Author: mturk
Date: Tue Sep 13 19:59:36 2011
New Revision: 1170326
URL: http://svn.apache.org/viewvc?rev=1170326&view=rev
Log:
Create almost complete ssl context
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLContext.java
Tue Sep 13 19:59:36 2011
@@ -33,13 +33,19 @@ public final class SSLContext extends Na
// Hide NativePointer
private final long pointer = 0L;
- private static native long new0();
+ private static native long new0(int protocol, int mode);
+
+ private SSLContext()
+ {
+ // No instance
+ }
+
/**
* Creates a new object instance.
*/
- public SSLContext()
+ public SSLContext(SSLProtocolMethod method, SSLProtocolMode mode)
{
- super.pointer = new0();
+ super.pointer = new0(method.valueOf(), mode.valueOf());
}
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/SSLProtocolMethod.java
Tue Sep 13 19:59:36 2011
@@ -42,9 +42,17 @@ public enum SSLProtocolMethod
*/
TLSv1( 4),
/**
+ * TLSv1.1.
+ */
+ TLSv11( 5),
+ /**
+ * TLSv1.2.
+ */
+ TLSv12( 6),
+ /**
* DTLSv1.0.
*/
- DTLSv1( 5);
+ DTLSv1( 7);
private int value;
private SSLProtocolMethod(int v)
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Tue Sep 13
19:59:36 2011
@@ -157,7 +157,9 @@
#define SSL_PROTOCOL_SSLV3 2
#define SSL_PROTOCOL_SSLV23 3
#define SSL_PROTOCOL_TLSV1 4
-#define SSL_PROTOCOL_DTLSV1 5
+#define SSL_PROTOCOL_TLSV11 5
+#define SSL_PROTOCOL_TLSV12 6
+#define SSL_PROTOCOL_DTLSV1 7
#define SSL_MODE_CLIENT 0
#define SSL_MODE_SERVER 1
@@ -166,6 +168,7 @@
#define SSL_BIO_FLAG_RDONLY 1
#define SSL_BIO_FLAG_CALLBACK 2
#define SSL_DEFAULT_CACHE_SIZE 256
+#define SSL_DEFAULT_VHOST_NAME "unknown:443"
#define SSL_MAX_STR_LEN 2048
#define SSL_CVERIFY_UNSET (-1)
@@ -361,6 +364,7 @@ void ssl_init_app_data2_idx(void)
void *ssl_get_app_data2(SSL *);
void ssl_set_app_data2(SSL *, void *);
int ssl_password_callback(char *, int, int, void *);
+int ssl_no_password_callback(char *buf, int bufsiz, int verify, void
*cb);
void ssl_bio_close(BIO *);
void ssl_bio_doref(BIO *);
DH *ssl_dh_get_tmp_param(int);
@@ -372,6 +376,7 @@ void ssl_vhost_algo_id(const unsi
int ssl_ctx_use_certificate_chain(SSL_CTX *, const char *, int);
int ssl_callback_ssl_verify(int, X509_STORE_CTX *);
int ssl_rand_seed(const char *file);
+void ssl_throw_errno(JNI_STDENV, int cls);
#endif
#endif /* _ACR_SSL_H_ */
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Tue Sep
13 19:59:36 2011
@@ -122,11 +122,13 @@ struct SSLAPIst {
unsigned long (*fpERR_get_error)(void);
void (*fpERR_load_crypto_strings)(void);
unsigned long (*fpERR_peek_error)(void);
+ void (*fpERR_put_error)(int, int, int, const char *, int);
/*** EVP ***/
void (*fpEVP_PKEY_free)(EVP_PKEY *);
/*** MD5 ***/
+ unsigned char* (*fpMD5)(const unsigned char *, size_t, unsigned char
*);
int (*fpMD5_Final)(unsigned char *, MD5_CTX *);
int (*fpMD5_Init)(MD5_CTX *);
int (*fpMD5_Update)(MD5_CTX *, const void *, size_t);
@@ -153,6 +155,8 @@ struct SSLAPIst {
long (*fpSSL_CTX_ctrl)(SSL_CTX *, int, long, void *);
SSL_CTX* (*fpSSL_CTX_new)(CONST_SSL_METHOD *);
void (*fpSSL_CTX_free)(SSL_CTX *);
+ void (*fpSSL_CTX_set_tmp_rsa_callback)(SSL_CTX *, RSA
*(*)(SSL *, int, int));
+ void (*fpSSL_CTX_set_tmp_dh_callback)(SSL_CTX *, DH
*(*)(SSL *, int, int));
/*** SSL ***/
void* (*fpSSL_get_ex_data)(const SSL *, int);
@@ -172,6 +176,12 @@ struct SSLAPIst {
CONST_SSL_METHOD* (*fpTLSv1_method)(void); /* TLSv1.0 */
