Author: mturk
Date: Tue Sep 20 06:53:55 2011
New Revision: 1172997
URL: http://svn.apache.org/viewvc?rev=1172997&view=rev
Log:
Set common server options within server class
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Tue Sep 20 06:53:55 2011
@@ -60,13 +60,6 @@ public final class SSLContext extends Na
throws SSLException;
private static native void setvmode0(long ctx, int mode, int depth)
throws SSLException;
- private static native void setoption0(long ctx, int opt);
- private static native void clroption0(long ctx, int opt);
-
-
- private static final int SSL_COPT_NO_COMPRESSION = 1;
- private static final int SSL_COPT_NO_TICKET = 2;
- private static final int SSL_COPT_ALLOW_UNSAFE_RENEG = 3;
private SSLContext()
{
@@ -313,41 +306,5 @@ public final class SSLContext extends Na
}
}
- /**
- * Sets compression support.
- *
- * @param on if {@code true} don't use compression even if supported.
- */
- public void setNoCompression(boolean on)
- {
- if (on)
- setoption0(super.pointer, SSL_COPT_NO_COMPRESSION);
- else
- clroption0(super.pointer, SSL_COPT_NO_COMPRESSION);
- }
-
- /**
- * Disable use of RFC4507bis session tickets.
- */
- public void setNoTicket(boolean on)
- {
- if (on)
- setoption0(super.pointer, SSL_COPT_NO_TICKET);
- else
- clroption0(super.pointer, SSL_COPT_NO_TICKET);
- }
-
- /**
- * Enable use of legacy renegotiation (dangerous).
- *
- * @param on if {@code true} legacy renegotiation will be enabled.
- */
- public void allowLegacyRenegotiation(boolean on)
- {
- if (on)
- setoption0(super.pointer, SSL_COPT_ALLOW_UNSAFE_RENEG);
- else
- clroption0(super.pointer, SSL_COPT_ALLOW_UNSAFE_RENEG);
- }
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLServer.java
Tue Sep 20 06:53:55 2011
@@ -33,17 +33,23 @@ public final class SSLServer extends Nat
{
// Hide NativePointer
- private final long pointer = 0L;
- private final String hostId;
- private static native long new0(String name);
- private static native void close0(long srv);
- private static native void setctx0(long srv, long ctx);
- private static native void setopt0(long src, int opt, boolean on);
- private static native void setservname0(long src, String name);
-
- private SSLContext ctx1 = null;
- private SSLContext ctx2 = null;
- private String serverName;
+ private final long pointer = 0L;
+ private final String hostId;
+ private static native long new0(String name);
+ private static native void close0(long srv);
+ private static native void setctx0(long srv, long ctx);
+ private static native void setservname0(long src, String name);
+
+ private static native void setoption0(long srv, int opt, boolean on);
+ private static final int SSL_COPT_NO_COMPRESSION = 1;
+ private static final int SSL_COPT_NO_TICKET = 2;
+ private static final int SSL_COPT_ALLOW_UNSAFE_RENEG = 3;
+ private static final int SSL_COPT_TLSEXT_ALERT_FATAL = 4;
+
+ private SSLContext ctx1 = null;
+ private SSLContext ctx2 = null;
+ private String serverName;
+
private SSLServer()
{
hostId = null;
@@ -112,7 +118,7 @@ public final class SSLServer extends Nat
* @param ctx the context to set
* @return previous context or {@code null} if the context
* was not set already.
- * @throws IllegalStateException if server instance is invalid.
+ * @throws IllegalStateException if server is invalid or closed.
*/
public synchronized final SSLContext setContext(SSLContext ctx)
throws IllegalStateException
@@ -131,7 +137,7 @@ public final class SSLServer extends Nat
* @param name name to set.
*
* @throws NullPointerException if name is {@code null}.
- * @throws IllegalStateException if server instance is invalid.
+ * @throws IllegalStateException if server is invalid or closed.
*/
public void setServerName(String name)
throws IllegalStateException
@@ -143,19 +149,62 @@ public final class SSLServer extends Nat
serverName = name;
setservname0(super.pointer, name);
}
+
+ /**
+ * Sets compression support.
+ *
+ * @param on if {@code true} don't use compression even if supported.
+ * @throws IllegalStateException if server is invalid or closed.
+ */
+ public void setNoCompression(boolean on)
+ throws IllegalStateException
+ {
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ setoption0(super.pointer, SSL_COPT_NO_COMPRESSION, on);
+ }
+
+ /**
+ * Disable use of RFC4507bis session tickets.
+ * @throws IllegalStateException if server is invalid or closed.
+ */
+ public void setNoTicket(boolean on)
+ throws IllegalStateException
+ {
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ setoption0(super.pointer, SSL_COPT_NO_TICKET, on);
+ }
+
+ /**
+ * Enable use of legacy renegotiation (dangerous).
+ *
+ * @param on if {@code true} legacy renegotiation will be enabled.
+ * @throws IllegalStateException if server is invalid or closed.
+ */
+ public void allowLegacyRenegotiation(boolean on)
+ throws IllegalStateException
+ {
+ if (super.pointer == 0L)
+ throw new IllegalStateException();
+ setoption0(super.pointer, SSL_COPT_ALLOW_UNSAFE_RENEG, on);
+ }
+
/**
* On mismatch send fatal alert (default warning alert).
