Lines 206-212
TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool,
Link Here
|
206 |
|
206 |
|
207 |
if (!ctx) { |
207 |
if (!ctx) { |
208 |
char err[256]; |
208 |
char err[256]; |
209 |
ERR_error_string(ERR_get_error(), err); |
209 |
ERR_error_string(SSL_ERR_get(), err); |
210 |
tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err); |
210 |
tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err); |
211 |
goto init_failed; |
211 |
goto init_failed; |
212 |
} |
212 |
} |
Lines 478-484
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx,
Link Here
|
478 |
if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) { |
478 |
if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) { |
479 |
#endif |
479 |
#endif |
480 |
char err[256]; |
480 |
char err[256]; |
481 |
ERR_error_string(ERR_get_error(), err); |
481 |
ERR_error_string(SSL_ERR_get(), err); |
482 |
tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); |
482 |
tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); |
483 |
rv = JNI_FALSE; |
483 |
rv = JNI_FALSE; |
484 |
} |
484 |
} |
Lines 512-518
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx
Link Here
|
512 |
if (J2S(file)) { |
512 |
if (J2S(file)) { |
513 |
lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file()); |
513 |
lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file()); |
514 |
if (lookup == NULL) { |
514 |
if (lookup == NULL) { |
515 |
ERR_error_string(ERR_get_error(), err); |
515 |
ERR_error_string(SSL_ERR_get(), err); |
516 |
X509_STORE_free(c->crl); |
516 |
X509_STORE_free(c->crl); |
517 |
c->crl = NULL; |
517 |
c->crl = NULL; |
518 |
tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err); |
518 |
tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err); |
Lines 523-529
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx
Link Here
|
523 |
if (J2S(path)) { |
523 |
if (J2S(path)) { |
524 |
lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir()); |
524 |
lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir()); |
525 |
if (lookup == NULL) { |
525 |
if (lookup == NULL) { |
526 |
ERR_error_string(ERR_get_error(), err); |
526 |
ERR_error_string(SSL_ERR_get(), err); |
527 |
X509_STORE_free(c->crl); |
527 |
X509_STORE_free(c->crl); |
528 |
c->crl = NULL; |
528 |
c->crl = NULL; |
529 |
tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err); |
529 |
tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err); |
Lines 577-583
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS,
Link Here
|
577 |
if (!SSL_CTX_load_verify_locations(c->ctx, |
577 |
if (!SSL_CTX_load_verify_locations(c->ctx, |
578 |
J2S(file), J2S(path))) { |
578 |
J2S(file), J2S(path))) { |
579 |
char err[256]; |
579 |
char err[256]; |
580 |
ERR_error_string(ERR_get_error(), err); |
580 |
ERR_error_string(SSL_ERR_get(), err); |
581 |
tcn_Throw(e, "Unable to configure locations " |
581 |
tcn_Throw(e, "Unable to configure locations " |
582 |
"for client authentication (%s)", err); |
582 |
"for client authentication (%s)", err); |
583 |
rv = JNI_FALSE; |
583 |
rv = JNI_FALSE; |
Lines 642-648
TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx,
Link Here
|
642 |
bio = BIO_new_file(J2S(file), "r"); |
642 |
bio = BIO_new_file(J2S(file), "r"); |
643 |
if (!bio) { |
643 |
if (!bio) { |
644 |
char err[256]; |
644 |
char err[256]; |
645 |
ERR_error_string(ERR_get_error(), err); |
645 |
ERR_error_string(SSL_ERR_get(), err); |
646 |
tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err); |
646 |
tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err); |
647 |
TCN_FREE_CSTRING(file); |
647 |
TCN_FREE_CSTRING(file); |
648 |
return; |
648 |
return; |
Lines 652-658
TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx,
Link Here
|
652 |
BIO_free(bio); |
652 |
BIO_free(bio); |
653 |
if (!dh) { |
653 |
if (!dh) { |
654 |
char err[256]; |
654 |
char err[256]; |
655 |
ERR_error_string(ERR_get_error(), err); |
655 |
ERR_error_string(SSL_ERR_get(), err); |
656 |
tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err); |
656 |
tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err); |
657 |
TCN_FREE_CSTRING(file); |
657 |
TCN_FREE_CSTRING(file); |
658 |
return; |
658 |
return; |
Lines 661-667
TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx,
Link Here
|
661 |
if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) { |
661 |
if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) { |
662 |
char err[256]; |