CONST_SSL_METHOD* (*fpTLSv1_server_method)(void); /* TLSv1.0 */
CONST_SSL_METHOD* (*fpTLSv1_client_method)(void); /* TLSv1.0 */
+ CONST_SSL_METHOD* (*fpTLSv1_1_method)(void); /* TLSv1.1 */
+ CONST_SSL_METHOD* (*fpTLSv1_1_server_method)(void); /* TLSv1.1 */
+ CONST_SSL_METHOD* (*fpTLSv1_1_client_method)(void); /* TLSv1.1 */
+ CONST_SSL_METHOD* (*fpTLSv1_2_method)(void); /* TLSv1.2 */
+ CONST_SSL_METHOD* (*fpTLSv1_2_server_method)(void); /* TLSv1.2 */
+ CONST_SSL_METHOD* (*fpTLSv1_2_client_method)(void); /* TLSv1.2 */
CONST_SSL_METHOD* (*fpDTLSv1_method)(void); /* DTLSv1.0 */
CONST_SSL_METHOD* (*fpDTLSv1_server_method)(void); /* DTLSv1.0 */
@@ -277,6 +287,8 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_FPLOAD(SSL_CTX_free);
LIBSSL_FPLOAD(SSL_CTX_set_default_passwd_cb);
LIBSSL_FPLOAD(SSL_CTX_set_default_passwd_cb_userdata);
+ LIBSSL_FPLOAD(SSL_CTX_set_tmp_dh_callback);
+ LIBSSL_FPLOAD(SSL_CTX_set_tmp_rsa_callback);
/*** BIO ***/
@@ -315,11 +327,13 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
CRYPTO_FPLOAD(ERR_get_error);
CRYPTO_FPLOAD(ERR_load_crypto_strings);
CRYPTO_FPLOAD(ERR_peek_error);
+ CRYPTO_FPLOAD(ERR_put_error);
/*** EVP ***/
CRYPTO_FPLOAD(EVP_PKEY_free);
/*** MD5 ***/
+ CRYPTO_FPLOAD(MD5);
CRYPTO_FPLOAD(MD5_Final);
CRYPTO_FPLOAD(MD5_Init);
CRYPTO_FPLOAD(MD5_Update);
@@ -373,7 +387,16 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_LDDOPT(SSLv2_server_method);
LIBSSL_LDDOPT(SSLv2_client_method);
#endif
-
+#ifdef TLS1_1_VERSION
+ LIBSSL_LDDOPT(TLSv1_1_method);
+ LIBSSL_LDDOPT(TLSv1_1_server_method);
+ LIBSSL_LDDOPT(TLSv1_1_client_method);
+#endif
+#ifdef TLS1_2_VERSION
+ LIBSSL_LDDOPT(TLSv1_2_method);
+ LIBSSL_LDDOPT(TLSv1_2_server_method);
+ LIBSSL_LDDOPT(TLSv1_2_client_method);
+#endif
return JNI_TRUE;
failed:
AcrThrowEx(env, ACR_EX_ENOENT, "Cannot find %s::%s()", dname, fname);
@@ -626,11 +649,21 @@ unsigned long ERR_peek_error(void)
return SSLAPI_CALL(ERR_peek_error)();
}
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+ SSLAPI_CALL(ERR_put_error)(lib, func, reason, file, line);
+}
+
void EVP_PKEY_free(EVP_PKEY *pkey)
{
SSLAPI_CALL(EVP_PKEY_free)(pkey);
}
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+{
+ return SSLAPI_CALL(MD5)(d, n, md);
+}
+
int MD5_Init(MD5_CTX *c)
{
return SSLAPI_CALL(MD5_Init)(c);
@@ -712,6 +745,16 @@ void SSL_CTX_free(SSL_CTX *ctx)
SSLAPI_CALL(SSL_CTX_free)(ctx);
}
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *, int, int))
+{
+ SSLAPI_CALL(SSL_CTX_set_tmp_rsa_callback)(ctx, cb);
+}
+
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(SSL *, int, int))
+{
+ SSLAPI_CALL(SSL_CTX_set_tmp_dh_callback)(ctx, cb);
+}
+
void *SSL_get_ex_data(const SSL *ssl, int idx)
{
return SSLAPI_CALL(SSL_get_ex_data)(ssl, idx);
@@ -755,6 +798,16 @@ IMPLEMENT_SSLOPT_METHOD(SSLv2)
IMPLEMENT_SSLOPT_METHOD(SSLv2_server)
IMPLEMENT_SSLOPT_METHOD(SSLv2_client)
#endif
+#ifdef TLS1_1_VERSION
+IMPLEMENT_SSLOPT_METHOD(TLSv1_1_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_1_server_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_1_client_method)
+#endif
+#ifdef TLS1_2_VERSION
+IMPLEMENT_SSLOPT_METHOD(TLSv1_2_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_2_server_method)
+IMPLEMENT_SSLOPT_METHOD(TLSv1_2_client_method)
+#endif
IMPLEMENT_SSLAPI_METHOD(SSLv3)
IMPLEMENT_SSLAPI_METHOD(SSLv3_server)
