Author: rjung
Date: Sat Aug 19 20:07:54 2017
New Revision: 1805521
URL: http://svn.apache.org/viewvc?rev=1805521&view=rev
Log:
Add SSLContext.getCiphers().
Note that for OpenSSL < 1.1.0 there is no
SSL_CTX_get_ciphers(), so we create a temporary
SSL from the SSL_CTX and use SSL_get_ciphers()
in this case.
Modified:
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1805521&r1=1805520&r2=1805521&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Sat Aug 19 20:07:54 2017
@@ -27,6 +27,7 @@
#include "ssl_private.h"
static jclass byteArrayClass;
+static jclass stringClass;
static apr_status_t ssl_context_cleanup(void *data)
{
@@ -139,6 +140,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
tcn_ssl_ctxt_t *c = NULL;
SSL_CTX *ctx = NULL;
jclass clazz;
+ jclass sClazz;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
jint prot;
#endif
@@ -346,6 +348,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
/* Cache the byte[].class for performance reasons */
clazz = (*e)->FindClass(e, "[B");
byteArrayClass = (jclass) (*e)->NewGlobalRef(e, clazz);
+ sClazz = (*e)->FindClass(e, "java/lang/String");
+ stringClass = (jclass) (*e)->NewGlobalRef(e, sClazz);
return P2J(c);
init_failed:
@@ -489,6 +493,61 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
return rv;
}
+TCN_IMPLEMENT_CALL(jobjectArray, SSLContext, getCiphers)(TCN_STDARGS, jlong
ctx)
+{
+ tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+ STACK_OF(SSL_CIPHER) *sk;
+ int len;
+ jobjectArray array;
+ SSL_CIPHER *cipher;
+ const char *name;
+ int i;
+ jstring c_name;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL *ssl;
+#endif
+
+ UNREFERENCED_STDARGS;
+
+ if (c->ctx == NULL) {
+ tcn_ThrowException(e, "ssl context is null");
+ return NULL;
+ }
+
+ /* Before OpenSSL 1.1.0, get_ciphers() was only available
+ * on an SSL, not for an SSL_CTX. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ ssl = SSL_new(c->ctx);
+ if (ssl == NULL) {
+ tcn_ThrowException(e, "could not create temporary ssl from ssl
context");
+ return NULL;
+ }
+
+ sk = SSL_get_ciphers(ssl);
+#else
+ sk = SSL_CTX_get_ciphers(c->ctx);
+#endif
+ len = sk_SSL_CIPHER_num(sk);
+
+ if (len <= 0) {
+ SSL_free(ssl);
+ return NULL;
+ }
+
+ array = (*e)->NewObjectArray(e, len, stringClass, NULL);
+
+ for (i = 0; i < len; i++) {
+ cipher = (SSL_CIPHER*) sk_SSL_CIPHER_value(sk, i);
+ name = SSL_CIPHER_get_name(cipher);
+
+ c_name = (*e)->NewStringUTF(e, name);
+ (*e)->SetObjectArrayElement(e, array, i, c_name);
+ }
+ SSL_free(ssl);
+ return array;
+}
+
+
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong
ctx,
jstring file,
jstring path)
Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1805521&r1=1805520&r2=1805521&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Sat Aug 19 20:07:54
2017
@@ -37,6 +37,9 @@
<section name="Changes in 1.2.13">
<changelog>
<add>
+ Add SSLContext.getCiphers(). (rjung)
+ </add>
+ <add>
Add method to add a single CA certificate to the list of CA certificates
which are accepted as issuers of client certificates. (rjung)
</add>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
