On Fri, Oct 12, 2018 at 1:11 PM Rainer Jung <rainer.j...@kippdata.de> wrote:
> Am 10.10.2018 um 23:54 schrieb Mark Thomas: > > On 10/10/18 22:49, ma...@apache.org wrote: > >> Author: markt > >> Date: Wed Oct 10 21:49:55 2018 > >> New Revision: 1843514 > >> > >> URL: http://svn.apache.org/viewvc?rev=1843514&view=rev > >> Log: > >> Implement TLS 1.3 support for CLIENT-CERT when the APR/native connector > is not configured with certificateVerification="required" (i.e. the > equivalent of server initiated renegotiation to obtain a client cert) > >> > >> Modified: > >> tomcat/native/trunk/native/include/ssl_private.h > >> tomcat/native/trunk/native/src/sslnetwork.c > > > > There is a large amount of duplication in this commit for the above > > file. A C programmer with more skill than me can probably find a simple > > way to reduce it. > > I hope I have done it without breaking it in r1843645 and r1843651. It > compiles with OpenSSL 1.0.2, 1.1.0 and 1.1.1 and the refactoring isn't > very complex. Do you have an efficient way of testing whether I broke > reneg or PHA? > Nice, no more warnings for me, and it still builds with my obsolete OpenSSL 1.1.0. Rémy