src sslinfo.c

mturk Fri, 08 Jul 2005 00:19:23 -0700

mturk       2005/07/08 00:19:10

  Modified:    jni/java/org/apache/tomcat/jni SSL.java
               jni/native/include ssl_private.h
               jni/native/src sslinfo.c
  Log:
  Add SSL_INFO_CLIENT_CERT_CHAIN param getter.
  Right now the majority of info's are returned in PEM format,
  meaning with :
  ---BEGIN XXX ----
  ....
  ---END XXX ---
  We have to see how to return the actual data in byte array if desired.
  
  Revision  Changes    Path
  1.21      +5 -2      
jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
  
  Index: SSL.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- SSL.java  17 Jun 2005 09:41:30 -0000      1.20
  +++ SSL.java  8 Jul 2005 07:19:10 -0000       1.21
  @@ -203,7 +203,10 @@
       public static final int SSL_INFO_SERVER_A_SIG              = 0x0205;
       public static final int SSL_INFO_SERVER_A_KEY              = 0x0206;
       public static final int SSL_INFO_SERVER_CERT               = 0x0207;
  -
  +    /* Return client certificate chain.
  +     * Add certificate chain number to that flag (0 ... verify depth)
  +     */
  +    public static final int SSL_INFO_CLIENT_CERT_CHAIN         = 0x0400;
       /* Return OpenSSL version number */
       public static native int version();
   
  
  
  
  1.33      +2 -1      
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
  retrieving revision 1.32
  retrieving revision 1.33
  diff -u -r1.32 -r1.33
  --- ssl_private.h     7 Jul 2005 08:10:08 -0000       1.32
  +++ ssl_private.h     8 Jul 2005 07:19:10 -0000       1.33
  @@ -188,6 +188,7 @@
   #define SSL_INFO_SERVER_A_SIG               (0x0205)
   #define SSL_INFO_SERVER_A_KEY               (0x0206)
   #define SSL_INFO_SERVER_CERT                (0x0207)
  +#define SSL_INFO_CLIENT_CERT_CHAIN          (0x0400)
   
   #define SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) \
      ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
  
  
  
  1.5       +15 -2     jakarta-tomcat-connectors/jni/native/src/sslinfo.c
  
  Index: sslinfo.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslinfo.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- sslinfo.c 17 Jun 2005 09:41:30 -0000      1.4
  +++ sslinfo.c 8 Jul 2005 07:19:10 -0000       1.5
  @@ -105,7 +105,7 @@
       n = BIO_pending(bio);
       result = malloc(n+1);
       n = BIO_read(bio, result, n);
  -    result[n] = '\n';
  +    result[n] = '\0';
       BIO_free(bio);
       return result;
   }
  @@ -399,6 +399,19 @@
           }
           rv = APR_SUCCESS;
       }
  +    else if (what & SSL_INFO_CLIENT_CERT_CHAIN) {
  +        X509 *xs;
  +        char *result;
  +        STACK_OF(X509) *sk =  SSL_get_peer_cert_chain(s->ssl);
  +        int n = what & 0x0F;
  +        if (n < sk_X509_num(sk)) {
  +            xs = sk_X509_value(sk, n);
  +            if ((result = get_cert_PEM(xs))) {
  +                value = tcn_new_string(e, result);
  +                free(result);
  +            }
  +        }
  +    }
       if (rv != APR_SUCCESS)
           tcn_ThrowAPRException(e, rv);


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jni/native/src sslinfo.c

Reply via email to