changelog.xml

markt Wed, 30 Mar 2016 12:27:46 -0700

Author: markt
Date: Wed Mar 30 19:27:29 2016
New Revision: 1737154

URL: http://svn.apache.org/viewvc?rev=1737154&view=rev
Log:
Add support for obtaining the certificate chain from a Java keystore


Modified:
    tomcat/native/trunk/native/src/sslcontext.c
    tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1737154&r1=1737153&r2=1737154&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Mar 30 19:27:29 2016
@@ -1051,7 +1051,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
     certs = d2i_X509(NULL, &tmp, lengthOfCert);
     if (certs == NULL) {
         ERR_error_string(ERR_get_error(), err);
-        tcn_Throw(e, "Error reading certificat (%s)", err);
+        tcn_Throw(e, "Error reading certificate (%s)", err);
         rv = JNI_FALSE;
         goto cleanup;
     }
@@ -1119,6 +1119,50 @@ cleanup:
     free(cert);
     return rv;
 }
+
+TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, 
jlong ctx,
+                                                                 jbyteArray 
javaCert)
+{
+    jsize lengthOfCert;
+    unsigned char* cert;
+    X509 * certs;
+    EVP_PKEY * evp;
+    const unsigned char *tmp;
+    BIO * bio;
+
+    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+    jboolean rv = JNI_TRUE;
+    char err[256];
+
+    /* we get the cert contents into a byte array */
+    jbyte* bufferPtr = (*e)->GetByteArrayElements(e, javaCert, NULL);
+    lengthOfCert = (*e)->GetArrayLength(e, javaCert);
+    cert = malloc(lengthOfCert);
+    memcpy(cert, bufferPtr, lengthOfCert);
+    (*e)->ReleaseByteArrayElements(e, javaCert, bufferPtr, 0);
+
+    UNREFERENCED(o);
+    TCN_ASSERT(ctx != 0);
+
+    tmp = (const unsigned char *)cert;
+    certs = d2i_X509(NULL, &tmp, lengthOfCert);
+    if (certs == NULL) {
+        ERR_error_string(ERR_get_error(), err);
+        tcn_Throw(e, "Error reading certificate (%s)", err);
+        rv = JNI_FALSE;
+        goto cleanup;
+    }
+
+    if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
+        ERR_error_string(ERR_get_error(), err);
+        tcn_Throw(e, "Error setting certificate (%s)", err);
+        rv = JNI_FALSE;
+    }
+
+cleanup:
+    free(cert);
+    return rv;
+}
 
 static int ssl_array_index(apr_array_header_t *array,
                            const char *s)

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1737154&r1=1737153&r2=1737154&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Wed Mar 30 19:27:29 
2016
@@ -54,6 +54,9 @@
     <fix>
       Fix some compiler warnings in native ssl code. (rjung)
     </fix>
+    <add>
+      Add support for using Java keystores for certificate chains. (markt)
+    </add>
   </changelog>
 </section>
 <section name="Changes in 1.2.5">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1737154 - in /tomcat/native/trunk: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

Reply via email to