Author: costin
Date: Wed Feb 22 04:52:15 2012
New Revision: 1292127
URL: http://svn.apache.org/viewvc?rev=1292127&view=rev
Log:
Use fixed len for the buffers. Add back the code for getting/setting tickets.
Modified:
tomcat/native/trunk/native/src/sslext.c
Modified: tomcat/native/trunk/native/src/sslext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslext.c?rev=1292127&r1=1292126&r2=1292127&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslext.c (original)
+++ tomcat/native/trunk/native/src/sslext.c Wed Feb 22 04:52:15 2012
@@ -33,11 +33,14 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setSess
{
tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
- unsigned char bytes[len];
- const unsigned char *bytesp = &bytes[0];
+ jbyte bytes[TCN_BUFFER_SZ];
+ const jbyte *bytesp = &bytes[0];
+ if (len > TCN_BUFFER_SZ) {
+ return -1;
+ }
(*e)->GetByteArrayRegion(e, buf, 0, len, bytes);
- SSL_SESSION* ssl_session = d2i_SSL_SESSION(NULL, &bytesp, len);
+ SSL_SESSION* ssl_session = d2i_SSL_SESSION(NULL, (const unsigned char
**)&bytesp, len);
SSL_set_session(tcssl->ssl, ssl_session);
return 0;
@@ -50,14 +53,14 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSLExt, g
SSL_SESSION *sess = SSL_get_session(tcssl->ssl);
int size = i2d_SSL_SESSION(sess, NULL);
- if (size == 0) {
+ if (size == 0 || size > TCN_BUFFER_SZ) {
return NULL;
}
jbyteArray javaBytes = (*e)->NewByteArray(e, size);
if (javaBytes != NULL) {
- unsigned char bytes[size];
- unsigned char *bytesp = &bytes[0];
+ jbyte bytes[TCN_BUFFER_SZ];
+ unsigned char *bytesp = (unsigned char *)&bytes[0];
i2d_SSL_SESSION(sess, &bytesp);
(*e)->SetByteArrayRegion(e, javaBytes, 0, size, bytes);
@@ -66,8 +69,6 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSLExt, g
return javaBytes;
}
-#ifdef EXP_TICKETS
-// Experimenting with tickets
TCN_IMPLEMENT_CALL(jint, SSLExt, getTicket)(TCN_STDARGS, jlong tcsock,
jbyteArray buf)
{
tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
@@ -79,7 +80,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, getTick
if (!x->tlsext_tick || x->tlsext_ticklen > bufLen) {
return 0;
}
- (*e)->SetByteArrayRegion(e, buf, 0, x->tlsext_ticklen,
&x->tlsext_tick[0]);
+ (*e)->SetByteArrayRegion(e, buf, 0, x->tlsext_ticklen, (jbyte *)
&x->tlsext_tick[0]);
return x->tlsext_ticklen;
}
@@ -91,7 +92,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setTick
tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
char * requestedTicket = apr_pcalloc(tcssl->pool, len);
- (*e)->GetByteArrayRegion(e, buf, 0, len, requestedTicket);
+ (*e)->GetByteArrayRegion(e, buf, 0, len, (jbyte *) requestedTicket);
SSL_set_session_ticket_ext(tcssl->ssl, requestedTicket, len);
return 0;
}
@@ -101,12 +102,11 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setTick
tcn_ssl_ctxt_t *sslctx = J2P(tc_ssl_ctx, tcn_ssl_ctxt_t *);
unsigned char keys[48];
- (*e)->GetByteArrayRegion(e, buf, 0, 48, keys);
+ (*e)->GetByteArrayRegion(e, buf, 0, 48, (jbyte *) keys);
SSL_CTX_set_tlsext_ticket_keys(sslctx->ctx, keys, sizeof(keys));
return 0;
}
-#endif
// Debug code - copied from openssl app
@@ -420,21 +420,6 @@ void msg_cb(int write_p, int version, in
(void)BIO_flush(bio);
}
-/*
- TCN_IMPLEMENT_CALL(jint, SSLSocket, setTlsHostname)(TCN_STDARGS, jlong sock,
- jbyteArray buf, jint offset, jint tosend)
- {
- //SSL_set_tlsext_host_name
- return 0;
- }
-
- TCN_IMPLEMENT_CALL(jString, SSLSocket, getTlsHostname)(TCN_STDARGS, jlong
sock,
- jbyteArray buf, jint offset, jint tosend)
- {
- return NULL;
- }
- */
-
TCN_IMPLEMENT_CALL(jint, SSLExt, debug)(TCN_STDARGS, jlong tcsock)
{
tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
@@ -484,7 +469,6 @@ TCN_IMPLEMENT_CALL( jbyteArray, SSLExt,
return (jint)-APR_ENOTIMPL;
}
-#ifdef EXP_TICKETS
TCN_IMPLEMENT_CALL( jint, SSLExt, getTicket)(TCN_STDARGS, jlong tcsock,
jbyteArray buf)
{
return (jint)-APR_ENOTIMPL;
@@ -499,7 +483,6 @@ TCN_IMPLEMENT_CALL( jint, SSLExt, setTic
{
return (jint)-APR_ENOTIMPL;
}
-#endif
TCN_IMPLEMENT_CALL( jint, SSLExt, sslSetMode)(TCN_STDARGS, jlong tc_ssl_ctx,
jint mode)
{
@@ -514,9 +497,12 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, setSNI)
{
tcn_socket_t *s = J2P(tcsock, tcn_socket_t *);
tcn_ssl_conn_t *tcssl = (tcn_ssl_conn_t *)s->opaque;
- unsigned char bytes[len];
+ unsigned char bytes[TCN_BUFFER_SZ];
const unsigned char *bytesp = &bytes[0];
+ if (len > TCN_BUFFER_SZ) {
+ return -1;
+ }
(*e)->GetByteArrayRegion(e, buf, 0, len, bytes);
SSL_set_tlsext_host_name(tcssl->ssl, &bytesp);
return 0;
@@ -609,7 +595,7 @@ TCN_IMPLEMENT_CALL(jint, SSLExt, getNPN)
#else
-TCN_IMPLEMENT_CALL(jlong, SSLExt, setNPN)(TCN_STDARGS, jlong tc_ssl_ctx,
+TCN_IMPLEMENT_CALL(jint, SSLExt, setNPN)(TCN_STDARGS, jlong tc_ssl_ctx,
jbyteArray buf, jint len)
{
return (jint)-APR_ENOTIMPL;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
