svn commit: r1804622 - in /tomcat/native/trunk: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

Wed, 09 Aug 2017 20:37:12 -0700 

Author: rjung
Date: Thu Aug 10 03:36:42 2017
New Revision: 1804622

URL: http://svn.apache.org/viewvc?rev=1804622&view=rev
Log:
Add method "addClientCACertificateRaw" to add
a single CA certificate to the list of CA
certificates which are accepted as issuers of
client certificates.

Modified:
    tomcat/native/trunk/native/src/sslcontext.c
    tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1804622&r1=1804621&r2=1804622&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Thu Aug 10 03:36:42 2017
@@ -1158,6 +1158,44 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
     return rv;
 }
 
+TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
addClientCACertificateRaw)(TCN_STDARGS, jlong ctx,
+                                                                    jbyteArray 
javaCert)
+{
+    jsize lengthOfCert;
+    unsigned char *charCert;
+    X509 *cert;
+    const unsigned char *tmp;
+
+    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+    jboolean rv = JNI_TRUE;
+    char err[256];
+
+    /* we get the cert contents into a byte array */
+    jbyte* bufferPtr = (*e)->GetByteArrayElements(e, javaCert, NULL);
+    lengthOfCert = (*e)->GetArrayLength(e, javaCert);
+    charCert = malloc(lengthOfCert);
+    memcpy(charCert, bufferPtr, lengthOfCert);
+    (*e)->ReleaseByteArrayElements(e, javaCert, bufferPtr, 0);
+
+    UNREFERENCED(o);
+    TCN_ASSERT(ctx != 0);
+
+    tmp = (const unsigned char *)charCert;
+    cert = d2i_X509(NULL, &tmp, lengthOfCert);
+    if (cert == NULL) {
+        ERR_error_string(SSL_ERR_get(), err);
+        tcn_Throw(e, "Error encoding allowed peer CA certificate (%s)", err);
+        rv = JNI_FALSE;
+    } else if (SSL_CTX_add_client_CA(c->ctx, cert) <= 0) {
+        ERR_error_string(SSL_ERR_get(), err);
+        tcn_Throw(e, "Error adding allowed peer CA certificate (%s)", err);
+        rv = JNI_FALSE;
+    }
+
+    free(charCert);
+    return rv;
+}
+
 static int ssl_array_index(apr_array_header_t *array,
                            const char *s)
 {
@@ -2030,6 +2068,15 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
 {
     UNREFERENCED_STDARGS;
     UNREFERENCED(ctx);
+    UNREFERENCED(javaCert);
+    return JNI_FALSE;
+}
+
+TCN_IMPLEMENT_CALL(jboolean, SSLContext, 
addClientCACertificateRaw)(TCN_STDARGS, jlong ctx,
+                                                                    jbyteArray 
javaCert)
+{
+    UNREFERENCED_STDARGS;
+    UNREFERENCED(ctx);
     UNREFERENCED(javaCert);
     return JNI_FALSE;
 }

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1804622&r1=1804621&r2=1804622&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Thu Aug 10 03:36:42 
2017
@@ -36,6 +36,10 @@
 </section>
 <section name="Changes in 1.2.13">
   <changelog>
+    <add>
+      Add method to add a single CA certificate to the list of CA certificates
+      which are accepted as issuers of client certificates. (rjung)
+    </add>
     <fix>
       Fix an error not announcing the correct CA list for client certificates
       during TLS handshake. (rjung)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to