Author: rjung
Date: Thu Aug 10 03:36:42 2017
New Revision: 1804622
URL: http://svn.apache.org/viewvc?rev=1804622&view=rev
Log:
Add method "addClientCACertificateRaw" to add
a single CA certificate to the list of CA
certificates which are accepted as issuers of
client certificates.
Modified:
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1804622&r1=1804621&r2=1804622&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Thu Aug 10 03:36:42 2017
@@ -1158,6 +1158,44 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
return rv;
}
+TCN_IMPLEMENT_CALL(jboolean, SSLContext,
addClientCACertificateRaw)(TCN_STDARGS, jlong ctx,
+ jbyteArray
javaCert)
+{
+ jsize lengthOfCert;
+ unsigned char *charCert;
+ X509 *cert;
+ const unsigned char *tmp;
+
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ jboolean rv = JNI_TRUE;
+ char err[256];
+
+ /* we get the cert contents into a byte array */
+ jbyte* bufferPtr = (*e)->GetByteArrayElements(e, javaCert, NULL);
+ lengthOfCert = (*e)->GetArrayLength(e, javaCert);
+ charCert = malloc(lengthOfCert);
+ memcpy(charCert, bufferPtr, lengthOfCert);
+ (*e)->ReleaseByteArrayElements(e, javaCert, bufferPtr, 0);
+
+ UNREFERENCED(o);
+ TCN_ASSERT(ctx != 0);
+
+ tmp = (const unsigned char *)charCert;
+ cert = d2i_X509(NULL, &tmp, lengthOfCert);
+ if (cert == NULL) {
+ ERR_error_string(SSL_ERR_get(), err);
+ tcn_Throw(e, "Error encoding allowed peer CA certificate (%s)", err);
+ rv = JNI_FALSE;
+ } else if (SSL_CTX_add_client_CA(c->ctx, cert) <= 0) {
+ ERR_error_string(SSL_ERR_get(), err);
+ tcn_Throw(e, "Error adding allowed peer CA certificate (%s)", err);
+ rv = JNI_FALSE;
+ }
+
+ free(charCert);
+ return rv;
+}
+
static int ssl_array_index(apr_array_header_t *array,
const char *s)
{
@@ -2030,6 +2068,15 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
{
UNREFERENCED_STDARGS;
UNREFERENCED(ctx);
+ UNREFERENCED(javaCert);
+ return JNI_FALSE;
+}
+
+TCN_IMPLEMENT_CALL(jboolean, SSLContext,
addClientCACertificateRaw)(TCN_STDARGS, jlong ctx,
+ jbyteArray
javaCert)
+{
+ UNREFERENCED_STDARGS;
+ UNREFERENCED(ctx);
UNREFERENCED(javaCert);
return JNI_FALSE;
}
Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1804622&r1=1804621&r2=1804622&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Thu Aug 10 03:36:42
2017
@@ -36,6 +36,10 @@
</section>
<section name="Changes in 1.2.13">
<changelog>
+ <add>
+ Add method to add a single CA certificate to the list of CA certificates
+ which are accepted as issuers of client certificates. (rjung)
+ </add>
<fix>
Fix an error not announcing the correct CA list for client certificates
during TLS handshake. (rjung)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
