Hi,
I have been re-using the tomcat native APR library in some of my own
projects and I have come up against a problem with the SSLSocket
workings.
My current project is a high performance LDAP injector/simulator and
I need to be able to support TLS on the sockets. The SSL component
works fine, but the LDAP protocol allows for the client connection to
go "secure" for the login/bind request and then once that is
successful, the connection can then go "unsecured". With the current
implementation I cannot seem to find away to end the SSL/TLS session
without disconnecting the socket.
I have looked through the JNI code and I created the following
function in the file sslnetwork.c:
TCN_IMPLEMENT_CALL(jint, SSLSocket, detach)(TCN_STDARGS, jlong sock)
{
tcn_socket_t *s = J2P(sock, tcn_socket_t *);
TCN_ASSERT(sock != 0);
s->net = &apr_socket_layer;
s->opaque = s ->socket;
return APR_SUCCESS;
}
Then I added the following method to the class SSLSocket
public static int detach(long sock) throws Exception;
These new functions/methods now allow me to revert a socket, that was
using TLS, back to the original apr_socket_layer definition without
having to disconnect the socket. So in my application to go from a
secured socket to unsecured one I just have to do.....
Socket.shutdown(socket, 0); //End the TLS session
SSLSocket.detach(socket); //Revert the socket back to normal
SSLContext.free(sslContext); //Free the context
I know that this is not tomcat related, but I find the JNI APR lib
really useful when I need to create high performance Java code.
Is there any possibility of including a fix along these lines or, if
there is a better way (I am not a C expert), into the main release of
the JNI connector?
Cheers
Rupert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