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Sep
13 19:59:36 2011
@@ -27,14 +27,160 @@
#endif
-ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS)
+ACR_SSL_EXPORT(jlong, SSLContext, new0)(JNI_STDARGS, jint protocol, jint mode)
{
- acr_ssl_ctxt_t *ctx;
+ acr_ssl_ctxt_t *c;
+ CONST_SSL_METHOD *m = 0;
- ctx = ACR_TALLOC(acr_ssl_ctxt_t);
- if (ctx == 0)
+ c = ACR_TALLOC(acr_ssl_ctxt_t);
+ if (c == 0)
return 0;
- return P2J(ctx);
+ switch (mode) {
+ case SSL_MODE_CLIENT:
+ switch (protocol) {
+ case SSL_PROTOCOL_SSLV2:
+#ifndef OPENSSL_NO_SSL2
+ m = SSLv2_client_method();
+#endif
+ break;
+ case SSL_PROTOCOL_SSLV3:
+ m = SSLv3_client_method();
+ break;
+ case SSL_PROTOCOL_SSLV23:
+ m = SSLv23_client_method();
+ break;
+ case SSL_PROTOCOL_TLSV1:
+ m = TLSv1_client_method();
+ break;
+ case SSL_PROTOCOL_DTLSV1:
+ m = DTLSv1_client_method();
+ break;
+ case SSL_PROTOCOL_TLSV11:
+#ifdef TLS1_1_VERSION
+ m = TLSv1_1_client_method();
+#endif
+ break;
+ case SSL_PROTOCOL_TLSV12:
+#ifdef TLS1_2_VERSION
+ m = TLSv1_2_client_method();
+#endif
+ break;
+ }
+ break;
+ case SSL_MODE_SERVER:
+ switch (protocol) {
+ case SSL_PROTOCOL_SSLV2:
+#ifndef OPENSSL_NO_SSL2
+ m = SSLv2_server_method();
+#endif
+ break;
+ case SSL_PROTOCOL_SSLV3:
+ m = SSLv3_server_method();
+ break;
+ case SSL_PROTOCOL_SSLV23:
+ m = SSLv23_server_method();
+ break;
+ case SSL_PROTOCOL_TLSV1:
+ m = TLSv1_server_method();
+ break;
+ case SSL_PROTOCOL_DTLSV1:
+ m = DTLSv1_server_method();
+ break;
+ case SSL_PROTOCOL_TLSV11:
+#ifdef TLS1_1_VERSION
+ m = TLSv1_1_server_method();
+#endif
+ break;
+ case SSL_PROTOCOL_TLSV12:
+#ifdef TLS1_2_VERSION
+ m = TLSv1_2_server_method();
+#endif
+ break;
+ }
+ break;
+ case SSL_MODE_COMBINED:
+ switch (protocol) {
+ case SSL_PROTOCOL_SSLV2:
+#ifndef OPENSSL_NO_SSL2
+ m = SSLv2_method();
+#endif
+ break;
+ case SSL_PROTOCOL_SSLV3:
+ m = SSLv3_method();
+ break;
+ case SSL_PROTOCOL_SSLV23:
+ m = SSLv23_method();
+ break;
+ case SSL_PROTOCOL_TLSV1:
+ m = TLSv1_method();
+ break;
+ case SSL_PROTOCOL_DTLSV1:
+ m = DTLSv1_method();
+ break;
+ case SSL_PROTOCOL_TLSV11:
+#ifdef TLS1_1_VERSION
+ m = TLSv1_1_method();
+#endif
+ break;
+ case SSL_PROTOCOL_TLSV12:
+#ifdef TLS1_2_VERSION
+ m = TLSv1_2_method();
+#endif
+ break;
+ }
+ break;
+ default:
+ break;
+ }
+ if (m == 0 || (c->ctx == SSL_CTX_new(m)) == 0) {
+ AcrFree(c);
+ ACR_THROW(ACR_EX_EINVAL, 0);
+ return 0;
+ }
+ if ((c->bio_os = BIO_new(BIO_s_file())) != 0)
+ BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ c->protocol = protocol;
+ c->mode = mode;
+ /* Set default Certificate verification level
+ * and depth for the Client Authentication
+ */
+ c->verify_depth = 1;
+ c->verify_mode = SSL_CVERIFY_UNSET;
+ c->shutdown_type = SSL_SHUTDOWN_TYPE_UNSET;
+
+ SSL_CTX_set_options(c->ctx, SSL_OP_ALL);
+ if (protocol != SSL_PROTOCOL_SSLV2)
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2);
+ if (protocol != SSL_PROTOCOL_SSLV3)
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3);
+ if (protocol != SSL_PROTOCOL_TLSV1)
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1);
+ /*
+ * Configure additional context ingredients
+ */
+ SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ /*
+ * Disallow a session from being resumed during a renegotiation,
+ * so that an acceptable cipher suite can be negotiated.
