View | Details | Raw Unified | Return to bug 59797
Collapse All | Expand All

(-)a/native/include/ssl_private.h (+9 lines)
Lines 363-366 int SSL_callback_select_next_proto(SSL *, unsigned char **, unsigned cha Link Here
363
int         SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *);
363
int         SSL_callback_alpn_select_proto(SSL *, const unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *);
364
364
365
365
366
void SSL_thread_exit(void);
367
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) && ! defined(WIN32)
368
unsigned long SSL_ERR_get(void);
369
void SSL_ERR_clear(void);
370
#else
371
#define SSL_ERR_get() ERR_get_error()
372
#define SSL_ERR_clear() ERR_clear_error()
373
#endif
374
366
#endif /* SSL_PRIVATE_H */
375
#endif /* SSL_PRIVATE_H */
(-)a/native/os/win32/system.c (+3 lines)
Lines 101-106 DllMain( Link Here
101
        /** The thread of the attached process terminates.
101
        /** The thread of the attached process terminates.
102
         */
102
         */
103
        case DLL_THREAD_DETACH:
103
        case DLL_THREAD_DETACH:
104
#ifdef HAVE_OPENSSL
105
            SSL_thread_exit();
106
#endif
104
            break;
107
            break;
105
108
106
        /** DLL unload due to process termination
109
        /** DLL unload due to process termination
(-)a/native/src/ssl.c (-4 / +30 lines)
Lines 49-54 struct CRYPTO_dynlock_value { Link Here
49
    int line;
49
    int line;
50
    apr_thread_mutex_t *mutex;
50
    apr_thread_mutex_t *mutex;
51
};
51
};
52
53
apr_threadkey_t *thread_exit_key;
52
#endif
54
#endif
53
55
54
/*
56
/*
Lines 435-441 static unsigned long ssl_thread_id(void) Link Here
435
#endif
437
#endif
436
}
438
}
437
439
440
void SSL_thread_exit(void) {
441
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
442
    ERR_remove_thread_state(NULL);
443
    apr_threadkey_private_set(NULL, thread_exit_key);
444
#endif
445
}
446
438
#if OPENSSL_VERSION_NUMBER < 0x10100000L
447
#if OPENSSL_VERSION_NUMBER < 0x10100000L
448
unsigned long SSL_ERR_get() {
449
    apr_threadkey_private_set(thread_exit_key, thread_exit_key);
450
    return ERR_get_error();
451
}
452
453
void SSL_ERR_clear() {
454
    apr_threadkey_private_set(thread_exit_key, thread_exit_key);
455
    ERR_clear_error();
456
}
457
458
static void _ssl_thread_exit(void *data) {
459
    UNREFERENCED(data);
460
    SSL_thread_exit();
461
}
462
439
static void ssl_set_thread_id(CRYPTO_THREADID *id)
463
static void ssl_set_thread_id(CRYPTO_THREADID *id)
440
{
464
{
441
    CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
465
    CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
Lines 558-563 static void ssl_thread_setup(apr_pool_t *p) Link Here
558
582
559
    apr_pool_cleanup_register(p, NULL, ssl_thread_cleanup,
583
    apr_pool_cleanup_register(p, NULL, ssl_thread_cleanup,
560
                              apr_pool_cleanup_null);
584
                              apr_pool_cleanup_null);
585
586
    apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit, p);
561
}
587
}
562
#endif
588
#endif
563
589
Lines 859-865 TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode) Link Here
859
#ifdef OPENSSL_FIPS
885
#ifdef OPENSSL_FIPS
860
    if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
886
    if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
861
      /* arrange to get a human-readable error message */
887
      /* arrange to get a human-readable error message */
862
      unsigned long err = ERR_get_error();
888
      unsigned long err = SSL_ERR_get();
863
      char msg[256];
889
      char msg[256];
864
890
865
      /* ERR_load_crypto_strings() already called in initialize() */
891
      /* ERR_load_crypto_strings() already called in initialize() */
Lines 1196-1202 TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) Link Here
1196
{
1222
{
1197
    char buf[256];
1223
    char buf[256];
1198
    UNREFERENCED(o);
1224
    UNREFERENCED(o);
1199
    ERR_error_string(ERR_get_error(), buf);
1225
    ERR_error_string(SSL_ERR_get(), buf);
1200
    return tcn_new_string(e, buf);
1226
    return tcn_new_string(e, buf);
1201
}
1227
}
1202
1228
Lines 1208-1214 TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op) Link Here
1208
/*** Begin Twitter 1:1 API addition ***/
1234
/*** Begin Twitter 1:1 API addition ***/
1209
TCN_IMPLEMENT_CALL(jint, SSL, getLastErrorNumber)(TCN_STDARGS) {
1235
TCN_IMPLEMENT_CALL(jint, SSL, getLastErrorNumber)(TCN_STDARGS) {
1210
    UNREFERENCED_STDARGS;
1236
    UNREFERENCED_STDARGS;
