Author: markt
Date: Wed Mar 30 19:27:29 2016
New Revision: 1737154
URL: http://svn.apache.org/viewvc?rev=1737154&view=rev
Log:
Add support for obtaining the certificate chain from a Java keystore
Modified:
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1737154&r1=1737153&r2=1737154&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Mar 30 19:27:29 2016
@@ -1051,7 +1051,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
certs = d2i_X509(NULL, &tmp, lengthOfCert);
if (certs == NULL) {
ERR_error_string(ERR_get_error(), err);
- tcn_Throw(e, "Error reading certificat (%s)", err);
+ tcn_Throw(e, "Error reading certificate (%s)", err);
rv = JNI_FALSE;
goto cleanup;
}
@@ -1119,6 +1119,50 @@ cleanup:
free(cert);
return rv;
}
+
+TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS,
jlong ctx,
+ jbyteArray
javaCert)
+{
+ jsize lengthOfCert;
+ unsigned char* cert;
+ X509 * certs;
+ EVP_PKEY * evp;
+ const unsigned char *tmp;
+ BIO * bio;
+
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ jboolean rv = JNI_TRUE;
+ char err[256];
+
+ /* we get the cert contents into a byte array */
+ jbyte* bufferPtr = (*e)->GetByteArrayElements(e, javaCert, NULL);
+ lengthOfCert = (*e)->GetArrayLength(e, javaCert);
+ cert = malloc(lengthOfCert);
+ memcpy(cert, bufferPtr, lengthOfCert);
+ (*e)->ReleaseByteArrayElements(e, javaCert, bufferPtr, 0);
+
+ UNREFERENCED(o);
+ TCN_ASSERT(ctx != 0);
+
+ tmp = (const unsigned char *)cert;
+ certs = d2i_X509(NULL, &tmp, lengthOfCert);
+ if (certs == NULL) {
+ ERR_error_string(ERR_get_error(), err);
+ tcn_Throw(e, "Error reading certificate (%s)", err);
+ rv = JNI_FALSE;
+ goto cleanup;
+ }
+
+ if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
+ ERR_error_string(ERR_get_error(), err);
+ tcn_Throw(e, "Error setting certificate (%s)", err);
+ rv = JNI_FALSE;
+ }
+
+cleanup:
+ free(cert);
+ return rv;
+}
static int ssl_array_index(apr_array_header_t *array,
const char *s)
Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1737154&r1=1737153&r2=1737154&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Wed Mar 30 19:27:29
2016
@@ -54,6 +54,9 @@
<fix>
Fix some compiler warnings in native ssl code. (rjung)
</fix>
+ <add>
+ Add support for using Java keystores for certificate chains. (markt)
+ </add>
</changelog>
</section>
<section name="Changes in 1.2.5">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
