005 08:03:21 -0000      1.15
  +++ SSLSocket.java    7 Jul 2005 08:35:46 -0000       1.16
  @@ -43,6 +43,22 @@
       public static native int handshake(long thesocket);
   
       /**
  +     * Do a SSL renegotiation.
  +     * SSL supports per-directory re-configuration of SSL parameters.
  +     * This is implemented by performing an SSL renegotiation of the
  +     * re-configured parameters after the request is read, but before the
  +     * response is sent. In more detail: the renegotiation happens after the
  +     * request line and MIME headers were read, but _before_ the attached
  +     * request body is read. The reason simply is that in the HTTP protocol
  +     * usually there is no acknowledgment step between the headers and the
  +     * body (there is the 100-continue feature and the chunking facility
  +     * only), so Apache has no API hook for this step.
  +     *
  +     * @param thesocket The socket to use
  +     */
  +    public static native int renegotiate(long thesocket);
  +
  +    /**
        * Retrun SSL Info parameter as byte array.
        *
        * @param sock The socket to read the data from.
  
  
  
  1.22      +13 -1     jakarta-tomcat-connectors/jni/native/src/sslnetwork.c
  
  Index: sslnetwork.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslnetwork.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- sslnetwork.c      2 Jul 2005 07:19:10 -0000       1.21
  +++ sslnetwork.c      7 Jul 2005 08:35:46 -0000       1.22
  @@ -495,6 +495,18 @@
       return APR_SUCCESS;
   }
   
  +TCN_IMPLEMENT_CALL(jint, SSLSocket, renegotiate)(TCN_STDARGS,
  +                                                 jlong sock)
  +{
  +    tcn_socket_t *s   = J2P(sock, tcn_socket_t *);
  +    tcn_ssl_conn_t *con;
  +
  +    UNREFERENCED_STDARGS;
  +    TCN_ASSERT(sock != 0);
  +    con = (tcn_ssl_conn_t *)s->opaque;
  +    return SSL_renegotiate(con->ssl);
  +}
  +
   #else
   /* OpenSSL is not supported
    * If someday we make OpenSSL optional


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jni/native/src sslnetwork.c

Reply via email to