svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
Author: mturk Date: Wed Apr 9 07:32:29 2014 New Revision: 1585898 URL: http://svn.apache.org/r1585898 Log: Apply Ognjen's patch for bz55915 Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898r1=1585897r2=1585898view=diff == --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original) +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 07:32:29 2014 @@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1), (c-context_id[0]), NULL, EVP_sha1(), NULL); if (mode) { +/* Set default (nistp256) elliptic curve for ephemeral ECDH keys */ +EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +SSL_CTX_set_tmp_ecdh(c-ctx, ecdh); +EC_KEY_free(ecdh); SSL_CTX_set_tmp_rsa_callback(c-ctx, SSL_callback_tmp_RSA); SSL_CTX_set_tmp_dh_callback(c-ctx, SSL_callback_tmp_DH); } Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1585898r1=1585897r2=1585898view=diff == --- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Wed Apr 9 07:32:29 2014 @@ -39,6 +39,9 @@ section name=Changes between 1.1.29 and 1.1.30 changelog fix + bug55915/bug: Apply Ognjen's patch for ECDHE support. (mturk) +/fix +fix bug55663/bug: Minor correction to the wording of the NOTICE file to align it with the a href=http://www.apache.org/legal/src-headers.html#notice;requirements - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
2014-04-09 11:32 GMT+04:00 mt...@apache.org: Author: mturk Date: Wed Apr 9 07:32:29 2014 New Revision: 1585898 URL: http://svn.apache.org/r1585898 Log: Apply Ognjen's patch for bz55915 Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898r1=1585897r2=1585898view=diff == --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original) +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 07:32:29 2014 @@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1), (c-context_id[0]), NULL, EVP_sha1(), NULL); if (mode) { All the following is unconditional? I wonder whether OpenSSL always has these methods. +/* Set default (nistp256) elliptic curve for ephemeral ECDH keys */ +EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +SSL_CTX_set_tmp_ecdh(c-ctx, ecdh); +EC_KEY_free(ecdh); SSL_CTX_set_tmp_rsa_callback(c-ctx, SSL_callback_tmp_RSA); SSL_CTX_set_tmp_dh_callback(c-ctx, SSL_callback_tmp_DH); } Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
On 04/09/2014 02:03 PM, Konstantin Kolinko wrote: 2014-04-09 11:32 GMT+04:00 mt...@apache.org: Author: mturk Date: Wed Apr 9 07:32:29 2014 New Revision: 1585898 URL: http://svn.apache.org/r1585898 Log: Apply Ognjen's patch for bz55915 Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585898r1=1585897r2=1585898view=diff == --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original) +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 07:32:29 2014 @@ -151,6 +151,10 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1), (c-context_id[0]), NULL, EVP_sha1(), NULL); if (mode) { All the following is unconditional? I wonder whether OpenSSL always has these methods. Yeah. I have added HAVE_ECS which I'll use for this section in case of 0.9.8x is used Regards -- ^TM - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1585898 - in /tomcat/native/branches/1.1.x: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
On 9.4.2014 9:32, mt...@apache.org wrote: Log: Apply Ognjen's patch for bz55915 For the record, I am an issue reporter, but patch was provided by Mike Noordermeer. -Ognjen - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org