svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

2014-04-09 Thread mturk 
Author: mturk
Date: Wed Apr  9 07:32:29 2014
New Revision: 1585898

URL: http://svn.apache.org/r1585898
Log:
Apply Ognjen's patch for bz55915

Modified:
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898r1=1585897r2=1585898view=diff
==
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr  9 07:32:29 
2014
@@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
(c-context_id[0]), NULL, EVP_sha1(), NULL);
 if (mode) {
+/* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
+EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+SSL_CTX_set_tmp_ecdh(c-ctx, ecdh);
+EC_KEY_free(ecdh);
 SSL_CTX_set_tmp_rsa_callback(c-ctx, SSL_callback_tmp_RSA);
 SSL_CTX_set_tmp_dh_callback(c-ctx,  SSL_callback_tmp_DH);
 }

Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1585898r1=1585897r2=1585898view=diff
==
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Wed Apr  9 
07:32:29 2014
@@ -39,6 +39,9 @@
 section name=Changes between 1.1.29 and 1.1.30
   changelog
 fix
+  bug55915/bug: Apply Ognjen's patch for ECDHE support. (mturk)
+/fix
+fix
   bug55663/bug: Minor correction to the wording of the NOTICE file
   to align it with the a
   href=http://www.apache.org/legal/src-headers.html#notice;requirements



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

2014-04-09 Thread Konstantin Kolinko 
2014-04-09 11:32 GMT+04:00  mt...@apache.org:
 Author: mturk
 Date: Wed Apr  9 07:32:29 2014
 New Revision: 1585898

 URL: http://svn.apache.org/r1585898
 Log:
 Apply Ognjen's patch for bz55915

 Modified:
 tomcat/native/branches/1.1.x/native/src/sslcontext.c
 tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml

 Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
 URL: 
 http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898r1=1585897r2=1585898view=diff
 ==
 --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
 +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr  9 07:32:29 
 2014
 @@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
 (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
 (c-context_id[0]), NULL, EVP_sha1(), NULL);
  if (mode) {

All the following is unconditional?

I wonder whether OpenSSL always has these methods.

 +/* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
 +EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 +SSL_CTX_set_tmp_ecdh(c-ctx, ecdh);
 +EC_KEY_free(ecdh);
  SSL_CTX_set_tmp_rsa_callback(c-ctx, SSL_callback_tmp_RSA);
  SSL_CTX_set_tmp_dh_callback(c-ctx,  SSL_callback_tmp_DH);
  }



Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

2014-04-09 Thread Mladen Turk 

On 04/09/2014 02:03 PM, Konstantin Kolinko wrote:

2014-04-09 11:32 GMT+04:00  mt...@apache.org:

Author: mturk
Date: Wed Apr  9 07:32:29 2014
New Revision: 1585898

URL: http://svn.apache.org/r1585898
Log:
Apply Ognjen's patch for bz55915

Modified:
 tomcat/native/branches/1.1.x/native/src/sslcontext.c
 tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898r1=1585897r2=1585898view=diff
==
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr  9 07:32:29 
2014
@@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
 (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
 (c-context_id[0]), NULL, EVP_sha1(), NULL);
  if (mode) {


All the following is unconditional?

I wonder whether OpenSSL always has these methods.



Yeah. I have added HAVE_ECS which I'll use for this section in case of 0.9.8x 
is used

Regards
--
^TM

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

2014-04-09 Thread Ognjen Blagojevic 

On 9.4.2014 9:32, mt...@apache.org wrote:

Log:
Apply Ognjen's patch for bz55915


For the record, I am an issue reporter, but patch was provided by Mike 
Noordermeer.


-Ognjen


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org