This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 313062eca9 Port add macros
313062eca9 is described below
commit 313062eca91e7049a132ae0fa4ce92d599fdc242
Author: remm <[email protected]>
AuthorDate: Tue Oct 31 12:25:06 2023 +0100
Port add macros
---
.../util/net/openssl/panama/OpenSSLContext.java | 14 ++++----
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++++++++++++++++++++++
2 files changed, 48 insertions(+), 8 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 90b2a97047..2168196575 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1180,8 +1180,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress =
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
- // SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
- if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(),
1, curveNidAddress) <= 0) {
+ if (SSL_CTX_set1_groups(state.sslCtx, curveNidAddress,
1) <= 0) {
curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1190,6 +1189,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
EC_GROUP_free(ecparams);
}
}
+ // FIXME: Ideally these should be loaded in Java but still
processed through OpenSSL
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
var certificateChainFileNative =
@@ -1211,9 +1211,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
- //X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
- if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(),
certificateRevocationListFileNative,
- X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+ if (X509_LOOKUP_load_file(x509Lookup,
certificateRevocationListFileNative,
+ X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListFile()));
}
}
@@ -1221,9 +1220,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup =
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
- //X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
- if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(),
certificateRevocationListPathNative,
- X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+ if (X509_LOOKUP_add_dir(x509Lookup,
certificateRevocationListPathNative,
+ X509_FILETYPE_PEM()) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList",
sslHostConfig.getCertificateRevocationListPath()));
}
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+ /**
+ * Set NIDs of groups in preference order.
+ * # define SSL_CTX_set1_curves SSL_CTX_set1_groups
+ * # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+ * SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
+ * @param sslCtx the SSL context
+ * @param groupsList the groups list
+ * @param listLength the list length
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set1_groups(MemorySegment sslCtx, MemorySegment
groupsList, int listLength) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_GROUPS(), listLength,
groupsList);
+ }
+
+
+ /**
+ * Pass a path from which certificates are loaded into the store.
+ * # define X509_LOOKUP_add_dir(x,name,type) \
+ * X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+ * @param x509Lookup the X509 lookup
+ * @param name the path name
+ * @param type the type used
+ * @return > 0 if successful
+ */
+ public static long X509_LOOKUP_add_dir(MemorySegment x509Lookup,
MemorySegment name, long type) {
+ return X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), name,
X509_FILETYPE_PEM(), MemorySegment.NULL);
+ }
+
+ /**
+ * Pass a file which will be loaded into the store.
+ * # define X509_LOOKUP_load_file(x,name,type) \
+ * X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+ * @param x509Lookup
+ * @param name
+ * @param type
+ * @return
+ */
+ public static long X509_LOOKUP_load_file(MemorySegment x509Lookup,
MemorySegment name, long type) {
+ return X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), name,
X509_FILETYPE_PEM(), MemorySegment.NULL);
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
