cvs commit: jakarta-tomcat-connectors/jni/native/src sslutils.c
mturk 2005/06/11 00:02:15
Modified:jni/native/src sslutils.c
Log:
Implement verify callback mostly from mod_ssl.
See if the simpler implementation would be OK.
Revision ChangesPath
1.24 +203 -3jakarta-tomcat-connectors/jni/native/src/sslutils.c
Index: sslutils.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- sslutils.c8 Jun 2005 07:59:34 - 1.23
+++ sslutils.c11 Jun 2005 07:02:15 - 1.24
@@ -25,6 +25,7 @@
#include apr_portable.h
#include apr_thread_mutex.h
#include apr_strings.h
+#include apr_poll.h
#include tcn.h
@@ -463,15 +464,214 @@
return n;
}
+static int SSL_X509_STORE_lookup(X509_STORE *store, int yype,
+ X509_NAME *name, X509_OBJECT *obj)
+{
+X509_STORE_CTX ctx;
+int rc;
+
+X509_STORE_CTX_init(ctx, store, NULL, NULL);
+rc = X509_STORE_get_by_subject(ctx, yype, name, obj);
+X509_STORE_CTX_cleanup(ctx);
+return rc;
+}
+
+int SSL_callback_SSL_verify_CRL(int ok, X509_STORE_CTX *ctx, tcn_ssl_conn_t
*con)
+{
+X509_OBJECT obj;
+X509_NAME *subject, *issuer;
+X509 *cert;
+X509_CRL *crl;
+EVP_PKEY *pubkey;
+int i, n, rc;
+
+/*
+ * Unless a revocation store for CRLs was created we
+ * cannot do any CRL-based verification, of course.
+ */
+if (!con-ctx-crl) {
+return ok;
+}
+
+/*
+ * Determine certificate ingredients in advance
+ */
+cert= X509_STORE_CTX_get_current_cert(ctx);
+subject = X509_get_subject_name(cert);
+issuer = X509_get_issuer_name(cert);
+
+/*
+ * OpenSSL provides the general mechanism to deal with CRLs but does not
+ * use them automatically when verifying certificates, so we do it
+ * explicitly here. We will check the CRL for the currently checked
+ * certificate, if there is such a CRL in the store.
+ *
+ * We come through this procedure for each certificate in the certificate
+ * chain, starting with the root-CA's certificate. At each step we've to
+ * both verify the signature on the CRL (to make sure it's a valid CRL)
+ * and it's revocation list (to make sure the current certificate isn't
+ * revoked). But because to check the signature on the CRL we need the
+ * public key of the issuing CA certificate (which was already processed
+ * one round before), we've a little problem. But we can both solve it
and
+ * at the same time optimize the processing by using the following
+ * verification scheme (idea and code snippets borrowed from the GLOBUS
+ * project):
+ *
+ * 1. We'll check the signature of a CRL in each step when we find a CRL
+ *through the _subject_ name of the current certificate. This CRL
+ *itself will be needed the first time in the next round, of course.
+ *But we do the signature processing one round before this where the
+ *public key of the CA is available.
+ *
+ * 2. We'll check the revocation list of a CRL in each step when
+ *we find a CRL through the _issuer_ name of the current certificate.
+ *This CRLs signature was then already verified one round before.
+ *
+ * This verification scheme allows a CA to revoke its own certificate as
+ * well, of course.
+ */
+
+/*
+ * Try to retrieve a CRL corresponding to the _subject_ of
+ * the current certificate in order to verify it's integrity.
+ */
+memset((char *)obj, 0, sizeof(obj));
+rc = SSL_X509_STORE_lookup(con-ctx-crl,
+ X509_LU_CRL, subject, obj);
+crl = obj.data.crl;
+
+if ((rc 0) crl) {
+/*
+ * Log information about CRL
+ * (A little bit complicated because of ASN.1 and BIOs...)
+ */
+/*
+ * Verify the signature on this CRL
+ */
+pubkey = X509_get_pubkey(cert);
+rc = X509_CRL_verify(crl, pubkey);
+/* Only refcounted in OpenSSL */
+if (pubkey)
+EVP_PKEY_free(pubkey);
+if (rc = 0) {
+/* TODO: Log Invalid signature on CRL */
+X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
+X509_OBJECT_free_contents(obj);
+return 0;
+}
+
+/*
+ * Check date of CRL to make sure it's not expired
+ */
+i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
+
+if (i == 0) {
+/* TODO: Log Found CRL has invalid nextUpdate field */
+
+
cvs commit: jakarta-tomcat-connectors/jni/native/src sslnetwork.c
mturk 2005/06/11 00:02:56
Modified:jni/native/src sslnetwork.c
Log:
Use polleset for network events.
