svn commit: r1832987 - /tomcat/native/trunk/native/src/sslcontext.c

Wed, 06 Jun 2018 01:26:06 -0700 

Author: jfclere
Date: Wed Jun  6 08:25:53 2018
New Revision: 1832987

URL: http://svn.apache.org/viewvc?rev=1832987&view=rev
Log:
Fix for PR#62094

Modified:
    tomcat/native/trunk/native/src/sslcontext.c

Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1832987&r1=1832986&r2=1832987&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Wed Jun  6 08:25:53 2018
@@ -565,11 +565,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
 
     UNREFERENCED(o);
     TCN_ASSERT(ctx != 0);
-    if (J2S(file) == NULL && J2S(path) == NULL)
+    if (J2S(file) == NULL && J2S(path) == NULL) {
         return JNI_FALSE;
+    }
 
+    fprintf(stderr,"setCARevocation: 1\n");
     if (!c->crl) {
-        if ((c->crl = X509_STORE_new()) == NULL)
+        if ((c->crl = SSL_CTX_get_cert_store(c->ctx)) == NULL)
             goto cleanup;
     }
     if (J2S(file)) {
@@ -581,7 +583,13 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
             tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
             goto cleanup;
         }
-        X509_LOOKUP_load_file(lookup, J2S(file), X509_FILETYPE_PEM);
+        if (!X509_LOOKUP_load_file(lookup, J2S(file), X509_FILETYPE_PEM)) {
+            ERR_error_string(SSL_ERR_get(), err);
+            X509_STORE_free(c->crl);
+            c->crl = NULL;
+            tcn_Throw(e, "Load failed for file %s (%s)", J2S(file), err);
+            goto cleanup;
+        }
     }
     if (J2S(path)) {
         lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
@@ -592,8 +600,15 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
             tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);
             goto cleanup;
         }
-        X509_LOOKUP_add_dir(lookup, J2S(path), X509_FILETYPE_PEM);
+        if (!X509_LOOKUP_add_dir(lookup, J2S(path), X509_FILETYPE_PEM)) {
+            ERR_error_string(SSL_ERR_get(), err);
+            X509_STORE_free(c->crl);
+            c->crl = NULL;
+            tcn_Throw(e, "Load failed for path %s (%s)", J2S(file), err);
+            goto cleanup;
+        }
     }
+    X509_STORE_set_flags(c->store, X509_V_FLAG_CRL_CHECK | 
X509_V_FLAG_CRL_CHECK_ALL);
     rv = JNI_TRUE;
 cleanup:
     TCN_FREE_CSTRING(file);



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to