Author: mturk
Date: Tue Oct 25 11:35:50 2011
New Revision: 1188616
URL: http://svn.apache.org/viewvc?rev=1188616&view=rev
Log:
Set store flags
Modified:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1188616&r1=1188615&r2=1188616&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Oct
25 11:35:50 2011
@@ -438,9 +438,6 @@ ACR_SSL_EXPORT(void, SSLContext, setcrlc
c->crl_check = X509_V_FLAG_CRL_CHECK;
else if (ccmode == 2)
c->crl_check = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
-#if 0
- X509_STORE_set_flags(c->store, c->crl_check);
-#endif
}
ACR_SSL_EXPORT(void, SSLContext, setvmode0)(JNI_STDARGS, jlong ctx,
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c?rev=1188616&r1=1188615&r2=1188616&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/server.c Tue
Oct 25 11:35:50 2011
@@ -81,11 +81,20 @@ ACR_SSL_EXPORT(void, SSLServer, setctx0)
acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
- if (ssl_ctx_retain(c) != 0) {
- s->ctx = c;
- if (s->options != 0)
- SSL_CTX_set_options(c->ctx, s->options);
-
+ if (ssl_ctx_retain(c) == 0) {
+ /* XXX: Should we throw error here?
+ */
+ return;
+ }
+ s->ctx = c;
+ if (s->options != 0)
+ SSL_CTX_set_options(c->ctx, s->options);
+ if (c->store == 0)
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ if (c->crl_check != UNSET) {
+ X509_STORE_set_flags(c->store, c->crl_check);
+ if (c->crls != 0)
+ X509_STORE_set_flags(c->crls, c->crl_check);
}
}
@@ -93,19 +102,31 @@ ACR_SSL_EXPORT(void, SSLServer, setctx2)
{
acr_ssl_srv_t *s = J2P(srv, acr_ssl_srv_t *);
acr_ssl_ctx_t *c = J2P(ctx, acr_ssl_ctx_t *);
-
- if (ssl_ctx_retain(c) != 0) {
- s->ctx2 = c;
- if (s->options != 0)
- SSL_CTX_set_options(c->ctx, s->options);
- if (c->cipher_suite == 0 && s->ctx != 0 && s->ctx->cipher_suite != 0) {
- if (!SSL_CTX_set_cipher_list(c->ctx, s->ctx->cipher_suite)) {
- ssl_throw_errno(env, ACR_EX_ESSL);
- ssl_ctx_release(c);
- s->ctx2 = 0;
- }
+ int crl_check;
+
+ if (ssl_ctx_retain(c) == 0 || s->ctx == 0) {
+ /* XXX: Should we throw error here?
+ */
+ return;
+ }
+ s->ctx2 = c;
+ if (s->options != 0)
+ SSL_CTX_set_options(c->ctx, s->options);
+ if (c->cipher_suite == 0 && s->ctx->cipher_suite != 0) {
+ if (!SSL_CTX_set_cipher_list(c->ctx, s->ctx->cipher_suite)) {
+ ssl_throw_errno(env, ACR_EX_ESSL);
+ ssl_ctx_release(c);
+ s->ctx2 = 0;
}
}
+ if (c->store == 0)
+ c->store = SSL_CTX_get_cert_store(c->ctx);
+ crl_check = c->crl_check != UNSET ? c->crl_check : s->ctx->crl_check;
+ if (crl_check != UNSET) {
+ X509_STORE_set_flags(c->store, crl_check);
+ if (c->crls != 0)
+ X509_STORE_set_flags(c->crls, crl_check);
+ }
}
ACR_SSL_EXPORT(void, SSLServer, setoption0)(JNI_STDARGS, jlong srv,