Revision ChangesPath
1.7 +78 -32jakarta-tomcat-connectors/jni/native/src/sslnetwork.c
Index: sslnetwork.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslnetwork.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sslnetwork.c 10 Jun 2005 18:42:42 - 1.6
+++ sslnetwork.c 11 Jun 2005 07:02:56 - 1.7
@@ -24,6 +24,7 @@
#include apr_file_io.h
#include apr_portable.h
#include apr_thread_mutex.h
+#include apr_poll.h
#include tcn.h
@@ -141,9 +142,12 @@
con-ctx = ctx;
con-ssl = ssl;
con-shutdown_type = ctx-shutdown_type;
+apr_pollset_create((con-pollset), 1, pool, 0);
+
apr_pool_cleanup_register(pool, (const void *)con,
ssl_socket_cleanup,
apr_pool_cleanup_null);
+SSL_set_app_data2(ssl, (void *)con);
#ifdef TCN_DO_STATISTICS
ssl_created++;
@@ -151,6 +155,42 @@
return con;
}
+static apr_status_t wait_for_io_or_timeout(tcn_ssl_conn_t *con,
+ apr_interval_time_t t,
+ int for_what)
+{
+apr_interval_time_t timeout = t;
+apr_pollfd_t pfd;
+int type = for_what == SSL_ERROR_WANT_WRITE ? APR_POLLOUT : APR_POLLIN;
+apr_status_t status;
+
+if (timeout 0)
+apr_socket_timeout_get(con-sock, timeout);
+pfd.desc_type = APR_POLL_SOCKET;
+pfd.desc.s = con-sock;
+pfd.reqevents = type;
+
+/* Remove the object if it was in the pollset, then add in the new
+ * object with the correct reqevents value. Ignore the status result
+ * on the remove, because it might not be in there (yet).
+ */
+apr_pollset_remove(con-pollset, pfd);
+
+/* ### check status code */
+apr_pollset_add(con-pollset, pfd);
+
+do {
+int numdesc;
+const apr_pollfd_t *pdesc;
+
+status = apr_pollset_poll(con-pollset, timeout, numdesc, pdesc);
+if (numdesc == 1 (pdesc[0].rtnevents type) != 0)
+return APR_SUCCESS;
+} while (APR_STATUS_IS_EINTR(status));
+
+return status;
+}
+
TCN_IMPLEMENT_CALL(jint, SSLSocket, shutdown)(TCN_STDARGS, jlong sock,
jint how)
{
@@ -230,7 +270,7 @@
apr_socket_t *sock=b-ptr;
printf(jbs_apr_write\n);
fflush(stdout);
-return(apr_socket_send(sock, in, j));
+return(apr_socket_send(sock, in, j));
}
static int jbs_apr_read(BIO *b, char *out, int outl)
@@ -262,7 +302,7 @@
fflush(stdout);
if (cmd==BIO_CTRL_FLUSH || cmd==BIO_CTRL_DUP)
return 1;
-else
+else
return 0;
}
static BIO_METHOD jbs_apr_methods = {
@@ -333,13 +373,14 @@
tcn_ThrowException(e, Create SSL_accept failed);
return 0;
}
-
+
cleanup:
return P2J(con);
}
-#else
-TCN_IMPLEMENT_CALL(jlong, SSLSocket, accept)(TCN_STDARGS, jlong ctx,
+#endif /* JFC_TEST */
+
+TCN_IMPLEMENT_CALL(jlong, SSLSocket, attach)(TCN_STDARGS, jlong ctx,
jlong sock, jlong pool)
{
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
@@ -359,40 +400,45 @@
con-sock = s;
SSL_set_fd(con-ssl, (int)oss);
-SSL_set_accept_state(con-ssl);
+if (c-mode)
+SSL_set_accept_state(con-ssl);
+else
+SSL_set_connect_state(con-ssl);
-/* TODO: Do SSL_accept() */
cleanup:
return P2J(con);
}
-#endif /* JFC_TEST */
-TCN_IMPLEMENT_CALL(jlong, SSLSocket, connect)(TCN_STDARGS, jlong ctx,
- jlong sock, jlong pool)
+TCN_IMPLEMENT_CALL(jint, SSLSocket, handshake)(TCN_STDARGS, jlong sock)
{
-tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
-apr_socket_t *s = J2P(sock, apr_socket_t *);
-apr_pool_t *p = J2P(pool, apr_pool_t *);
-tcn_ssl_conn_t *con;
-apr_os_sock_t oss;
-
-UNREFERENCED(o);
-TCN_ASSERT(pool != 0);
-TCN_ASSERT(ctx != 0);
+tcn_ssl_conn_t *con = J2P(sock, tcn_ssl_conn_t *);
+int s, i;
+apr_status_t rv;
+UNREFERENCED_STDARGS;
TCN_ASSERT(sock != 0);
-if ((con = ssl_create(e, c, p)) == NULL)
-return 0;
-TCN_THROW_IF_ERR(apr_os_sock_get(oss, s), c);
-con-sock = s;
-
-SSL_set_fd(con-ssl, (int)oss);
-SSL_set_connect_state(con-ssl);
-
-/* TODO: Do SSL_connect() */
-
-cleanup:
-return P2J(con);
+for (;;) {
+if ((s = SSL_do_handshake(con-ssl)) != 0) {
+
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c
mturk 2005/06/11 00:03:45
Modified:jni/examples/org/apache/tomcat/jni SSLServer.java
jni/java/org/apache/tomcat/jni SSLSocket.java
jni/native/include ssl_private.h
jni/native/os/netware system.c
jni/native/os/unix system.c
jni/native/os/win32 system.c
jni/native/src ssl.c sslcontext.c
Log:
Remove accept and connect. Use two new functions attach
and handshake.