1211
    return ERR_get_error();
1237
    return SSL_ERR_get();
1212
}
1238
}
1213
1239
1214
static void ssl_info_callback(const SSL *ssl, int where, int ret) {
1240
static void ssl_info_callback(const SSL *ssl, int where, int ret) {
Lines 1784-1790 TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl, Link Here
1784
    }
1810
    }
1785
    if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
1811
    if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
1786
        char err[256];
1812
        char err[256];
1787
        ERR_error_string(ERR_get_error(), err);
1813
        ERR_error_string(SSL_ERR_get(), err);
1788
        tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
1814
        tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
1789
        rv = JNI_FALSE;
1815
        rv = JNI_FALSE;
1790
    }
1816
    }
(-)a/native/src/sslcontext.c (-23 / +23 lines)
Lines 206-212 TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool, Link Here
206
206
207
    if (!ctx) {
207
    if (!ctx) {
208
        char err[256];
208
        char err[256];
209
        ERR_error_string(ERR_get_error(), err);
209
        ERR_error_string(SSL_ERR_get(), err);
210
        tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);
210
        tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);
211
        goto init_failed;
211
        goto init_failed;
212
    }
212
    }
Lines 478-484 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx, Link Here
478
    if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
478
    if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
479
#endif
479
#endif
480
        char err[256];
480
        char err[256];
481
        ERR_error_string(ERR_get_error(), err);
481
        ERR_error_string(SSL_ERR_get(), err);
482
        tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
482
        tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
483
        rv = JNI_FALSE;
483
        rv = JNI_FALSE;
484
    }
484
    }
Lines 512-518 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx Link Here
512
    if (J2S(file)) {
512
    if (J2S(file)) {
513
        lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());
513
        lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());
514
        if (lookup == NULL) {
514
        if (lookup == NULL) {
515
            ERR_error_string(ERR_get_error(), err);
515
            ERR_error_string(SSL_ERR_get(), err);
516
            X509_STORE_free(c->crl);
516
            X509_STORE_free(c->crl);
517
            c->crl = NULL;
517
            c->crl = NULL;
518
            tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
518
            tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
Lines 523-529 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx Link Here
523
    if (J2S(path)) {
523
    if (J2S(path)) {
524
        lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
524
        lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
525
        if (lookup == NULL) {
525
        if (lookup == NULL) {
526
            ERR_error_string(ERR_get_error(), err);
526
            ERR_error_string(SSL_ERR_get(), err);
527
            X509_STORE_free(c->crl);
527
            X509_STORE_free(c->crl);
528
            c->crl = NULL;
528
            c->crl = NULL;
529
            tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);
529
            tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);
Lines 577-583 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, Link Here
577
    if (!SSL_CTX_load_verify_locations(c->ctx,
577
    if (!SSL_CTX_load_verify_locations(c->ctx,
578
                                       J2S(file), J2S(path))) {
578
                                       J2S(file), J2S(path))) {
579
        char err[256];
579
        char err[256];
580
        ERR_error_string(ERR_get_error(), err);
580
        ERR_error_string(SSL_ERR_get(), err);
581
        tcn_Throw(e, "Unable to configure locations "
581
        tcn_Throw(e, "Unable to configure locations "
582
                  "for client authentication (%s)", err);
582
                  "for client authentication (%s)", err);
583
        rv = JNI_FALSE;
583
        rv = JNI_FALSE;
Lines 642-648 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx, Link Here
642
    bio = BIO_new_file(J2S(file), "r");
642
    bio = BIO_new_file(J2S(file), "r");
643
    if (!bio) {
643
    if (!bio) {
644
        char err[256];
644
        char err[256];
645
        ERR_error_string(ERR_get_error(), err);