+ */
+ SSL_CTX_set_options(c->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+ /* Default session context id and cache size */
+ SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
+ MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
+ (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
+ c->context_id);
+ if (mode != SSL_MODE_CLIENT) {
+ SSL_CTX_set_tmp_rsa_callback(c->ctx, ssl_callback_tmp_rsa);
+ SSL_CTX_set_tmp_dh_callback(c->ctx, ssl_callback_tmp_dh);
+ }
+
+ /* Set default password callback */
+ SSL_CTX_set_default_passwd_cb(c->ctx, ssl_no_password_callback);
+ SSL_CTX_set_default_passwd_cb_userdata(c->ctx, 0);
+
+ return P2J(c);
}
ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
@@ -64,3 +210,11 @@ ACR_SSL_EXPORT(void, SSLContext, free0)(
AcrFree(c);
}
+ACR_SSL_EXPORT(void, SSLContext, setid0)(JNI_STDARGS, jlong ctx, jstring id)
+{
+ acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+
+ WITH_CSTR(id) {
+ MD5((const unsigned char *)J2S(id), strlen(J2S(id)), c->context_id);
+ } DONE_WITH_STR(id);
+}
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Tue
Sep 13 19:59:36 2011
@@ -239,18 +239,21 @@ ACR_SSL_EXPORT(jboolean, SSL, hasFipsMod
#endif
}
+ACR_SSL_EXPORT(jstring, SSL, errstr0)(JNI_STDARGS, jint err)
+{
+ char buf[256] = "";
+ ERR_error_string_n(err, buf, sizeof(buf));
+ return AcrNewJavaStringA(env, buf);
+}
+
ACR_SSL_EXPORT(void, SSL, fipsmode0)(JNI_STDARGS, jboolean on)
{
#if defined(OPENSSL_FIPS)
- if(FIPS_mode_set(on ? 1 : 0) == 0) {
- unsigned long err = ERR_get_error();
- char msg[256];
-
- ERR_error_string_n(err, msg, 256);
- ACR_THROW_MSG(ACR_EX_ENOSYS, msg);
- }
+ if(FIPS_mode_set(on ? 1 : 0) == 0)
+ ssl_throw_errno(env, ACR_EX_ENOSYS);
#else
- ACR_THROW_MSG(ACR_EX_ENOSYS, "FIPS was not available at build time. You
will need an OpenSSL with FIPS support.");
+ ACR_THROW_MSG(ACR_EX_ENOSYS, "FIPS was not available at build time. "
+ "You will need an OpenSSL with FIPS
support.");
#endif
}
Modified:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
Tue Sep 13 19:59:36 2011
@@ -27,19 +27,24 @@
#endif
/* Global password callback */
-ssl_pass_cb_t *acr_ssl_password_cb;
+ssl_pass_cb_t *acr_ssl_password_cb = 0;
+
+int ssl_no_password_callback(char *buf, int bufsiz, int verify, void *cb)
+{
+ return -1;
+}
int ssl_password_callback(char *buf, int bufsiz, int verify, void *cb)
{
ssl_pass_cb_t *pcb = (ssl_pass_cb_t *)cb;
if (buf == 0 || bufsiz < 0)
- return 0;
+ return -1;
buf[0] = '\0';
if (pcb == 0)
pcb = acr_ssl_password_cb;
if (pcb == 0)
- return 0;
+ return -1;
if (pcb->password == 0) {
/* Call PasswordCallback.handler()
*/
@@ -50,7 +55,7 @@ int ssl_password_callback(char *buf, int
strlcpy(buf, pcb->password, bufsiz);
return (int)strlen(buf);
}
- return 0;
+ return -1;
}
ACR_SSL_EXPORT(jlong, PasswordCallback, new0)(JNI_STDARGS)
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c?rev=1170326&r1=1170325&r2=1170326&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c Tue
Sep 13 19:59:36 2011
@@ -394,3 +394,9 @@ int ssl_ctx_use_certificate_chain(SSL_CT
return n;
}
+void ssl_throw_errno(JNI_STDENV, int cls)
+{
+ char msg[256];
+ ERR_error_string_n(ERR_get_error(), msg, sizeof(msg));
+ AcrThrow(env, cls, msg);
+}