Revision ChangesPath
1.5 +96 -4
jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/SSLServer.java
Index: SSLServer.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/examples/org/apache/tomcat/jni/SSLServer.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SSLServer.java9 Jun 2005 09:13:54 - 1.4
+++ SSLServer.java11 Jun 2005 07:03:45 - 1.5
@@ -17,12 +17,14 @@
public static String serverAddr = null;
public static int serverPort= 0;
public static int serverNmax= 0;
+public static int serverNrun= 0;
public static long serverPool = 0;
public static long serverCtx= 0;
public static String serverCert = null;
public static String serverKey = null;
public static String serverCiphers = null;
public static String serverPassword = null;
+private static Acceptor serverAcceptor = null;
private static Object threadLock = new Object();
@@ -58,15 +60,105 @@
SSLContext.setCipherSuite(serverCtx, serverCiphers);
/* Load Server key and certificate */
SSLContext.setCertificate(serverCtx, serverCert, serverKey,
serverPassword, SSL.SSL_AIDX_RSA);
-SSLContext.setVerifyDepth(serverCtx, 10);
-SSLContext.setVerifyClient(serverCtx, SSL.SSL_CVERIFY_REQUIRE);
-
+SSLContext.setVerify(serverCtx, SSL.SSL_CVERIFY_REQUIRE, 10);
+serverAcceptor = new Acceptor();
+serverAcceptor.start();
+
} catch (Exception e) {
e.printStackTrace();
}
}
+public static void incThreads() {
+synchronized(threadLock) {
+serverNrun++;
+}
+}
+
+public static void decThreads() {
+synchronized(threadLock) {
+serverNrun--;
+}
+}
+
+/* Acceptor thread. Listens for new connections */
+private class Acceptor extends Thread {
+private long serverSock = 0;
+private long inetAddress = 0;
+private long pool = 0;
+public Acceptor() throws Exception {
+try {
+
+pool = Pool.create(SSLServer.serverPool);
+System.out.println(Accepting: + SSLServer.serverAddr +
: +
+ SSLServer.serverPort);
+inetAddress = Address.info(SSLServer.serverAddr,
Socket.APR_INET,
+ SSLServer.serverPort, 0,
+ pool);
+serverSock = Socket.create(Socket.APR_INET,
Socket.SOCK_STREAM,
+ Socket.APR_PROTO_TCP, pool);
+long sa = Address.get(Socket.APR_LOCAL, serverSock);
+Sockaddr addr = new Sockaddr();
+if (Address.fill(addr, sa)) {
+System.out.println(Host: + addr.hostname);
+System.out.println(Server: + addr.servname);
+System.out.println(IP: + Address.getip(sa) +
+ : + addr.port);
+}
+int rc = Socket.bind(serverSock, inetAddress);
+if (rc != 0) {
+ throw(new Exception(Can't create Acceptor: bind: +
Error.strerror(rc)));
+}
+Socket.listen(serverSock, 5);
+}
+catch( Exception ex ) {
+ex.printStackTrace();
+throw(new Exception(Can't create Acceptor));
+}
+}
+public void run() {
+int i = 0;
+try {
+while (true) {
+long clientSock = Socket.accept(serverSock, pool);
+System.out.println(Accepted id: + i);
+
+try {
+long sa = Address.get(Socket.APR_REMOTE, clientSock);
+Sockaddr raddr = new Sockaddr();
+if (Address.fill(raddr, sa)) {
+System.out.println(Remote Host: +
Address.getnameinfo(sa, 0));
+System.out.println(Remote IP: +
Address.getip(sa) +
+
DO NOT REPLY [Bug 35320] - broken pdf
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35320. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35320 --- Additional Comments From [EMAIL PROTECTED] 2005-06-11 12:21 --- I have uploaded a working version of the file. It will take a few hours to sync with the main website. I'll close this report once the main web site is updated. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina Cluster.java ContainerListener.java Host.java LifecycleListener.java Request.java Response.java Session.java SessionListener.java
markt 2005/06/11 03:45:12 Modified:catalina/src/share/org/apache/catalina Cluster.java ContainerListener.java Host.java LifecycleListener.java Request.java Response.java Session.java SessionListener.java Log: Remove unused imports from o.a.c package Revision ChangesPath 1.7 +1 -3 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Cluster.java Index: Cluster.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Cluster.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- Cluster.java 26 Aug 2004 22:05:20 - 1.6 +++ Cluster.java 11 Jun 2005 10:45:12 - 1.7 @@ -17,8 +17,6 @@ package org.apache.catalina; -import java.beans.PropertyChangeListener; -import java.util.Collection; import org.apache.catalina.cluster.ClusterMemberInfo; import org.apache.catalina.cluster.ClusterReceiver; import org.apache.catalina.cluster.ClusterSender; 1.5 +1 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ContainerListener.java Index: ContainerListener.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ContainerListener.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ContainerListener.java26 Aug 2004 22:05:20 - 1.4 +++ ContainerListener.java11 Jun 2005 10:45:12 - 1.5 @@ -18,9 +18,6 @@ package org.apache.catalina; -import java.util.EventObject; - - /** * Interface defining a listener for significant Container generated events. * Note that container start and container stop events are normally 1.11 +1 -3 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Host.java Index: Host.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Host.