[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-dev
Subject: (tomcat) branch 9.0.x updated: Port add macros
From: remm () apache ! org
Date: 2023-10-31 11:30:18
Message-ID: 169875181815.1741426.13189853111629609685 () gitbox2-he-fi ! apache ! org
[Download RAW message or body]
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 313062eca9 Port add macros
313062eca9 is described below
commit 313062eca91e7049a132ae0fa4ce92d599fdc242
Author: remm <remm@apache.org>
AuthorDate: Tue Oct 31 12:25:06 2023 +0100
Port add macros
---
.../util/net/openssl/panama/OpenSSLContext.java | 14 ++++----
.../tomcat/util/openssl/openssl_h_Macros.java | 42 ++++++++++++++++++++++
2 files changed, 48 insertions(+), 8 deletions(-)
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java \
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 90b2a97047..2168196575 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -1180,8 +1180,7 @@ public class OpenSSLContext implements \
org.apache.tomcat.util.net.SSLContext { if (!MemorySegment.NULL.equals(ecparams)) {
int curveNid = EC_GROUP_get_curve_name(ecparams);
var curveNidAddress = \
localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
- // SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
- if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(), 1, \
curveNidAddress) <= 0) { + if \
(SSL_CTX_set1_groups(state.sslCtx, curveNidAddress, 1) <= 0) { curveNid = 0;
}
if (log.isDebugEnabled()) {
@@ -1190,6 +1189,7 @@ public class OpenSSLContext implements \
org.apache.tomcat.util.net.SSLContext { EC_GROUP_free(ecparams);
}
}
+ // FIXME: Ideally these should be loaded in Java but still processed \
through OpenSSL // Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
var certificateChainFileNative =
@@ -1211,9 +1211,8 @@ public class OpenSSLContext implements \
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup = \
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file()); var \
certificateRevocationListFileNative =
\
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
- //X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
- if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), \
certificateRevocationListFileNative,
- X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+ if (X509_LOOKUP_load_file(x509Lookup, \
certificateRevocationListFileNative, + \
X509_FILETYPE_PEM()) <= 0) {
\
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList", \
sslHostConfig.getCertificateRevocationListFile())); }
}
@@ -1221,9 +1220,8 @@ public class OpenSSLContext implements \
org.apache.tomcat.util.net.SSLContext {
MemorySegment x509Lookup = \
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir()); var \
certificateRevocationListPathNative =
\
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
- //X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
- if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), \
certificateRevocationListPathNative,
- X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+ if (X509_LOOKUP_add_dir(x509Lookup, \
certificateRevocationListPathNative, + \
X509_FILETYPE_PEM()) <= 0) {
\
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList", \
sslHostConfig.getCertificateRevocationListPath())); }
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java \
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index 139addb2ba..de8cf7e079 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -189,6 +189,48 @@ public class openssl_h_Macros {
return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
}
+
+ /**
+ * Set NIDs of groups in preference order.
+ * # define SSL_CTX_set1_curves SSL_CTX_set1_groups
+ * # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+ * SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
+ * @param sslCtx the SSL context
+ * @param groupsList the groups list
+ * @param listLength the list length
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set1_groups(MemorySegment sslCtx, MemorySegment \
groupsList, int listLength) { + return SSL_CTX_ctrl(sslCtx, \
SSL_CTRL_SET_GROUPS(), listLength, groupsList); + }
+
+
+ /**
+ * Pass a path from which certificates are loaded into the store.
+ * # define X509_LOOKUP_add_dir(x,name,type) \
+ * X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+ * @param x509Lookup the X509 lookup
+ * @param name the path name
+ * @param type the type used
+ * @return > 0 if successful
+ */
+ public static long X509_LOOKUP_add_dir(MemorySegment x509Lookup, MemorySegment \
name, long type) { + return X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), \
name, X509_FILETYPE_PEM(), MemorySegment.NULL); + }
+
+ /**
+ * Pass a file which will be loaded into the store.
+ * # define X509_LOOKUP_load_file(x,name,type) \
+ * X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+ * @param x509Lookup
+ * @param name
+ * @param type
+ * @return
+ */
+ public static long X509_LOOKUP_load_file(MemorySegment x509Lookup, MemorySegment \
name, long type) { + return X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), \
name, X509_FILETYPE_PEM(), MemorySegment.NULL); + }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic