mturk 2005/06/10 00:53:24 Modified: jni/java/org/apache/tomcat/jni SSLContext.java jni/native/src sslcontext.c Log: Combine verfyClient and verifyDepth to a single function because they are related. Revision Changes Path 1.18 +13 -27 jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java Index: SSLContext.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSLContext.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- SSLContext.java 10 Jun 2005 06:44:35 -0000 1.17 +++ SSLContext.java 10 Jun 2005 07:53:24 -0000 1.18 @@ -225,30 +225,6 @@ throws Exception; /** - * Set Maximum depth of CA Certificates in Client Certificate verification - * <br /> - * This directive sets how deeply mod_ssl should verify before deciding that - * the clients don't have a valid certificate. Notice that this directive can - * be used both in per-server and per-directory context. In per-server context - * it applies to the client authentication process used in the standard SSL - * handshake when a connection is established. In per-directory context it forces - * a SSL renegotation with the reconfigured client verification depth after the - * HTTP request was read but before the HTTP response is sent. - * <br /> - * The depth actually is the maximum number of intermediate certificate issuers, - * i.e. the number of CA certificates which are max allowed to be followed while - * verifying the client certificate. A depth of 0 means that self-signed client - * certificates are accepted only, the default depth of 1 means the client - * certificate can be self-signed or has to be signed by a CA which is directly - * known to the server (i.e. the CA's certificate is under - * <code>setCACertificatePath</code>), etc. - * @param ctx Server or Client context to use. - * @param depth Maximum depth of CA Certificates in Client Certificate - * verification. - */ - public static native void setVerifyDepth(long ctx, int depth); - - /** * Set SSL connection shutdown type * <br /> * The following levels are available for level: @@ -263,7 +239,8 @@ public static native void setShutdowType(long ctx, int type); /** - * Set Type of Client Certificate verification + * Set Type of Client Certificate verification and Maximum depth of CA Certificates + * in Client Certificate verification. * <br /> * This directive sets the Certificate verification level for the Client * Authentication. Notice that this directive can be used both in per-server @@ -281,10 +258,19 @@ * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate * but it need not to be (successfully) verifiable * </PRE> + * <br /> + * The depth actually is the maximum number of intermediate certificate issuers, + * i.e. the number of CA certificates which are max allowed to be followed while + * verifying the client certificate. A depth of 0 means that self-signed client + * certificates are accepted only, the default depth of 1 means the client + * certificate can be self-signed or has to be signed by a CA which is directly + * known to the server (i.e. the CA's certificate is under * <code>setCACertificatePath</code>), etc. * @param ctx Server or Client context to use. * @param level Type of Client Certificate verification. + * @param depth Maximum depth of CA Certificates in Client Certificate + * verification. */ - public static native void setVerifyClient(long ctx, int level); + public static native void setVerify(long ctx, int level, int depth); } 1.32 +5 -14 jakarta-tomcat-connectors/jni/native/src/sslcontext.c Index: sslcontext.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- sslcontext.c 10 Jun 2005 06:44:35 -0000 1.31 +++ sslcontext.c 10 Jun 2005 07:53:24 -0000 1.32 @@ -392,16 +392,6 @@ return rv; } -TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyDepth)(TCN_STDARGS, jlong ctx, - jint depth) -{ - tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); - - UNREFERENCED_STDARGS; - TCN_ASSERT(ctx != 0); - c->verify_depth = depth; -} - TCN_IMPLEMENT_CALL(void, SSLContext, setShutdownType)(TCN_STDARGS, jlong ctx, jint type) { @@ -412,8 +402,8 @@ c->shutdown_type = type; } -TCN_IMPLEMENT_CALL(void, SSLContext, setVerifyClient)(TCN_STDARGS, jlong ctx, - jint level) +TCN_IMPLEMENT_CALL(void, SSLContext, setVerify)(TCN_STDARGS, jlong ctx, + jint level, jint depth) { tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); int verify = SSL_VERIFY_NONE; @@ -424,7 +414,8 @@ if (c->verify_mode == SSL_CVERIFY_UNSET) c->verify_mode = SSL_CVERIFY_NONE; - + if (depth > 0) + c->verify_depth = depth; /* * Configure callbacks for SSL context */
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]