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- Host.java 26 Aug 2004 22:05:20 - 1.10 +++ Host.java 11 Jun 2005 10:45:12 - 1.11 @@ -18,8 +18,6 @@ package org.apache.catalina; -import javax.servlet.ServletContext; - /** * A bHost/b is a Container that represents a virtual host in the * Catalina servlet engine. It is useful in the following types of scenarios: 1.5 +1 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/LifecycleListener.java Index: LifecycleListener.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/LifecycleListener.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- LifecycleListener.java26 Aug 2004 22:05:52 - 1.4 +++ LifecycleListener.java11 Jun 2005 10:45:12 - 1.5 @@ -18,9 +18,6 @@ package org.apache.catalina; -import java.util.EventObject; - - /** * Interface defining a listener for significant events (including component * start and component stop generated by a component that implements the 1.7 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Request.java Index: Request.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Request.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- Request.java 26 Aug 2004 22:05:53 - 1.6 +++ Request.java 11 Jun 2005 10:45:12 - 1.7 @@ -22,7 +22,6 @@ import java.io.IOException; import java.net.Socket; import java.util.Iterator; -import javax.servlet.ServletException; import javax.servlet.ServletInputStream; import javax.servlet.ServletRequest; 1.9 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Response.java Index: Response.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Response.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Response.java 26 Aug 2004 22:05:53 - 1.8 +++ Response.java 11 Jun 2005 10:45:12 - 1.9 @@ -21,7 +21,6 @@ import java.io.IOException; import java.io.OutputStream; import java.io.PrintWriter; -import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.ServletResponse; 1.7 +1 -3
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant DeployTask.java InstallTask.java ListTask.java ReloadTask.java RemoveTask.java ResourcesTask.java RolesTask.java StartTask.java StopTask.java UndeployTask.java
markt 2005/06/11 03:47:37 Modified:catalina/src/share/org/apache/catalina/ant DeployTask.java InstallTask.java ListTask.java ReloadTask.java RemoveTask.java ResourcesTask.java RolesTask.java StartTask.java StopTask.java UndeployTask.java Log: Remove unused imports from o.a.c.ant package Revision ChangesPath 1.4 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/DeployTask.java Index: DeployTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/DeployTask.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- DeployTask.java 26 Aug 2004 21:27:10 - 1.3 +++ DeployTask.java 11 Jun 2005 10:47:37 - 1.4 @@ -24,7 +24,6 @@ import java.net.URLConnection; import java.net.URLEncoder; import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /** 1.5 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/InstallTask.java Index: InstallTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/InstallTask.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- InstallTask.java 26 Aug 2004 21:27:10 - 1.4 +++ InstallTask.java 11 Jun 2005 10:47:37 - 1.5 @@ -20,7 +20,6 @@ import java.net.URLEncoder; import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /** 1.4 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/ListTask.java Index: ListTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/ListTask.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ListTask.java 26 Aug 2004 21:27:10 - 1.3 +++ ListTask.java 11 Jun 2005 10:47:37 - 1.4 @@ -19,7 +19,6 @@ import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /** 1.5 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/ReloadTask.java Index: ReloadTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/ReloadTask.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ReloadTask.java 26 Aug 2004 21:27:10 - 1.4 +++ ReloadTask.java 11 Jun 2005 10:47:37 - 1.5 @@ -20,7 +20,6 @@ import java.net.URLEncoder; import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /** 1.4 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/RemoveTask.java Index: RemoveTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/RemoveTask.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- RemoveTask.java 26 Aug 2004 21:27:10 - 1.3 +++ RemoveTask.java 11 Jun 2005 10:47:37 - 1.4 @@ -20,7 +20,6 @@ import java.net.URLEncoder; import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /** 1.4 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/ResourcesTask.java Index: ResourcesTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/ResourcesTask.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- ResourcesTask.java26 Aug 2004 21:27:10 - 1.3 +++ ResourcesTask.java11 Jun 2005 10:47:37 - 1.4 @@ -19,7 +19,6 @@ import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /** 1.3 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/RolesTask.java Index: RolesTask.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/ant/RolesTask.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- RolesTask.java26 Aug 2004 21:27:10 - 1.2 +++ RolesTask.java11 Jun 2005 10:47:37 - 1.3 @@ -19,7 +19,6 @@ import org.apache.tools.ant.BuildException; -import org.apache.tools.ant.Task; /**
