svn commit: r679036 - in /tomcat/connectors/trunk/jni: native/src/sslnetwork.c xdocs/miscellaneous/changelog.xml

Wed, 23 Jul 2008 02:04:33 -0700 

Author: mturk
Date: Wed Jul 23 02:03:38 2008
New Revision: 679036

URL: http://svn.apache.org/viewvc?rev=679036&view=rev
Log:
Fix #44864 by using additional check like with mod_ssl

Modified:
    tomcat/connectors/trunk/jni/native/src/sslnetwork.c
    tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml

Modified: tomcat/connectors/trunk/jni/native/src/sslnetwork.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/native/src/sslnetwork.c?rev=679036&r1=679035&r2=679036&view=diff
==============================================================================
--- tomcat/connectors/trunk/jni/native/src/sslnetwork.c (original)
+++ tomcat/connectors/trunk/jni/native/src/sslnetwork.c Wed Jul 23 02:03:38 2008
@@ -302,6 +302,7 @@
     tcn_socket_t *ss = J2P(sock, tcn_socket_t *);
     tcn_ssl_conn_t *con;
     int s, i;
+    long vr;
     apr_status_t rv;
     X509 *peer;
 
@@ -351,11 +352,17 @@
         /*
         * Check for failed client authentication
         */
-        if (SSL_get_verify_result(con->ssl) != X509_V_OK) {
-            /* TODO: Log SSL client authentication failed */
-            con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
-            /* TODO: Figure out the correct return value */
-            return APR_EGENERAL;
+        if ((vr = SSL_get_verify_result(con->ssl)) != X509_V_OK) {
+            if (SSL_VERIFY_ERROR_IS_OPTIONAL(vr) &&
+                con->ctx->verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA) {
+                /* TODO: Log optionalNoCA */
+            }
+            else {
+                /* TODO: Log SSL client authentication failed */
+                con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+                /* TODO: Figure out the correct return value */
+                return APR_EGENERAL;
+            }
         }
 
         /*

Modified: tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml?rev=679036&r1=679035&r2=679036&view=diff
==============================================================================
--- tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml Wed Jul 23 
02:03:38 2008
@@ -36,6 +36,15 @@
   new documentation project for  Tomcat Native was started.
   </p>
 </section>
+<section name="Changes between 1.1.14 and 1.1.15">
+  <changelog>
+    <fix>
+      <bug>44864</bug>: Use additional check for SSL verify like
+      with mod_ssl for SSLVerifyClient=optionalNoCA. (mturk)
+    </fix>
+  </changelog>
+</section>
+
 <section name="Changes between 1.1.13 and 1.1.14">
   <changelog>
     <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to