*
* @param on if {@code true} server will respond with fatal
* alert on servername mismatch.
* @throws IllegalStateException if server instance is invalid.
+ * @throws IllegalStateException if server is invalid or closed.
*/
public void setServerNameFatal(boolean on)
throws IllegalStateException
{
if (super.pointer == 0L)
throw new IllegalStateException();
- setopt0(super.pointer, 1, on);
+ setoption0(super.pointer, SSL_COPT_TLSEXT_ALERT_FATAL, on);
}
+
}
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Tue Sep 20
06:53:55 2011
@@ -173,6 +173,7 @@
#define SSL_COPT_NO_COMPRESSION 1
#define SSL_COPT_NO_TICKET 2
#define SSL_COPT_ALLOW_UNSAFE_RENEG 3
+#define SSL_COPT_TLSEXT_ALERT_FATAL 4
/*
* Define the SSL Protocol options
@@ -367,6 +368,7 @@ struct acr_ssl_srv_t {
char *servname;
acr_ssl_ctx_t *ctx;
acr_ssl_ctx_t *ctx2;
+ long options;
int enabled;
int tlsext_extension_error;
};
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Sep
20 06:53:55 2011
@@ -391,58 +391,3 @@ ACR_SSL_EXPORT(void, SSLContext, setscac
else
SSL_CTX_sess_set_cache_size(c->ctx, size);
}
-
-ACR_SSL_EXPORT(void, SSLContext, setoption0)(JNI_STDARGS, jlong ctx,
- jint opt)
-{
- long set = 0;
- acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
- switch (opt) {
- case SSL_COPT_NO_COMPRESSION:
-#ifdef SSL_OP_NO_COMPRESSION
- set = SSL_OP_NO_COMPRESSION;
-#endif
- break;
- case SSL_COPT_NO_TICKET:
-#ifndef OPENSSL_NO_TLSEXT
- set = SSL_OP_NO_TICKET;
-#endif
- break;
- case SSL_COPT_ALLOW_UNSAFE_RENEG:
- set = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- break;
-
- }
- if (set != 0 && (c->options & set) == 0) {
- SSL_CTX_set_options(c->ctx, set);
- c->options |= set;
- }
-}
-
-ACR_SSL_EXPORT(void, SSLContext, clroption0)(JNI_STDARGS, jlong ctx,
- jint opt)
-{
- long clr = 0;
- acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
- switch (opt) {
- case SSL_COPT_NO_COMPRESSION:
-#ifdef SSL_OP_NO_COMPRESSION
- clr = SSL_OP_NO_COMPRESSION;
-#endif
- break;
- case SSL_COPT_NO_TICKET:
-#ifndef OPENSSL_NO_TLSEXT
- clr = SSL_OP_NO_TICKET;
-#endif
- break;
- case SSL_COPT_ALLOW_UNSAFE_RENEG:
- clr = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- break;
- }
- if (clr != 0 && (c->options & clr) != 0) {
- SSL_CTX_clear_options(c->ctx, clr);
- c->options &= clr;
- }
-}
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1172997&r1=1172996&r2=1172997&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Tue
Sep 20 06:53:55 2011
@@ -58,29 +58,56 @@ ACR_SSL_EXPORT(void, SSLServer, close0)(
ACR_SSL_EXPORT(void, SSLServer, setctx0)(JNI_STDARGS, jlong srv, jlong ctx)
{
acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+
s->ctx = J2P(ctx, acr_ssl_ctx_t *);
+ if (s->ctx != 0 && s->options != 0)
+ SSL_CTX_set_options(s->ctx->ctx, s->options);
}
ACR_SSL_EXPORT(void, SSLServer, setctx2)(JNI_STDARGS, jlong srv, jlong ctx)
{
acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
+
s->ctx2 = J2P(ctx, acr_ssl_ctx_t *);
+ if (s->ctx2 != 0 && s->options != 0)
+ SSL_CTX_set_options(s->ctx2->ctx, s->options);
}
-ACR_SSL_EXPORT(void, SSLServer, setopt0)(JNI_STDARGS, jlong srv, jint opt,
jboolean on)
+ACR_SSL_EXPORT(void, SSLServer, setoption0)(JNI_STDARGS, jlong srv,
+ jint opt, jint on)
{
+ long set = 0L;
acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
switch (opt) {
- case 1:
+ case SSL_COPT_NO_COMPRESSION:
+#ifdef SSL_OP_NO_COMPRESSION
+ set = SSL_OP_NO_COMPRESSION;
+#endif
+ break;
+ case SSL_COPT_NO_TICKET:
+#ifndef OPENSSL_NO_TLSEXT
+ set = SSL_OP_NO_TICKET;
+#endif
+ break;
+ case SSL_COPT_ALLOW_UNSAFE_RENEG:
+ set = SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ break;
+ case SSL_COPT_TLSEXT_ALERT_FATAL:
#ifndef OPENSSL_NO_TLSEXT
if (on)
s->tlsext_extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
else
- s->tlsext_extension_error = 0;
+ s->tlsext_extension_error = 0;
#endif
break;
}
+ if (set != 0L) {
+ if (on)
+ s->options |= set;
+ else
+ s->options &= set;
+ }
}
ACR_SSL_EXPORT(void, SSLServer, setservname0)(JNI_STDARGS, jlong srv, jstring
name)