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster MulticastReceiver.java MulticastSender.java StandardCluster.java
markt 2005/06/11 03:49:59 Modified:catalina/src/share/org/apache/catalina/cluster MulticastReceiver.java MulticastSender.java StandardCluster.java Log: Remove unused imports from o.a.c.cluster package Revision ChangesPath 1.7 +1 -7 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster/MulticastReceiver.java Index: MulticastReceiver.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster/MulticastReceiver.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- MulticastReceiver.java26 Aug 2004 21:28:18 - 1.6 +++ MulticastReceiver.java11 Jun 2005 10:49:59 - 1.7 @@ -19,15 +19,9 @@ import java.net.DatagramPacket; import java.net.InetAddress; import java.net.MulticastSocket; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.BufferedOutputStream; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.io.ObjectStreamClass; import java.util.Vector; 1.6 +1 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster/MulticastSender.java Index: MulticastSender.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster/MulticastSender.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- MulticastSender.java 26 Aug 2004 21:28:18 - 1.5 +++ MulticastSender.java 11 Jun 2005 10:49:59 - 1.6 @@ -19,13 +19,10 @@ import java.net.DatagramPacket; import java.net.InetAddress; import java.net.MulticastSocket; -import java.io.InputStream; -import java.io.OutputStream; import java.io.BufferedOutputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.ObjectOutputStream; -import java.io.ObjectStreamClass; /** 1.8 +1 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster/StandardCluster.java Index: StandardCluster.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/cluster/StandardCluster.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- StandardCluster.java 26 Aug 2004 21:28:18 - 1.7 +++ StandardCluster.java 11 Jun 2005 10:49:59 - 1.8 @@ -25,7 +25,6 @@ import org.apache.catalina.Cluster; import org.apache.catalina.Container; import org.apache.catalina.Lifecycle; -import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleListener; import org.apache.catalina.Logger; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17316] - taglib always returns null in first reocrd with pageContext.setAttribute
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=17316. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=17316 [EMAIL PROTECTED] changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution||WORKSFORME --- Additional Comments From [EMAIL PROTECTED] 2005-06-11 13:37 --- Your test case is in complete but with the necessary additions (such as a laglib definition in your JSP) it works exactly as expected. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35320] - broken pdf
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35320. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35320 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk glitches
The best way to make sure this bug gets fixed is to file a bug report. http://jakarta.apache.org/tomcat/bugreport.html Regards, Glenn On Thu, Jun 09, 2005 at 11:18:28PM -0600, Tom Anderson wrote: I should have trusted my instincts and not my math. A size_t (32 bits on most machines) rolls over at 4 GB, not 4 MB... d'oh! So this falls apart under a decent load, after a day or two in my case. I guess I'll be going back to the request method. For me, that should last about 1000 days before rolling over. I suggest that maybe doubles would be better for the read/write bytes. Although I still prefer a model that doesn't break at rollover (reset all counters or moving averages for example). On Jun 9, 2005, at 8:13 PM, Tom Anderson wrote: At first I thought maybe it was because transferred, readed (sic) and mytraffic are size_t and maybe one of them rolled over. But that would rollover at 4MB right? -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin AttributeTag.java
markt 2005/06/11 08:49:16
Modified:webapps/admin/WEB-INF/classes/org/apache/webapp/admin
AttributeTag.java
Log:
Improve error message so it is clear which resource is missing an attribute.
Revision ChangesPath
1.4 +3 -2
jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/AttributeTag.java
Index: AttributeTag.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/AttributeTag.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- AttributeTag.java 26 Aug 2004 22:00:35 - 1.3
+++ AttributeTag.java 11 Jun 2005 15:49:16 - 1.4
@@ -168,7 +168,8 @@
value = mserver.getAttribute(oname, attribute);
} catch (Throwable t) {
throw new JspException(Exception retrieving attribute ' +
- attribute + ');
+ attribute + ' from mbean ' +
+ oname.toString() + ');
}
// Render this value to our current output writer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin AttributeTag.java
markt 2005/06/11 08:53:16
Modified:webapps/admin/WEB-INF/classes/org/apache/webapp/admin
AttributeTag.java
Log:
Improve error message so it is clear which resource is missing an attribute.