662 |
char err[256]; |
663 |
DH_free(dh); |
663 |
DH_free(dh); |
664 |
ERR_error_string(ERR_get_error(), err); |
664 |
ERR_error_string(SSL_ERR_get(), err); |
665 |
tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err); |
665 |
tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err); |
666 |
TCN_FREE_CSTRING(file); |
666 |
TCN_FREE_CSTRING(file); |
667 |
return; |
667 |
return; |
Lines 702-708
TCN_IMPLEMENT_CALL(void, SSLContext, setTmpECDHByCurveName)(TCN_STDARGS, jlong c
Link Here
|
702 |
if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) { |
702 |
if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) { |
703 |
char err[256]; |
703 |
char err[256]; |
704 |
EC_KEY_free(ecdh); |
704 |
EC_KEY_free(ecdh); |
705 |
ERR_error_string(ERR_get_error(), err); |
705 |
ERR_error_string(SSL_ERR_get(), err); |
706 |
tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err); |
706 |
tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err); |
707 |
TCN_FREE_CSTRING(curveName); |
707 |
TCN_FREE_CSTRING(curveName); |
708 |
return; |
708 |
return; |
Lines 809-815
static X509 *load_pem_cert(tcn_ssl_ctxt_t *c, const char *file)
Link Here
|
809 |
(void *)cb_data); |
809 |
(void *)cb_data); |
810 |
if (cert == NULL && |
810 |
if (cert == NULL && |
811 |
(ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) { |
811 |
(ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) { |
812 |
ERR_clear_error(); |
812 |
SSL_ERR_clear(); |
813 |
BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); |
813 |
BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); |
814 |
cert = d2i_X509_bio(bio, NULL); |
814 |
cert = d2i_X509_bio(bio, NULL); |
815 |
} |
815 |
} |
Lines 921-927
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
Link Here
|
921 |
} |
921 |
} |
922 |
if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) { |
922 |
if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) { |
923 |
if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) { |
923 |
if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) { |
924 |
ERR_error_string(ERR_get_error(), err); |
924 |
ERR_error_string(SSL_ERR_get(), err); |
925 |
tcn_Throw(e, "Unable to load certificate %s (%s)", |
925 |
tcn_Throw(e, "Unable to load certificate %s (%s)", |
926 |
cert_file, err); |
926 |
cert_file, err); |
927 |
rv = JNI_FALSE; |
927 |
rv = JNI_FALSE; |
Lines 930-943
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
Link Here
|
930 |
} |
930 |
} |
931 |
else { |
931 |
else { |
932 |
if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) { |
932 |
if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) { |
933 |
ERR_error_string(ERR_get_error(), err); |
933 |
ERR_error_string(SSL_ERR_get(), err); |
934 |
tcn_Throw(e, "Unable to load certificate key %s (%s)", |
934 |
tcn_Throw(e, "Unable to load certificate key %s (%s)", |
935 |
key_file, err); |
935 |
key_file, err); |
936 |
rv = JNI_FALSE; |
936 |
rv = JNI_FALSE; |
937 |
goto cleanup; |
937 |
goto cleanup; |
938 |
} |
938 |
} |
939 |
if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) { |
939 |
if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) { |
940 |
ERR_error_string(ERR_get_error(), err); |
940 |
ERR_error_string(SSL_ERR_get(), err); |
941 |
tcn_Throw(e, "Unable to load certificate %s (%s)", |
941 |
tcn_Throw(e, "Unable to load certificate %s (%s)", |
942 |
cert_file, err); |
942 |
cert_file, err); |
943 |
rv = JNI_FALSE; |
943 |
rv = JNI_FALSE; |
Lines 945-963
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx,
Link Here
|
945 |
} |
945 |
} |
946 |
} |
946 |
} |
947 |
if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) { |
947 |
if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) { |
948 |
ERR_error_string(ERR_get_error(), err); |
948 |
ERR_error_string(SSL_ERR_get(), err); |
949 |
tcn_Throw(e, "Error setting certificate (%s)", err); |
949 |
tcn_Throw(e, "Error setting certificate (%s)", err); |
950 |
rv = JNI_FALSE; |
950 |
rv = JNI_FALSE; |
951 |
goto cleanup; |
951 |
goto cleanup; |
952 |
} |
952 |
} |
953 |
if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) { |
953 |
if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) { |
954 |
ERR_error_string(ERR_get_error(), err); |
954 |
ERR_error_string(SSL_ERR_get(), err); |
955 |
tcn_Throw(e, "Error setting private key (%s)", err); |
955 |
tcn_Throw(e, "Error setting private key (%s)", err); |
956 |
rv = JNI_FALSE; |
956 |
rv = JNI_FALSE; |