645
        ERR_error_string(SSL_ERR_get(), err);
646
        tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err);
646
        tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err);
647
        TCN_FREE_CSTRING(file);
647
        TCN_FREE_CSTRING(file);
648
        return;
648
        return;
Lines 652-658 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx, Link Here
652
    BIO_free(bio);
652
    BIO_free(bio);
653
    if (!dh) {
653
    if (!dh) {
654
        char err[256];
654
        char err[256];
655
        ERR_error_string(ERR_get_error(), err);
655
        ERR_error_string(SSL_ERR_get(), err);
656
        tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err);
656
        tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err);
657
        TCN_FREE_CSTRING(file);
657
        TCN_FREE_CSTRING(file);
658
        return;
658
        return;
Lines 661-667 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx, Link Here
661
    if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) {
661
    if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) {
662
        char err[256];
662
        char err[256];
663
        DH_free(dh);
663
        DH_free(dh);
664
        ERR_error_string(ERR_get_error(), err);
664
        ERR_error_string(SSL_ERR_get(), err);
665
        tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err);
665
        tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err);
666
        TCN_FREE_CSTRING(file);
666
        TCN_FREE_CSTRING(file);
667
        return;
667
        return;
Lines 702-708 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpECDHByCurveName)(TCN_STDARGS, jlong c Link Here
702
    if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) {
702
    if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) {
703
        char err[256];
703
        char err[256];
704
        EC_KEY_free(ecdh);
704
        EC_KEY_free(ecdh);
705
        ERR_error_string(ERR_get_error(), err);
705
        ERR_error_string(SSL_ERR_get(), err);
706
        tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err);
706
        tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err);
707
        TCN_FREE_CSTRING(curveName);
707
        TCN_FREE_CSTRING(curveName);
708
        return;
708
        return;
Lines 809-815 static X509 *load_pem_cert(tcn_ssl_ctxt_t *c, const char *file) Link Here
809
                (void *)cb_data);
809
                (void *)cb_data);
810
    if (cert == NULL &&
810
    if (cert == NULL &&
811
       (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
811
       (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
812
        ERR_clear_error();
812
        SSL_ERR_clear();
813
        BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
813
        BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
814
        cert = d2i_X509_bio(bio, NULL);
814
        cert = d2i_X509_bio(bio, NULL);
815
    }
815
    }
Lines 921-927 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, Link Here
921
    }
921
    }
922
    if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {
922
    if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {
923
        if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) {
923
        if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) {
924
            ERR_error_string(ERR_get_error(), err);
924
            ERR_error_string(SSL_ERR_get(), err);
925
            tcn_Throw(e, "Unable to load certificate %s (%s)",
925
            tcn_Throw(e, "Unable to load certificate %s (%s)",
926
                      cert_file, err);
926
                      cert_file, err);
927
            rv = JNI_FALSE;
927
            rv = JNI_FALSE;
Lines 930-943 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, Link Here
930
    }
930
    }
931
    else {
931
    else {
932
        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
932
        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
933
            ERR_error_string(ERR_get_error(), err);
933
            ERR_error_string(SSL_ERR_get(), err);
934
            tcn_Throw(e, "Unable to load certificate key %s (%s)",
934
            tcn_Throw(e, "Unable to load certificate key %s (%s)",
935
                      key_file, err);
935
                      key_file, err);
936
            rv = JNI_FALSE;
936
            rv = JNI_FALSE;
937
            goto cleanup;
937
            goto cleanup;
938
        }
938
        }
939
        if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) {
