2016-03-30 22:33 GMT+03:00 Mark Thomas <ma...@apache.org>: > On 30/03/2016 20:27, ma...@apache.org wrote: >> Author: markt >> Date: Wed Mar 30 19:27:29 2016 >> New Revision: 1737154 >> >> URL: http://svn.apache.org/viewvc?rev=1737154&view=rev >> Log: >> Add support for obtaining the certificate chain from a Java keystore > > This needs a review by someone who knows C better than I do. > > The implementation is essentially a copy/paste of setCertificateRaw with > what looked to be the right changes to remove the unnecessary private > key code and to call the right OpenSSL method to set the chain. > > It does work - in that SSL Labs sees the full chain - but the code may > well be terrible. I wouldn't be surprised if it leaked memory. > > Once this has been reviewed and fixed, I plan to do a tc-native release > so we can up the minimum required version in 9.0.x and 8.5.x and ship > the next releases with the necessary tc-native code to use this feature. >
There is second half of this file (sslcontext.c) that defines stubs for all these methods for the case when the library is compiled without OpenSSL. Neither setCertificateRaw method, nor the new one are declared there. #else /* OpenSSL is not supported. * Create empty stubs. */ Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
