Author: rjung
Date: Tue Feb 5 15:51:18 2013
New Revision: 1442633
URL: http://svn.apache.org/viewvc?rev=1442633&view=rev
Log:
Merge Java classes from TC trunk.
= r1292671 | costin | 2012-02-23 08:03:52 +0100 (Thu, 23 Feb 2012) | 6 lines
Add decompress support and the npn handler.
Assuming you compile the right jni library it should (basicaly) work with
chrome and firefox.
Lots of missing features: async/comet/websocket, recycle of various objects,
etc.
= r1299980 | costin | 2012-03-13 06:36:17 +0100 (Tue, 13 Mar 2012) | 8 lines
Based on AprEndpoint, an implmentation of non-blocking SSL sockets which is
thread safe for read/write.
It can be used for both client and server mode sockets, and it's independent of
the rest of tomcat.
It is in a separate package because it's a bit higher level than the raw jni
interfaces. Many settings
are missing ( could be added if needed - most are related to setup, but they
are not used in tomcat
spdy implementation ).
= r1300102 | markt | 2012-03-13 13:41:57 +0100 (Tue, 13 Mar 2012) | 8 lines
Code clean-up:
- one missing license header
- lots of trailing whitespace
- some unused imports
- an unnecessary cast
- some unnecessary code
Still need to fix the import checks
= r1241356 | costin | 2012-02-07 07:13:36 +0100 (Tue, 07 Feb 2012) | 6 lines
Add the new ssl methods from tomcat-native ( and few poll methods that seemed
to be missing ).
APR connector will not work unless you recompile tomcat-native ! ( it is ok to
use the current version of
openssl, but npn methods will not work )
= r1241406 | markt | 2012-02-07 11:08:02 +0100 (Tue, 07 Feb 2012) | 1 line
Fix EOL
= r1241407 | markt | 2012-02-07 11:09:44 +0100 (Tue, 07 Feb 2012) | 1 line
Remove whitespace from the ends of the lines
= r1242254 | markt | 2012-02-09 10:41:13 +0100 (Thu, 09 Feb 2012) | 1 line
Fix Javadoc warnings
= r1434905 | markt | 2013-01-17 21:41:19 +0100 (Thu, 17 Jan 2013) | 1 line
Trailing whitespace police
= r1437083 | schultz | 2013-01-22 19:30:45 +0100 (Tue, 22 Jan 2013) | 1 line
Added clearOptions native method.
Added:
tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLExt.java
(contents, props changed)
- copied, changed from r1241356,
tomcat/trunk/java/org/apache/tomcat/jni/SSLExt.java
tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/socket/
- copied from r1442622, tomcat/trunk/java/org/apache/tomcat/jni/socket/
Modified:
tomcat/native/branches/1.1.x/ (props changed)
tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java
tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java
tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLContext.java
Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
Merged
/tomcat/trunk:r1241356,1241406-1241407,1242254,1292671,1299980,1434905,1437083
Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java?rev=1442633&r1=1442632&r2=1442633&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java (original)
+++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/Poll.java Tue Feb
5 15:51:18 2013
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.jni;
/** Poll
@@ -22,7 +21,6 @@ package org.apache.tomcat.jni;
* @author Mladen Turk
* @version $Id$
*/
-
public class Poll {
/**
@@ -161,4 +159,20 @@ public class Poll {
*/
public static native int pollset(long pollset, long [] descriptors);
+ /**
+ * Make poll() return.
+ *
+ * @param pollset
+ * @return Negative APR error code
+ */
+ public static native int interrupt(long pollset);
+
+ /**
+ * Check if interrupt() is allowed.
+ *
+ * @param pollset
+ * @return <code>true</true> if {@link #interrupt(long)} is allowed, else
+ * <code>false</code>
+ */
+ public static native boolean wakeable(long pollset);
}
Modified: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java?rev=1442633&r1=1442632&r2=1442633&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSL.java Tue Feb 5
15:51:18 2013
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.jni;
/** SSL
@@ -22,7 +21,6 @@ package org.apache.tomcat.jni;
* @author Mladen Turk
* @version $Id$
*/
-
public final class SSL {
/*
@@ -138,6 +136,7 @@ public final class SSL {
public static final int SSL_OP_NO_SSLv2 =
0x01000000;
public static final int SSL_OP_NO_SSLv3 =
0x02000000;
public static final int SSL_OP_NO_TLSv1 =
0x04000000;
+ public static final int SSL_OP_NO_TICKET =
0x00004000;
/* The next flag deliberately changes the ciphertest, this is a check
* for the PKCS#1 attack */
@@ -342,14 +341,14 @@ public final class SSL {
/**
* Return true if all the requested SSL_OP_* are supported by OpenSSL.
- *
+ *
* <i>Note that for versions of tcnative < 1.1.25, this method will
* return <code>true</code> if and only if <code>op</code>=
* {@link #SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION} and tcnative
* supports that flag.</i>
*
* @param op Bitwise-OR of all SSL_OP_* to test.
- *
+ *
* @return true if all SSL_OP_* are supported by OpenSSL library.
*/
public static native boolean hasOp(int op);
Modified:
tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLContext.java?rev=1442633&r1=1442632&r2=1442633&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLContext.java
(original)
+++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLContext.java Tue
Feb 5 15:51:18 2013
@@ -90,6 +90,13 @@ public final class SSLContext {
public static native void setOptions(long ctx, int options);
/**
+ * Clears OpenSSL Options.
+ * @param ctx Server or Client context to use.
+ * @param options See SSL.SSL_OP_* for option flags.
