-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jean-Frederic,
On 11/8/15 5:34 AM, jfcl...@apache.org wrote: > Author: jfclere Date: Sun Nov 8 10:34:31 2015 New Revision: > 1713220 > > URL: http://svn.apache.org/viewvc?rev=1713220&view=rev Log: Allow > to use raw (well keystore) certificates and keys. > > Modified: tomcat/native/trunk/native/src/sslcontext.c > > Modified: tomcat/native/trunk/native/src/sslcontext.c URL: > http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext .c?rev=1713220&r1=1713219&r2=1713220&view=diff > > ======================================================================== ====== > --- tomcat/native/trunk/native/src/sslcontext.c (original) +++ > tomcat/native/trunk/native/src/sslcontext.c Sun Nov 8 10:34:31 > 2015 @@ -974,6 +974,120 @@ cleanup: return rv; } > > +TCN_IMPLEMENT_CALL(jboolean, SSLContext, > setCertificateRaw)(TCN_STDARGS, jlong ctx, + > jbyteArray javaCert, jbyteArray javaKey, jint idx) +{ +#ifdef > HAVE_ECC +#if defined(SSL_CTX_set_ecdh_auto) + EC_KEY *eckey = > NULL; +#endif +#endif Should the inner #ifdef in fact be #ifndef? Because it does not agree with this portion: > +#ifdef HAVE_ECC + /* + * TODO try to read the ECDH curve > name from somewhere... + */ +#if > defined(SSL_CTX_set_ecdh_auto) + SSL_CTX_set_ecdh_auto(c->ctx, > 1); +#else + eckey = > EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + > SSL_CTX_set_tmp_ecdh(c->ctx, eckey); + EC_KEY_free(eckey); > +#endif +#endif - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlayJG8ACgkQ9CaO5/Lv0PA1vQCgmW9qG7hVeukRLnquPOWq0z6v cxMAoKyree2WfwBRKGPHTLI+OKM9GzBs =azpO -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