Revision ChangesPath
1.4 +3 -2
jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/AttributeTag.java
Index: AttributeTag.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/AttributeTag.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- AttributeTag.java 27 Feb 2004 14:59:01 - 1.3
+++ AttributeTag.java 11 Jun 2005 15:53:16 - 1.4
@@ -168,7 +168,8 @@
value = mserver.getAttribute(oname, attribute);
} catch (Throwable t) {
throw new JspException(Exception retrieving attribute ' +
- attribute + ');
+ attribute + ' from mbean ' +
+ oname.toString() + ');
}
// Render this value to our current output writer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 23325] - displaying data source for a context resource results in exception
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=23325. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=23325 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WORKSFORME --- Additional Comments From [EMAIL PROTECTED] 2005-06-11 17:53 --- This works for me. Please follow up on Tomcat user if you are still experiencing problems. A few things to note are: - In 4.1.x a context.xml in META-INF is only used by the ManagerServlet during deployment - a resource-ref in web.xml that refers to a resource that does not exist will cause an error that looks like this. I have improved the error message when this occurs so it is easier to see which resource is not properly defined. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni SSL.java
mturk 2005/06/11 11:16:42 Modified:jni/java/org/apache/tomcat/jni SSL.java Log: Add getLastError function, that returns the last SSL error as string Revision ChangesPath 1.17 +6 -2 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java Index: SSL.java === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- SSL.java 10 Jun 2005 06:44:35 - 1.16 +++ SSL.java 11 Jun 2005 18:16:42 - 1.17 @@ -261,5 +261,9 @@ * @param file File contatining DH params. */ public static native boolean loadDSATempKey(int idx, String file); - + +/** + * Return last SSL error string + */ +public static native String getLastError(); } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni SSLContext.java
mturk 2005/06/11 11:18:13 Modified:jni/java/org/apache/tomcat/jni SSLContext.java Log: Rename setVhostId to setContextId. This is not neccesary a vhost name, but can be any string idendifying context, to suppress cross context sessions. Revision ChangesPath 1.19 +3 -3 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java Index: SSLContext.java === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- SSLContext.java 10 Jun 2005 07:53:24 - 1.18 +++ SSLContext.java 11 Jun 2005 18:18:13 - 1.19 @@ -54,11 +54,11 @@ public static native int free(long ctx); /** - * Set Virtual host id. Usually host:port combination. + * Set Session context id. Usually host:port combination. * @param ctx Context to use. * @param id String that uniquely identifies this context. */ -public static native void setVhostId(long ctx, String id); +public static native void setContextId(long ctx, String id); /** * Asssociate BIOCallback for input or output data capture. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/include ssl_private.h
mturk 2005/06/11 11:20:10 Modified:jni/native/include ssl_private.h Log: Add pointer to the context very store, so we could know if the setCACertificate was called. Revision ChangesPath 1.26 +4 -2 jakarta-tomcat-connectors/jni/native/include/ssl_private.h Index: ssl_private.h === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- ssl_private.h 11 Jun 2005 07:03:45 - 1.25 +++ ssl_private.h 11 Jun 2005 18:20:10 - 1.26 @@ -179,7 +179,7 @@ BIO *bio_os; BIO *bio_is; -unsigned char vhost_id[MD5_DIGEST_LENGTH]; +unsigned char context_id[MD5_DIGEST_LENGTH]; int protocol; /* we are one or the other */ @@ -187,6 +187,8 @@ /* certificate revocation list */ X509_STORE *crl; +/* pointer to the context verify store */ +X509_STORE *store; const char *cert_files[SSL_AIDX_MAX]; const char *key_files[SSL_AIDX_MAX]; X509*certs[SSL_AIDX_MAX]; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/include tcn.h
mturk 2005/06/11 11:21:12 Modified:jni/native/include tcn.h Log: Temporary enable statistics. Revision ChangesPath 1.16 +2 -1 jakarta-tomcat-connectors/jni/native/include/tcn.h Index: tcn.h === RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/tcn.h,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- tcn.h 10 Jun 2005 07:06:10 - 1.15 +++ tcn.h 11 Jun 2005 18:21:12 - 1.16 @@ -26,6 +26,7 @@ #error Missing APR_HAS_THREADS support from APR. #endif +#define TCN_DO_STATISTICS 1 #include jni.h #if defined(_DEBUG) || defined(DEBUG) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c
mturk 2005/06/11 11:22:25
Modified:jni/native/src ssl.c sslcontext.c
Log:
Native part of changes in SSL.java and SSLContext.java