957 |
goto cleanup; |
957 |
goto cleanup; |
958 |
} |
958 |
} |
959 |
if (SSL_CTX_check_private_key(c->ctx) <= 0) { |
959 |
if (SSL_CTX_check_private_key(c->ctx) <= 0) { |
960 |
ERR_error_string(ERR_get_error(), err); |
960 |
ERR_error_string(SSL_ERR_get(), err); |
961 |
tcn_Throw(e, "Private key does not match the certificate public key (%s)", |
961 |
tcn_Throw(e, "Private key does not match the certificate public key (%s)", |
962 |
err); |
962 |
err); |
963 |
rv = JNI_FALSE; |
963 |
rv = JNI_FALSE; |
Lines 1050-1056
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c
Link Here
|
1050 |
tmp = (const unsigned char *)cert; |
1050 |
tmp = (const unsigned char *)cert; |
1051 |
certs = d2i_X509(NULL, &tmp, lengthOfCert); |
1051 |
certs = d2i_X509(NULL, &tmp, lengthOfCert); |
1052 |
if (certs == NULL) { |
1052 |
if (certs == NULL) { |
1053 |
ERR_error_string(ERR_get_error(), err); |
1053 |
ERR_error_string(SSL_ERR_get(), err); |
1054 |
tcn_Throw(e, "Error reading certificate (%s)", err); |
1054 |
tcn_Throw(e, "Error reading certificate (%s)", err); |
1055 |
rv = JNI_FALSE; |
1055 |
rv = JNI_FALSE; |
1056 |
goto cleanup; |
1056 |
goto cleanup; |
Lines 1066-1072
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c
Link Here
|
1066 |
evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL); |
1066 |
evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL); |
1067 |
if (evp == NULL) { |
1067 |
if (evp == NULL) { |
1068 |
BIO_free(bio); |
1068 |
BIO_free(bio); |
1069 |
ERR_error_string(ERR_get_error(), err); |
1069 |
ERR_error_string(SSL_ERR_get(), err); |
1070 |
tcn_Throw(e, "Error reading private key (%s)", err); |
1070 |
tcn_Throw(e, "Error reading private key (%s)", err); |
1071 |
rv = JNI_FALSE; |
1071 |
rv = JNI_FALSE; |
1072 |
goto cleanup; |
1072 |
goto cleanup; |
Lines 1078-1096
TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c
Link Here
|
1078 |
c->keys[idx] = evp; |
1078 |
c->keys[idx] = evp; |
1079 |
|
1079 |
|
1080 |
if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) { |
1080 |
if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) { |
1081 |
ERR_error_string(ERR_get_error(), err); |
1081 |
ERR_error_string(SSL_ERR_get(), err); |
1082 |
tcn_Throw(e, "Error setting certificate (%s)", err); |
1082 |
tcn_Throw(e, "Error setting certificate (%s)", err); |
1083 |
rv = JNI_FALSE; |
1083 |
rv = JNI_FALSE; |
1084 |
goto cleanup; |
1084 |
goto cleanup; |
1085 |
} |
1085 |
} |
1086 |
if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) { |
1086 |
if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) { |
1087 |
ERR_error_string(ERR_get_error(), err); |
1087 |
ERR_error_string(SSL_ERR_get(), err); |
1088 |
tcn_Throw(e, "Error setting private key (%s)", err); |
1088 |
tcn_Throw(e, "Error setting private key (%s)", err); |
1089 |
rv = JNI_FALSE; |
1089 |
rv = JNI_FALSE; |
1090 |
goto cleanup; |
1090 |
goto cleanup; |
1091 |
} |
1091 |
} |
1092 |
if (SSL_CTX_check_private_key(c->ctx) <= 0) { |
1092 |
if (SSL_CTX_check_private_key(c->ctx) <= 0) { |
1093 |
ERR_error_string(ERR_get_error(), err); |
1093 |
ERR_error_string(SSL_ERR_get(), err); |
1094 |
tcn_Throw(e, "Private key does not match the certificate public key (%s)", |
1094 |
tcn_Throw(e, "Private key does not match the certificate public key (%s)", |
1095 |
err); |
1095 |
err); |
1096 |
rv = JNI_FALSE; |
1096 |
rv = JNI_FALSE; |
Lines 1145-1155
TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, jl
Link Here
|
1145 |
tmp = (const unsigned char *)cert; |
1145 |
tmp = (const unsigned char *)cert; |
1146 |
certs = d2i_X509(NULL, &tmp, lengthOfCert); |
1146 |
certs = d2i_X509(NULL, &tmp, lengthOfCert); |
1147 |
if (certs == NULL) { |
1147 |
if (certs == NULL) { |
1148 |
ERR_error_string(ERR_get_error(), err); |
1148 |
ERR_error_string(SSL_ERR_get(), err); |
1149 |
tcn_Throw(e, "Error reading certificate (%s)", err); |
1149 |
tcn_Throw(e, "Error reading certificate (%s)", err); |
1150 |
rv = JNI_FALSE; |
1150 |
rv = JNI_FALSE; |
1151 |
} else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) { |
1151 |
} else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) { |
1152 |
ERR_error_string(ERR_get_error(), err); |
1152 |
ERR_error_string(SSL_ERR_get(), err); |
1153 |
tcn_Throw(e, "Error adding certificate to chain (%s)", err); |
1153 |
tcn_Throw(e, "Error adding certificate to chain (%s)", err); |
1154 |
rv = JNI_FALSE; |
1154 |
rv = JNI_FALSE; |
1155 |
} |
1155 |
} |