Author: rjung Date: Thu Aug 10 03:36:42 2017 New Revision: 1804622 URL: http://svn.apache.org/viewvc?rev=1804622&view=rev Log: Add method "addClientCACertificateRaw" to add a single CA certificate to the list of CA certificates which are accepted as issuers of client certificates.
Modified: tomcat/native/trunk/native/src/sslcontext.c tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/trunk/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1804622&r1=1804621&r2=1804622&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslcontext.c (original) +++ tomcat/native/trunk/native/src/sslcontext.c Thu Aug 10 03:36:42 2017 @@ -1158,6 +1158,44 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, return rv; } +TCN_IMPLEMENT_CALL(jboolean, SSLContext, addClientCACertificateRaw)(TCN_STDARGS, jlong ctx, + jbyteArray javaCert) +{ + jsize lengthOfCert; + unsigned char *charCert; + X509 *cert; + const unsigned char *tmp; + + tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); + jboolean rv = JNI_TRUE; + char err[256]; + + /* we get the cert contents into a byte array */ + jbyte* bufferPtr = (*e)->GetByteArrayElements(e, javaCert, NULL); + lengthOfCert = (*e)->GetArrayLength(e, javaCert); + charCert = malloc(lengthOfCert); + memcpy(charCert, bufferPtr, lengthOfCert); + (*e)->ReleaseByteArrayElements(e, javaCert, bufferPtr, 0); + + UNREFERENCED(o); + TCN_ASSERT(ctx != 0); + + tmp = (const unsigned char *)charCert; + cert = d2i_X509(NULL, &tmp, lengthOfCert); + if (cert == NULL) { + ERR_error_string(SSL_ERR_get(), err); + tcn_Throw(e, "Error encoding allowed peer CA certificate (%s)", err); + rv = JNI_FALSE; + } else if (SSL_CTX_add_client_CA(c->ctx, cert) <= 0) { + ERR_error_string(SSL_ERR_get(), err); + tcn_Throw(e, "Error adding allowed peer CA certificate (%s)", err); + rv = JNI_FALSE; + } + + free(charCert); + return rv; +} + static int ssl_array_index(apr_array_header_t *array, const char *s) { @@ -2030,6 +2068,15 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, { UNREFERENCED_STDARGS; UNREFERENCED(ctx); + UNREFERENCED(javaCert); + return JNI_FALSE; +} + +TCN_IMPLEMENT_CALL(jboolean, SSLContext, addClientCACertificateRaw)(TCN_STDARGS, jlong ctx, + jbyteArray javaCert) +{ + UNREFERENCED_STDARGS; + UNREFERENCED(ctx); UNREFERENCED(javaCert); return JNI_FALSE; } Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1804622&r1=1804621&r2=1804622&view=diff ============================================================================== --- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Thu Aug 10 03:36:42 2017 @@ -36,6 +36,10 @@ </section> <section name="Changes in 1.2.13"> <changelog> + <add> + Add method to add a single CA certificate to the list of CA certificates + which are accepted as issuers of client certificates. (rjung) + </add> <fix> Fix an error not announcing the correct CA list for client certificates during TLS handshake. (rjung) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org