Revision ChangesPath
1.33 +9 -1 jakarta-tomcat-connectors/jni/native/src/ssl.c
Index: ssl.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- ssl.c 11 Jun 2005 07:03:45 - 1.32
+++ ssl.c 11 Jun 2005 18:22:25 - 1.33
@@ -760,6 +760,14 @@
return r;
}
+TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS)
+{
+char buf[256];
+UNREFERENCED(o);
+ERR_error_string(ERR_get_error(), buf);
+return tcn_new_string(e, buf, -1);
+}
+
#else
/* OpenSSL is not supported
* If someday we make OpenSSL optional
1.34 +16 -6 jakarta-tomcat-connectors/jni/native/src/sslcontext.c
Index: sslcontext.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- sslcontext.c 11 Jun 2005 07:03:45 - 1.33
+++ sslcontext.c 11 Jun 2005 18:22:25 - 1.34
@@ -145,11 +145,11 @@
*/
SSL_CTX_set_options(c-ctx,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
-/* Default vhost id and cache size */
+/* Default session context id and cache size */
SSL_CTX_sess_set_cache_size(c-ctx, SSL_DEFAULT_CACHE_SIZE);
MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
(unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
-(c-vhost_id[0]));
+(c-context_id[0]));
if (mode) {
SSL_CTX_set_tmp_rsa_callback(c-ctx, SSL_callback_tmp_RSA);
SSL_CTX_set_tmp_dh_callback(c-ctx, SSL_callback_tmp_DH);
@@ -185,8 +185,8 @@
return apr_pool_cleanup_run(c-pool, c, ssl_context_cleanup);
}
-TCN_IMPLEMENT_CALL(void, SSLContext, setVhostId)(TCN_STDARGS, jlong ctx,
- jstring id)
+TCN_IMPLEMENT_CALL(void, SSLContext, setContextId)(TCN_STDARGS, jlong ctx,
+ jstring id)
{
tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
TCN_ALLOC_CSTRING(id);
@@ -196,7 +196,7 @@
if (J2S(id)) {
MD5((const unsigned char *)J2S(id),
(unsigned long)strlen(J2S(id)),
-(c-vhost_id[0]));
+(c-context_id[0]));
}
TCN_FREE_CSTRING(id);
}
@@ -363,6 +363,7 @@
rv = JNI_FALSE;
goto cleanup;
}
+c-store = SSL_CTX_get_cert_store(c-ctx);
if (c-mode) {
STACK_OF(X509_NAME) *ca_certs;
c-ca_certs++;
@@ -425,6 +426,15 @@
if ((c-verify_mode == SSL_CVERIFY_OPTIONAL) ||
(c-verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
verify |= SSL_VERIFY_PEER;
+if (!c-store) {
+if (SSL_CTX_set_default_verify_paths(c-ctx)) {
+c-store = SSL_CTX_get_cert_store(c-ctx);
+X509_STORE_set_flags(c-store, 0);
+}
+else {
+/* XXX: See if this is fatal */
+}
+}
SSL_CTX_set_verify(c-ctx, verify, SSL_callback_SSL_verify);
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/src sslutils.c
mturk 2005/06/11 11:24:17
Modified:jni/native/src sslutils.c
Log:
Temporary enable verification if client CA was not found.
Revision ChangesPath
1.25 +16 -19jakarta-tomcat-connectors/jni/native/src/sslutils.c
Index: sslutils.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- sslutils.c11 Jun 2005 07:02:15 - 1.24
+++ sslutils.c11 Jun 2005 18:24:17 - 1.25
@@ -464,7 +464,7 @@
return n;
}
-static int SSL_X509_STORE_lookup(X509_STORE *store, int yype,
+static int ssl_X509_STORE_lookup(X509_STORE *store, int yype,
X509_NAME *name, X509_OBJECT *obj)
{
X509_STORE_CTX ctx;
@@ -476,7 +476,7 @@
return rc;
}
-int SSL_callback_SSL_verify_CRL(int ok, X509_STORE_CTX *ctx, tcn_ssl_conn_t
*con)
+static int ssl_verify_CRL(int ok, X509_STORE_CTX *ctx, tcn_ssl_conn_t *con)
{
X509_OBJECT obj;
X509_NAME *subject, *issuer;
@@ -486,14 +486,6 @@
int i, n, rc;
/*
- * Unless a revocation store for CRLs was created we
- * cannot do any CRL-based verification, of course.
- */
-if (!con-ctx-crl) {
-return ok;
-}
-
-/*
* Determine certificate ingredients in advance
*/
cert= X509_STORE_CTX_get_current_cert(ctx);
@@ -536,7 +528,7 @@
* the current certificate in order to verify it's integrity.
*/
memset((char *)obj, 0, sizeof(obj));
-rc = SSL_X509_STORE_lookup(con-ctx-crl,
+rc = ssl_X509_STORE_lookup(con-ctx-crl,
X509_LU_CRL, subject, obj);
crl = obj.data.crl;
@@ -590,7 +582,7 @@
* the current certificate in order to check for revocation.
*/
memset((char *)obj, 0, sizeof(obj));
-rc = SSL_X509_STORE_lookup(con-ctx-crl,
+rc = ssl_X509_STORE_lookup(con-ctx-crl,
X509_LU_CRL, issuer, obj);
crl = obj.data.crl;
@@ -641,15 +633,17 @@
return 1;
if (SSL_VERIFY_ERROR_IS_OPTIONAL(errnum)
-(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
-ok = TRUE;
-
+(verify == SSL_CVERIFY_OPTIONAL_NO_CA)) {
+ok = 1;
+SSL_set_verify_result(ssl, X509_V_OK);
+}
/*
* Additionally perform CRL-based revocation checks
*/
-if (ok) {
-if (!(ok = SSL_callback_SSL_verify_CRL(ok, ctx, con))) {
+if (ok con-ctx-crl) {
+if (!(ok = ssl_verify_CRL(ok, ctx, con))) {
errnum = X509_STORE_CTX_get_error(ctx);
+/* TODO: Log something */
}
}
/*
@@ -670,7 +664,10 @@
*/
ok = 0;
}
-
+#if 1
+else if (!ok)
+ok = 1;
+#endif
return ok;
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jni/native/src sslnetwork.c
mturk 2005/06/11 11:25:23
Modified:jni/native/src sslnetwork.c
Log:
Add needed callbacks for server mode, and fix the handshake.