939
        if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) {
940
            ERR_error_string(ERR_get_error(), err);
940
            ERR_error_string(SSL_ERR_get(), err);
941
            tcn_Throw(e, "Unable to load certificate %s (%s)",
941
            tcn_Throw(e, "Unable to load certificate %s (%s)",
942
                      cert_file, err);
942
                      cert_file, err);
943
            rv = JNI_FALSE;
943
            rv = JNI_FALSE;
Lines 945-963 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, Link Here
945
        }
945
        }
946
    }
946
    }
947
    if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
947
    if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
948
        ERR_error_string(ERR_get_error(), err);
948
        ERR_error_string(SSL_ERR_get(), err);
949
        tcn_Throw(e, "Error setting certificate (%s)", err);
949
        tcn_Throw(e, "Error setting certificate (%s)", err);
950
        rv = JNI_FALSE;
950
        rv = JNI_FALSE;
951
        goto cleanup;
951
        goto cleanup;
952
    }
952
    }
953
    if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
953
    if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
954
        ERR_error_string(ERR_get_error(), err);
954
        ERR_error_string(SSL_ERR_get(), err);
955
        tcn_Throw(e, "Error setting private key (%s)", err);
955
        tcn_Throw(e, "Error setting private key (%s)", err);
956
        rv = JNI_FALSE;
956
        rv = JNI_FALSE;
957
        goto cleanup;
957
        goto cleanup;
958
    }
958
    }
959
    if (SSL_CTX_check_private_key(c->ctx) <= 0) {
959
    if (SSL_CTX_check_private_key(c->ctx) <= 0) {
960
        ERR_error_string(ERR_get_error(), err);
960
        ERR_error_string(SSL_ERR_get(), err);
961
        tcn_Throw(e, "Private key does not match the certificate public key (%s)",
961
        tcn_Throw(e, "Private key does not match the certificate public key (%s)",
962
                  err);
962
                  err);
963
        rv = JNI_FALSE;
963
        rv = JNI_FALSE;
Lines 1050-1056 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c Link Here
1050
    tmp = (const unsigned char *)cert;
1050
    tmp = (const unsigned char *)cert;
1051
    certs = d2i_X509(NULL, &tmp, lengthOfCert);
1051
    certs = d2i_X509(NULL, &tmp, lengthOfCert);
1052
    if (certs == NULL) {
1052
    if (certs == NULL) {
1053
        ERR_error_string(ERR_get_error(), err);
1053
        ERR_error_string(SSL_ERR_get(), err);
1054
        tcn_Throw(e, "Error reading certificate (%s)", err);
1054
        tcn_Throw(e, "Error reading certificate (%s)", err);
1055
        rv = JNI_FALSE;
1055
        rv = JNI_FALSE;
1056
        goto cleanup;
1056
        goto cleanup;
Lines 1066-1072 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c Link Here
1066
    evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
1066
    evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
1067
    if (evp == NULL) {
1067
    if (evp == NULL) {
1068
        BIO_free(bio);
1068
        BIO_free(bio);
1069
        ERR_error_string(ERR_get_error(), err);
1069
        ERR_error_string(SSL_ERR_get(), err);
1070
        tcn_Throw(e, "Error reading private key (%s)", err);
1070
        tcn_Throw(e, "Error reading private key (%s)", err);
1071
        rv = JNI_FALSE;
1071
        rv = JNI_FALSE;
1072
        goto cleanup;
1072
        goto cleanup;
Lines 1078-1096 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c Link Here
1078
    c->keys[idx] = evp;
1078
    c->keys[idx] = evp;
1079
1079
1080
    if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
1080
    if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
1081
        ERR_error_string(ERR_get_error(), err);
1081
        ERR_error_string(SSL_ERR_get(), err);
1082
        tcn_Throw(e, "Error setting certificate (%s)", err);
1082
        tcn_Throw(e, "Error setting certificate (%s)", err);
1083
        rv = JNI_FALSE;
1083
        rv = JNI_FALSE;
1084
        goto cleanup;
1084
        goto cleanup;
1085
    }
1085
    }
1086
    if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
1086
    if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
1087
        ERR_error_string(ERR_get_error(), err);
1087
        ERR_error_string(SSL_ERR_get(), err);
1088
        tcn_Throw(e, "Error setting private key (%s)", err);
1088
        tcn_Throw(e, "Error setting private key (%s)", err);
1089
        rv = JNI_FALSE;
1089
        rv = JNI_FALSE;
1090
        goto cleanup;
1090
