svn commit: r1438346 - in /tomcat/native/branches/1.1.x: ./ native/src/sslcontext.c native/src/sslnetwork.c xdocs/miscellaneous/changelog.xml

Thu, 24 Jan 2013 22:39:40 -0800 

Author: wrowe
Date: Fri Jan 25 06:39:18 2013
New Revision: 1438346

URL: http://svn.apache.org/viewvc?rev=1438346&view=rev
Log:
Mladen and I seem to have been of the same mind, but we should pick up the      
change that Chuck suggested in the bug report as I had in r1438342, and also    
note a user facing change

Modified:
    tomcat/native/branches/1.1.x/   (props changed)
    tomcat/native/branches/1.1.x/native/src/sslcontext.c
    tomcat/native/branches/1.1.x/native/src/sslnetwork.c
    tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml

Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
  Merged /tomcat/native/trunk:r1438342

Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1438346&r1=1438345&r2=1438346&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Fri Jan 25 06:39:18 
2013
@@ -148,7 +148,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
     /* Default session context id and cache size */
     SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
     EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
-               (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
+               (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
                &(c->context_id[0]), NULL, EVP_sha1(), NULL);
     if (mode) {
         SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);

Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1438346&r1=1438345&r2=1438346&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Fri Jan 25 06:39:18 
2013
@@ -151,7 +151,7 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv
         SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA);
         SSL_set_tmp_dh_callback(ssl,  SSL_callback_tmp_DH);
         SSL_set_session_id_context(ssl, &(ctx->context_id[0]),
-                                   sizeof(ctx->context_id));
+                                   sizeof ctx->context_id);
     }
     SSL_set_verify_result(ssl, X509_V_OK);
     SSL_rand_seed(ctx->rand_file);

Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1438346&r1=1438345&r2=1438346&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Fri Jan 25 
06:39:18 2013
@@ -38,6 +38,11 @@
 </section>
 <section name="Changes between 1.1.25 and 1.1.26">
   <changelog>
+    <fix>
+      <bug>54468</bug>: Fix FIPS mode for listeners when using OpenSSL 1.0.1c
+      and later; resolves 'Low level API call to digest MD5 forbidden in FIPS
+      mode!' errors. (wrowe)
+    </fix>
     <update>
       add clearOptions function to allow access to OpenSSL's 
SSL_CTX_clear_options function. (schultz)
     </update>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to