Revision ChangesPath
1.8 +37 -24jakarta-tomcat-connectors/jni/native/src/sslnetwork.c
Index: sslnetwork.c
===
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslnetwork.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- sslnetwork.c 11 Jun 2005 07:02:56 - 1.7
+++ sslnetwork.c 11 Jun 2005 18:25:23 - 1.8
@@ -147,7 +147,19 @@
apr_pool_cleanup_register(pool, (const void *)con,
ssl_socket_cleanup,
apr_pool_cleanup_null);
-SSL_set_app_data2(ssl, (void *)con);
+SSL_set_app_data(ssl, (void *)con);
+
+if (ctx-mode) {
+/*
+ * Configure callbacks for SSL connection
+ */
+SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA);
+SSL_set_tmp_dh_callback(ssl, SSL_callback_tmp_DH);
+SSL_set_session_id_context(ssl, (ctx-context_id[0]),
+ MD5_DIGEST_LENGTH);
+}
+SSL_set_verify_result(ssl, X509_V_OK);
+
#ifdef TCN_DO_STATISTICS
ssl_created++;
@@ -156,16 +168,14 @@
}
static apr_status_t wait_for_io_or_timeout(tcn_ssl_conn_t *con,
- apr_interval_time_t t,
int for_what)
{
-apr_interval_time_t timeout = t;
+apr_interval_time_t timeout;
apr_pollfd_t pfd;
int type = for_what == SSL_ERROR_WANT_WRITE ? APR_POLLOUT : APR_POLLIN;
apr_status_t status;
-if (timeout 0)
-apr_socket_timeout_get(con-sock, timeout);
+apr_socket_timeout_get(con-sock, timeout);
pfd.desc_type = APR_POLL_SOCKET;
pfd.desc.s = con-sock;
pfd.reqevents = type;
@@ -418,25 +428,28 @@
TCN_ASSERT(sock != 0);
for (;;) {
-if ((s = SSL_do_handshake(con-ssl)) != 0) {
-i = SSL_get_error(con-ssl, s);
-switch (i) {
-case SSL_ERROR_NONE:
-return APR_SUCCESS;
-break;
-case SSL_ERROR_WANT_READ:
-case SSL_ERROR_WANT_WRITE:
-if ((rv = wait_for_io_or_timeout(con, -1, i)) !=
APR_SUCCESS) {
-return rv;
-}
-break;
-default:
-return SSL_TO_APR_ERROR(i);
-break;
-}
-}
-else
+s = SSL_do_handshake(con-ssl);
+i = SSL_get_error(con-ssl, s);
+switch (i) {
+case SSL_ERROR_NONE:
+return APR_SUCCESS;
break;
+case SSL_ERROR_WANT_READ:
+case SSL_ERROR_WANT_WRITE:
+if ((rv = wait_for_io_or_timeout(con, i)) != APR_SUCCESS) {
+return rv;
+}
+break;
+case SSL_ERROR_SYSCALL:
+s = apr_get_netos_error();
+if (!APR_STATUS_IS_EAGAIN(s)
+!APR_STATUS_IS_EINTR(s))
+return s;
+break;
+default:
+return SSL_TO_APR_ERROR(i);
+break;
+}
}
return APR_SUCCESS;
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Building question
I just tried to build a fresh copy of j-t-c/jni/native on my Solaris7 box, and it fails miserably ;-). It looks like it needs to include -fpic, but I can't see how to do it (CFLAGS doesn't work). The OpenSSL libraries are libssl.a and libcrypto.a. With the pathetic security performance of OpenSSL, I wouldn't trust it any other way ;-). This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34389] - Tomcat 5.5.9 Cluster fix pack
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34389. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34389 [EMAIL PROTECTED] changed: What|Removed |Added URL||http://localhost:8080/jsp- ||examples/ViewDiscussion.jsp Status|NEW |NEEDINFO OS/Version|other |Windows XP --- Additional Comments From [EMAIL PROTECTED] 2005-06-12 05:21 --- Please help me to fix the bug. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35333] New: - HTTP STATUS 500
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35333. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35333 Summary: HTTP STATUS 500 Product: Tomcat 5 Version: 5.5.9 Platform: Other URL: http://localhost:8080/jsp-examples/ViewDiscussion.jsp OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Unknown AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] The bug appear.I dont know how to fix it so i can view the value that i wanted. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35333] - HTTP STATUS 500
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35333. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35333 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
