On 29/04/2015 23:04, Christopher Schultz wrote: > On 4/29/15 5:31 PM, ma...@apache.org wrote: >> Author: markt >> Date: Wed Apr 29 21:31:43 2015 >> New Revision: 1676864 >> >> URL: http://svn.apache.org/r1676864 >> Log: >> Implement the native part of SNI
<snip/> >> Modified: tomcat/native/trunk/native/src/sslcontext.c >> URL: >> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1676864&r1=1676863&r2=1676864&view=diff >> ============================================================================== >> --- tomcat/native/trunk/native/src/sslcontext.c (original) >> +++ tomcat/native/trunk/native/src/sslcontext.c Wed Apr 29 21:31:43 2015 >> @@ -62,12 +62,37 @@ static apr_status_t ssl_context_cleanup( >> return APR_SUCCESS; >> } >> >> +static jclass ssl_context_class; >> +static jmethodID sni_java_callback; >> + >> /* Callback used when OpenSSL receives a client hello with a Server Name >> * Indication extension. >> */ >> int ssl_callback_ServerNameIndication(SSL *ssl, int *al, tcn_ssl_ctxt_t *c) >> { >> - printf("SNI callback received"); >> + // Get the JNI environment for this callback >> + JavaVM *javavm = tcn_get_java_vm(); >> + JNIEnv *env; >> + (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL); > > Is OpenSSL running the handshake in another thread? I don't know enough > about OpenSSL to know how it does things like callbacks for this stuff. > What thread is active when ssl_callback_ServerNameIndication is being > called? Is it a thread that initially requested the handshake (and is > therefore already bound to the JVM)? I believe the handshake does remain in a single thread and it is triggered by a Java call. Therefore it should be possible to cache JNIenv* from there. I'm not sure how much difference it will make. I'll add a TODO. >> @@ -206,9 +231,14 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma >> SSL_CTX_set_default_passwd_cb_userdata(c->ctx, (void >> *)(&tcn_password_callback)); >> SSL_CTX_set_info_callback(c->ctx, SSL_callback_handshake); >> >> - /* Set Server Name Indication (SNI) callback */ >> - c->jnienv = e; >> - c->java_object = o; >> + /* Cache Java side SNI callback if not already cached */ >> + if (ssl_context_class == 0) { > > This is okay, but graybeards might prefer: > > if(!ssl_context_class) I'll follow Chuck's advice on that one. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
