On 12/10/18 12:11, Rainer Jung wrote: > Am 10.10.2018 um 23:54 schrieb Mark Thomas: >> On 10/10/18 22:49, ma...@apache.org wrote: >>> Author: markt >>> Date: Wed Oct 10 21:49:55 2018 >>> New Revision: 1843514 >>> >>> URL: http://svn.apache.org/viewvc?rev=1843514&view=rev >>> Log: >>> Implement TLS 1.3 support for CLIENT-CERT when the APR/native >>> connector is not configured with certificateVerification="required" >>> (i.e. the equivalent of server initiated renegotiation to obtain a >>> client cert) >>> >>> Modified: >>> tomcat/native/trunk/native/include/ssl_private.h >>> tomcat/native/trunk/native/src/sslnetwork.c >> >> There is a large amount of duplication in this commit for the above >> file. A C programmer with more skill than me can probably find a simple >> way to reduce it. > > I hope I have done it without breaking it in r1843645 and r1843651. It > compiles with OpenSSL 1.0.2, 1.1.0 and 1.1.1 and the refactoring isn't > very complex. Do you have an efficient way of testing whether I broke > reneg or PHA?
Thanks for cleaning up after me. Much appreciated. I've tested TLS 1.2 and TLS 1.3 with APR/native and NIO+OpenSSL and reneg and PHA both work as expected. Many thanks, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
