svn commit: r1172581 - in /commons/sandbox/runtime/trunk/src/main: java/org/apache/commons/runtime/ssl/SSLContext.java native/include/acr/ssl.h native/modules/openssl/ctx.c

Mon, 19 Sep 2011 05:00:15 -0700 

Author: mturk
Date: Mon Sep 19 11:59:46 2011
New Revision: 1172581

URL: http://svn.apache.org/viewvc?rev=1172581&view=rev
Log:
Add generic set/clear context options api

Modified:
    
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c

Modified: 
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1172581&r1=1172580&r2=1172581&view=diff
==============================================================================
--- 
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
 (original)
+++ 
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
 Mon Sep 19 11:59:46 2011
@@ -61,6 +61,11 @@ public final class SSLContext extends Na
         throws SSLException;
     private static native void         setvmode0(long ctx, int mode, int depth)
         throws SSLException;
+    private static native void         setoption0(long ctx, int opt);
+    private static native void         clroption0(long ctx, int opt);
+
+
+    private static final int           SSL_COPT_NO_COMPRESSION = 1;
 
     private SSLContext()
     {
@@ -306,6 +311,18 @@ public final class SSLContext extends Na
             super.pointer = 0L;
         }
     }
-    
+
+    /**
+     * Sets compression support.
+     *
+     * @param on if {@code true} don't use compression even if supported.
+     */
+    public void setNoCompression(boolean on)
+    {
+        if (on)
+            setoption0(super.pointer, SSL_COPT_NO_COMPRESSION);
+        else
+            clroption0(super.pointer, SSL_COPT_NO_COMPRESSION);       
+    }
 }
 

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1172581&r1=1172580&r2=1172581&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Mon Sep 19 
11:59:46 2011
@@ -166,6 +166,9 @@
 #define SSL_OPT_OPTRENEGOTIATE  (1<<6)
 #define SSL_OPT_ALL             
(SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
 
+#define SSL_COPT_NO_COMPRESSION 1
+
+
 /*
  * Define the SSL Protocol options
  */
@@ -295,13 +298,13 @@ typedef struct acr_ssl_srv_t acr_ssl_srv
 typedef struct acr_ssl_ctx_t {
     acr_ssl_srv_t   *srv;
     SSL_CTX         *ctx;
-    BIO             *bio_os;
-    BIO             *bio_is;
-    unsigned char    context_id[MD5_DIGEST_LENGTH];
-
     int              protocol;
     int              mode;
     int              ssl_proxy;
+    long             options;
+    BIO             *bio_os;
+    BIO             *bio_is;
+    unsigned char    context_id[MD5_DIGEST_LENGTH];
 
     /* certificate revocation list */
     X509_STORE      *crls;

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1172581&r1=1172580&r2=1172581&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c 
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Mon Sep 
19 11:59:46 2011
@@ -26,13 +26,6 @@
 #error "Cannot compile this file without HAVE_OPENSSL defined"
 #endif
 
-/* anything will do */
-static struct {
-    int id;
-    int protocol;
-    int mode;
-} context_id;
-
 #define MAX_SESSION_ID_ATTEMPTS 10
 static int generate_session_id(const SSL *ssl, unsigned char *id,
                                unsigned int *id_len)
@@ -75,6 +68,7 @@ static int generate_session_id(const SSL
 
 ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
 {
+    unsigned char    context_id[32];
     acr_ssl_ctx_t   *c;
     CONST_SSL_METHOD *m = 0;
 
@@ -196,33 +190,37 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
 
     SSL_CTX_set_quiet_shutdown(c->ctx, 1);
     SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
-    if (protocol != SSL_PROTOCOL_SSLV2)
-        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
-    if (protocol != SSL_PROTOCOL_SSLV3)
-        SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+    if (protocol != SSL_PROTOCOL_SSLV2 && protocol != SSL_PROTOCOL_SSLV23)
+        c->options |= SSL_OP_NO_SSLv2;
+    if (protocol != SSL_PROTOCOL_SSLV3 && protocol != SSL_PROTOCOL_SSLV23)
+        c->options |= SSL_OP_NO_SSLv3;
     if (protocol != SSL_PROTOCOL_TLSV1)
-        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+        c->options |= SSL_OP_NO_TLSv1;
+#ifdef TLS1_1_VERSION
+    if (protocol != SSL_PROTOCOL_TLSV1_1)
+        c->options |= SSL_OP_NO_TLSv1_1;
+#endif
 #ifdef TLS1_2_VERSION
     if (protocol != SSL_PROTOCOL_TLSV1_2)
-        SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1_2);
+        c->options |= SSL_OP_NO_TLSv1_2;
 #endif
     /*
      * Configure additional context ingredients
      */
-    SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+    c->options |= SSL_OP_SINGLE_DH_USE;
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
     /*
      * Disallow a session from being resumed during a renegotiation,
      * so that an acceptable cipher suite can be negotiated.
      */
-    SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-#endif
+    c->options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
+#endif    
+    SSL_CTX_set_options(c->ctx, c->options);
     /* Default session context id and cache size */
     SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
-    context_id.id++;
-    context_id.protocol = protocol;
-    context_id.mode     = mode;
-    MD5((const unsigned char *)&context_id, sizeof(context_id), c->context_id);
+    /* Create unique context id */
+    memcpy(context_id, c, sizeof(context_id));
+    MD5(context_id, sizeof(context_id), c->context_id);
     if (mode != SSL_MODE_CLIENT) {
         SSL_CTX_set_tmp_rsa_callback(c->ctx, ssl_callback_tmp_rsa);
         SSL_CTX_set_tmp_dh_callback(c->ctx,  ssl_callback_tmp_dh);
@@ -393,3 +391,43 @@ ACR_SSL_EXPORT(void, SSLContext, setscac
     else        
         SSL_CTX_sess_set_cache_size(c->ctx, size);
 }
+
+ACR_SSL_EXPORT(void, SSLContext, setoption0)(JNI_STDARGS, jlong ctx,
+                                            jint opt)
+{
+    long set = 0;
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+
+    switch (opt) {
+        case SSL_COPT_NO_COMPRESSION:
+#ifdef SSL_OP_NO_COMPRESSION
+            if ((c->options & SSL_OP_NO_COMPRESSION) == 0)
+                set = SSL_OP_NO_COMPRESSION;
+#endif
+        break;
+    }
+    if (set != 0) {
+        SSL_CTX_set_options(c->ctx, set);
+        c->options |= set;
+    }
+}
+
+ACR_SSL_EXPORT(void, SSLContext, clroption0)(JNI_STDARGS, jlong ctx,
+                                            jint opt)
+{
+    long clr = 0;
+    acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
+
+    switch (opt) {
+        case SSL_COPT_NO_COMPRESSION:
+#ifdef SSL_OP_NO_COMPRESSION
+            if ((c->options & SSL_OP_NO_COMPRESSION) != 0)
+                clr = SSL_OP_NO_COMPRESSION;
+#endif
+        break;
+    }
+    if (clr != 0) {
+        SSL_CTX_clear_options(c->ctx, clr);
+        c->options &= clr;
+    }
+}

Reply via email to