+ */
+ public static native void clearOptions(long ctx, int options);
+
+ /**
* Sets the "quiet shutdown" flag for <b>ctx</b> to be
* <b>mode</b>. SSL objects created from <b>ctx</b> inherit the
* <b>mode</b> valid at the time and may be 0 or 1.
Copied: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLExt.java
(from r1241356, tomcat/trunk/java/org/apache/tomcat/jni/SSLExt.java)
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLExt.java?p2=tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLExt.java&p1=tomcat/trunk/java/org/apache/tomcat/jni/SSLExt.java&r1=1241356&r2=1442633&rev=1442633&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/jni/SSLExt.java (original)
+++ tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLExt.java Tue Feb
5 15:51:18 2013
@@ -14,43 +14,42 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.jni;
-/**
- * Support TLS extensions and extra methods.
- *
- * The methods are separated to make it easier for java code to
- * support existing native library - it can check if this class can
+/**
+ * Support TLS extensions and extra methods.
+ *
+ * The methods are separated to make it easier for java code to
+ * support existing native library - it can check if this class can
* be loaded in order to use the exensions.
*
* @author Costin Manolache
*/
public final class SSLExt {
-
+
/**
- * Set advertised NPN protocol.
+ * Set advertised NPN protocol.
* This is only available for recent or patched openssl.
- *
+ *
* Example: "\x06spdy/2"
- *
+ *
* Works with TLS1, doesn't with SSL2/SSL3
- *
- * Servers sends list in ServerHelo, client selects it and
+ *
+ * Servers sends list in ServerHelo, client selects it and
* sends it back after ChangeChipher
- *
+ *
* Not supported in 1.0.0, seems to be in 1.0.1 and after
*/
public static native int setNPN(long tcctx, byte[] proto, int len);
-
+
/**
- * Get other side's advertised protocols.
+ * Get other side's advertised protocols.
* Only works after handshake.
*/
public static native int getNPN(long tcsock, byte[] proto);
- /**
+ /**
* Enabling dump/debugging on the socket. Both raw and decrypted
* packets will be logged.
*/
@@ -61,59 +60,66 @@ public final class SSLExt {
* Must be saved, keyed by session ID.
*/
public static native byte[] getSessionData(long tcsock);
-
+
/**
* Server: Set the session data for a socket.
*/
public static native int setSessionData(long tcsock, byte[] data, int len);
-
-
-// /**
-// * Client: get the ticket received from server, if tickets are
supported.
-// */
-// public static native int getTicket(long tcsock, byte[] resBuf);
-//
-// /**
-// * Client: set the previously received ticket.
-// */
-// public static native int setTicket(long tcsock, byte[] data, int len);
-//
-// /**
-// * Set the key used by server to generate tickets.
-// * Key must be 48 bytes.
-// */
-// public static native int setTicketKeys(long ctx, byte[] data, int len);
-//
+
+
+ /**
+ * Client: get the ticket received from server, if tickets are supported.
+ */
+ public static native int getTicket(long tcsock, byte[] resBuf);
+
+ /**
+ * Client: set the previously received ticket.
+ */
+ public static native int setTicket(long tcsock, byte[] data, int len);
+
+ /**
+ * Set the key used by server to generate tickets.
+ * Key must be 48 bytes.
+ */
+ public static native int setTicketKeys(long ctx, byte[] data, int len);
+
/**
* For client side calls. Data should be a \0 terminated string
*/
public static native int setSNI(long tcsock, byte[] data, int len);
+ /**
+ * Return the last openssl error
+ */
+ public static native String sslErrReasonErrorString();
+
+ public static native long sslCtxSetMode(long ctx, long mode);
+
/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
* when just a single record has been written): */
- static final int SSL_MODE_ENABLE_PARTIAL_WRITE = 0x1;
-
+ public static final int SSL_MODE_ENABLE_PARTIAL_WRITE = 0x1;
+
/* Make it possible to retry SSL_write() with changed buffer location
* (buffer contents must stay the same!); this is not the default to avoid
* the misconception that non-blocking SSL_write() behaves like
* non-blocking write(): */
- static final int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 0x2;
+ public static final int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 0x2;
/* Don't attempt to automatically build certificate chain */
static final int SSL_MODE_NO_AUTO_CHAIN = 0x8;
/* Save RAM by releasing read and write buffers when they're empty. (SSL3
and
* TLS only.) "Released" buffers are put onto a free-list in the context
- * or just freed (depending on the context's setting for
freelist_max_len). */
- static final int SSL_MODE_SMALL_BUFFERS = 0x10;
-
+ * or just freed (depending on the context's setting for
freelist_max_len). */
+ public static final int SSL_MODE_RELEASE_BUFFERS = 0x10;
+
// 1.1
//static final int SSL_MODE_HANDSHAKE_CUTTHROUGH = ..;
/**
* SSL_set_mode
*/
- public static native int sslSetMode(long tcsock, int mode);
+ public static native long sslSetMode(long tcsock, long mode);
public static int setNPN(long sslContext, byte[] spdyNPN) {
try {
@@ -121,11 +127,11 @@ public final class SSLExt {
} catch (Throwable t) {
t.printStackTrace();
return -1;
- }
+ }
}
-
+
/**
- * Higher level method, checking if the specified protocol has been
+ * Higher level method, checking if the specified protocol has been
* negotiated.
*/
public static boolean checkNPN(long tcsocket, byte[] expected) {
@@ -144,10 +150,10 @@ public final class SSLExt {
if (expected[i] != npn[i]) {
return false;
}
- }
+ }
return true;
}
-
-
-
+
+
+
}
Propchange: tomcat/native/branches/1.1.x/java/org/apache/tomcat/jni/SSLExt.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
