This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 392ab9ac2b Add additional macros
392ab9ac2b is described below
commit 392ab9ac2ba7d06fc84eb973bf18cc6eae77890d
Author: remm <r...@apache.org>
AuthorDate: Tue Oct 31 12:19:10 2023 +0100
Add additional macros
---
.../util/net/openssl/panama/OpenSSLContext.java | 15 ++++----
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++++++++++++++++++++++
2 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 1742fb739c..f5855b4f2d 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1182,8 +1182,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress =
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
- // SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
- if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(),
1, curveNidAddress) <= 0) {
+ if (SSL_CTX_set1_groups(state.sslCtx, curveNidAddress,
1) <= 0) {
curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1192,9 +1191,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
EC_GROUP_free(ecparams);
}
}
+ // FIXME: Ideally these should be loaded in Java but still
processed through OpenSSL
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
- // FIXME: Ideally this should be loaded in Java but still
processed through OpenSSL
var certificateChainFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()));
// SSLContext.setCertificateChainFile(state.ctx,
@@ -1214,9 +1213,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
- //X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
- if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(),
certificateRevocationListFileNative,
- X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+ if (X509_LOOKUP_load_file(x509Lookup,
certificateRevocationListFileNative,
+ X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListFile()));
}
}
@@ -1224,9 +1222,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
- //X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
- if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(),
certificateRevocationListPathNative,
- X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+ if (X509_LOOKUP_add_dir(x509Lookup,
certificateRevocationListPathNative,
+ X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListPath()));
}
}
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+ /**
+ * Set NIDs of groups in preference order.
+ * # define SSL_CTX_set1_curves SSL_CTX_set1_groups
+ * # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+ * SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
+ * @param sslCtx the SSL context
+ * @param groupsList the groups list
+ * @param listLength the list length
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set1_groups(MemorySegment sslCtx, MemorySegment
groupsList, int listLength) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_GROUPS(), listLength,
groupsList);
+ }
+
+
+ /**
+ * Pass a path from which certificates are loaded into the store.
+ * # define X509_LOOKUP_add_dir(x,name,type) \
+ * X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+ * @param x509Lookup the X509 lookup
+ * @param name the path name
+ * @param type the type used
+ * @return > 0 if successful
+ */
+ public static long X509_LOOKUP_add_dir(MemorySegment x509Lookup,
MemorySegment name, long type) {
+ return X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), name,
X509_FILETYPE_PEM(), MemorySegment.NULL);
+ }
+
+ /**
+ * Pass a file which will be loaded into the store.
+ * # define X509_LOOKUP_load_file(x,name,type) \
+ * X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+ * @param x509Lookup
+ * @param name
+ * @param type
+ * @return
+ */
+ public static long X509_LOOKUP_load_file(MemorySegment x509Lookup,
MemorySegment name, long type) {
+ return X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), name,
X509_FILETYPE_PEM(), MemorySegment.NULL);
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
