svn commit: r1805521 - in /tomcat/native/trunk: native/src/sslcontext.c xdocs/miscellaneous/changelog.xml

Sat, 19 Aug 2017 13:08:05 -0700 

Author: rjung
Date: Sat Aug 19 20:07:54 2017
New Revision: 1805521

URL: http://svn.apache.org/viewvc?rev=1805521&view=rev
Log:
Add SSLContext.getCiphers().

Note that for OpenSSL < 1.1.0 there is no
SSL_CTX_get_ciphers(), so we create a temporary
SSL from the SSL_CTX and use SSL_get_ciphers()
in this case.

Modified:
    tomcat/native/trunk/native/src/sslcontext.c
    tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1805521&r1=1805520&r2=1805521&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Sat Aug 19 20:07:54 2017
@@ -27,6 +27,7 @@
 #include "ssl_private.h"
 
 static jclass byteArrayClass;
+static jclass stringClass;
 
 static apr_status_t ssl_context_cleanup(void *data)
 {
@@ -139,6 +140,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     tcn_ssl_ctxt_t *c = NULL;
     SSL_CTX *ctx = NULL;
     jclass clazz;
+    jclass sClazz;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
     jint prot;
 #endif
@@ -346,6 +348,8 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     /* Cache the byte[].class for performance reasons */
     clazz = (*e)->FindClass(e, "[B");
     byteArrayClass = (jclass) (*e)->NewGlobalRef(e, clazz);
+    sClazz = (*e)->FindClass(e, "java/lang/String");
+    stringClass = (jclass) (*e)->NewGlobalRef(e, sClazz);
 
     return P2J(c);
 init_failed:
@@ -489,6 +493,61 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
     return rv;
 }
 
+TCN_IMPLEMENT_CALL(jobjectArray, SSLContext, getCiphers)(TCN_STDARGS, jlong 
ctx)
+{
+    tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *);
+    STACK_OF(SSL_CIPHER) *sk;
+    int len;
+    jobjectArray array;
+    SSL_CIPHER *cipher;
+    const char *name;
+    int i;
+    jstring c_name;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    SSL *ssl;
+#endif
+
+    UNREFERENCED_STDARGS;
+
+    if (c->ctx == NULL) {
+        tcn_ThrowException(e, "ssl context is null");
+        return NULL;
+    }
+
+    /* Before OpenSSL 1.1.0, get_ciphers() was only available
+     * on an SSL, not for an SSL_CTX. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    ssl = SSL_new(c->ctx);
+    if (ssl == NULL) {
+        tcn_ThrowException(e, "could not create temporary ssl from ssl 
context");
+        return NULL;
+    }
+
+    sk = SSL_get_ciphers(ssl);
+#else
+    sk = SSL_CTX_get_ciphers(c->ctx);
+#endif
+    len = sk_SSL_CIPHER_num(sk);
+
+    if (len <= 0) {
+        SSL_free(ssl);
+        return NULL;
+    }
+
+    array = (*e)->NewObjectArray(e, len, stringClass, NULL);
+
+    for (i = 0; i < len; i++) {
+        cipher = (SSL_CIPHER*) sk_SSL_CIPHER_value(sk, i);
+        name = SSL_CIPHER_get_name(cipher);
+
+        c_name = (*e)->NewStringUTF(e, name);
+        (*e)->SetObjectArrayElement(e, array, i, c_name);
+    }
+    SSL_free(ssl);
+    return array;
+}
+
+
 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong 
ctx,
                                                           jstring file,
                                                           jstring path)

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1805521&r1=1805520&r2=1805521&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Sat Aug 19 20:07:54 
2017
@@ -37,6 +37,9 @@
 <section name="Changes in 1.2.13">
   <changelog>
     <add>
+      Add SSLContext.getCiphers(). (rjung)
+    </add>
+    <add>
       Add method to add a single CA certificate to the list of CA certificates
       which are accepted as issuers of client certificates. (rjung)
     </add>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to