        goto cleanup;
1091
    }
1091
    }
1092
    if (SSL_CTX_check_private_key(c->ctx) <= 0) {
1092
    if (SSL_CTX_check_private_key(c->ctx) <= 0) {
1093
        ERR_error_string(ERR_get_error(), err);
1093
        ERR_error_string(SSL_ERR_get(), err);
1094
        tcn_Throw(e, "Private key does not match the certificate public key (%s)",
1094
        tcn_Throw(e, "Private key does not match the certificate public key (%s)",
1095
                  err);
1095
                  err);
1096
        rv = JNI_FALSE;
1096
        rv = JNI_FALSE;
Lines 1145-1155 TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, jl Link Here
1145
    tmp = (const unsigned char *)cert;
1145
    tmp = (const unsigned char *)cert;
1146
    certs = d2i_X509(NULL, &tmp, lengthOfCert);
1146
    certs = d2i_X509(NULL, &tmp, lengthOfCert);
1147
    if (certs == NULL) {
1147
    if (certs == NULL) {
1148
        ERR_error_string(ERR_get_error(), err);
1148
        ERR_error_string(SSL_ERR_get(), err);
1149
        tcn_Throw(e, "Error reading certificate (%s)", err);
1149
        tcn_Throw(e, "Error reading certificate (%s)", err);
1150
        rv = JNI_FALSE;
1150
        rv = JNI_FALSE;
1151
    } else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
1151
    } else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
1152
        ERR_error_string(ERR_get_error(), err);
1152
        ERR_error_string(SSL_ERR_get(), err);
1153
        tcn_Throw(e, "Error adding certificate to chain (%s)", err);
1153
        tcn_Throw(e, "Error adding certificate to chain (%s)", err);
1154
        rv = JNI_FALSE;
1154
        rv = JNI_FALSE;
1155
    }
1155
    }
(-)a/native/src/sslnetwork.c (-4 / +4 lines)
Lines 127-133 static tcn_ssl_conn_t *ssl_create(JNIEnv *env, tcn_ssl_ctxt_t *ctx, apr_pool_t * Link Here
127
    }
127
    }
128
    if ((ssl = SSL_new(ctx->ctx)) == NULL) {
128
    if ((ssl = SSL_new(ctx->ctx)) == NULL) {
129
        char err[256];
129
        char err[256];
130
        ERR_error_string(ERR_get_error(), err);
130
        ERR_error_string(SSL_ERR_get(), err);
131
        tcn_Throw(env, "SSL_new failed (%s)", err);
131
        tcn_Throw(env, "SSL_new failed (%s)", err);
132
        con = NULL;
132
        con = NULL;
133
        return NULL;
133
        return NULL;
Lines 320-326 TCN_IMPLEMENT_CALL(jint, SSLSocket, handshake)(TCN_STDARGS, jlong sock) Link Here
320
320
321
    apr_socket_timeout_get(con->sock, &timeout);
321
    apr_socket_timeout_get(con->sock, &timeout);
322
    while (!SSL_is_init_finished(con->ssl)) {
322
    while (!SSL_is_init_finished(con->ssl)) {
323
        ERR_clear_error();
323
        SSL_ERR_clear();
324
        if ((s = SSL_do_handshake(con->ssl)) <= 0) {
324
        if ((s = SSL_do_handshake(con->ssl)) <= 0) {
325
            if (!con->ssl)
325
            if (!con->ssl)
326
                return APR_ENOTSOCK;
326
                return APR_ENOTSOCK;
Lines 406-412 ssl_socket_recv(apr_socket_t *sock, char *buf, apr_size_t *len) Link Here
406
    }
406
    }
407
    apr_socket_timeout_get(con->sock, &timeout);
407
    apr_socket_timeout_get(con->sock, &timeout);
408
    for (;;) {
408
    for (;;) {
409
        ERR_clear_error();
409
        SSL_ERR_clear();
410
        if ((s = SSL_read(con->ssl, buf, rd)) <= 0) {
410
        if ((s = SSL_read(con->ssl, buf, rd)) <= 0) {
411
            if (!con->ssl)
411
            if (!con->ssl)
412
                return APR_ENOTSOCK;
412
                return APR_ENOTSOCK;
Lines 488-494 ssl_socket_send(apr_socket_t *sock, const char *buf, Link Here
488
    }
488
    }
489
    apr_socket_timeout_get(con->sock, &timeout);
489
    apr_socket_timeout_get(con->sock, &timeout);
490
    for (;;) {
490
    for (;;) {
491
        ERR_clear_error();
491
        SSL_ERR_clear();
492
        if ((s = SSL_write(con->ssl, buf, wr)) <= 0) {
492
        if ((s = SSL_write(con->ssl, buf, wr)) <= 0) {
493
            if (!con->ssl)
493
            if (!con->ssl)
494
                return APR_ENOTSOCK;
494
                return APR_ENOTSOCK;
(-)a/native/src/sslutils.c (-2 / +1 lines)
Lines 281-287 int SSL_CTX_use_certificate_chain(SSL_CTX *ctx, const char *file, Link Here
281
            BIO_free(bio);
281
            BIO_free(bio);
282
            return -1;
282
            return -1;
283
        }
283
        }
284
        while (ERR_get_error() > 0) ;
284
        while (SSL_ERR_get() > 0) ;
285
    }
285
    }
286
    BIO_free(bio);
286
    BIO_free(bio);
287
    return n;
287
    return n;
288
- 

Return to bug 59797