Attachment #34686 for bug #59797

View | Details | Raw Unified | Return to bug 59797
Collapse All | Expand All

Lines 363-366 int SSL_callback_select_next_proto(SSL , unsigned char *, unsigned cha Link Here

(-)a/native/include/ssl_private.h (+9 lines)
363	int SSL_callback_alpn_select_proto(SSL , const unsigned char , unsigned char , const unsigned char , unsigned int, void );	363	int SSL_callback_alpn_select_proto(SSL , const unsigned char , unsigned char , const unsigned char , unsigned int, void );
364		364
365		365
		366	void SSL_thread_exit(void);
		367	#if (OPENSSL_VERSION_NUMBER < 0x10100000L) && ! defined(WIN32)
		368	unsigned long SSL_ERR_get(void);
		369	void SSL_ERR_clear(void);
		370	#else
		371	#define SSL_ERR_get() ERR_get_error()
		372	#define SSL_ERR_clear() ERR_clear_error()
		373	#endif
		374
366	#endif /* SSL_PRIVATE_H */	375	#endif /* SSL_PRIVATE_H */

Lines 101-106 DllMain( Link Here

(-)a/native/os/win32/system.c (+3 lines)
101	/** The thread of the attached process terminates.	101	/** The thread of the attached process terminates.
102	*/	102	*/
103	case DLL_THREAD_DETACH:	103	case DLL_THREAD_DETACH:
		104	#ifdef HAVE_OPENSSL
		105	SSL_thread_exit();
		106	#endif
104	break;	107	break;
105		108
106	/** DLL unload due to process termination	109	/** DLL unload due to process termination

Lines 49-54 struct CRYPTO_dynlock_value { Link Here

(-)a/native/src/ssl.c (-5 / +39 lines)
49	int line;	49	int line;
50	apr_thread_mutex_t *mutex;	50	apr_thread_mutex_t *mutex;
51	};	51	};
		52
		53	apr_threadkey_t *thread_exit_key;
52	#endif	54	#endif
53		55
54	/*	56	/*
Lines 435-441 static unsigned long ssl_thread_id(void) Link Here
435	#endif	437	#endif
436	}	438	}
437		439
		440	void SSL_thread_exit(void) {
		441	#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
		442	ERR_remove_thread_state(NULL);
		443	apr_threadkey_private_set(NULL, thread_exit_key);
		444	#endif
		445	}
		446
438	#if OPENSSL_VERSION_NUMBER < 0x10100000L	447	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		448	unsigned long SSL_ERR_get() {
		449	apr_threadkey_private_set(thread_exit_key, thread_exit_key);
		450	return ERR_get_error();
		451	}
		452
		453	void SSL_ERR_clear() {
		454	apr_threadkey_private_set(thread_exit_key, thread_exit_key);
		455	ERR_clear_error();
		456	}
		457
		458	static void _ssl_thread_exit(void *data) {
		459	UNREFERENCED(data);
		460	SSL_thread_exit();
		461	}
		462
439	static void ssl_set_thread_id(CRYPTO_THREADID *id)	463	static void ssl_set_thread_id(CRYPTO_THREADID *id)
440	{	464	{
441	CRYPTO_THREADID_set_numeric(id, ssl_thread_id());	465	CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
Lines 700-705 TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) Link Here
700	{	724	{
701	jclass clazz;	725	jclass clazz;
702	jclass sClazz;	726	jclass sClazz;
		727	#if !defined(OPENSSL_NO_ENGINE) \|\| OPENSSL_VERSION_NUMBER < 0x10100000L
		728	apr_status_t err = APR_SUCCESS;
		729	#endif
703		730
704	TCN_ALLOC_CSTRING(engine);	731	TCN_ALLOC_CSTRING(engine);
705		732
Lines 729-734 TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) Link Here
729	OPENSSL_load_builtin_modules();	756	OPENSSL_load_builtin_modules();
730		757
731	#if OPENSSL_VERSION_NUMBER < 0x10100000L	758	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		759	err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
		760	tcn_global_pool);
		761	if (err != APR_SUCCESS) {
		762	ssl_init_cleanup(NULL);
		763	tcn_ThrowAPRException(e, err);
		764	return (jint)err;
		765	}
		766
732	/* Initialize thread support */	767	/* Initialize thread support */
733	ssl_thread_setup(tcn_global_pool);	768	ssl_thread_setup(tcn_global_pool);
734	#endif	769	#endif
Lines 736-742 TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) Link Here
736	#ifndef OPENSSL_NO_ENGINE	771	#ifndef OPENSSL_NO_ENGINE
737	if (J2S(engine)) {	772	if (J2S(engine)) {
738	ENGINE *ee = NULL;	773	ENGINE *ee = NULL;
739	apr_status_t err = APR_SUCCESS;
740	if(strcmp(J2S(engine), "auto") == 0) {	774	if(strcmp(J2S(engine), "auto") == 0) {
741	ENGINE_register_all_complete();	775	ENGINE_register_all_complete();
742	}	776	}
Lines 859-865 TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode) Link Here
859	#ifdef OPENSSL_FIPS	893	#ifdef OPENSSL_FIPS
860	if(1 != (r = (jint)FIPS_mode_set((int)mode))) {	894	if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
861	/* arrange to get a human-readable error message */	895	/* arrange to get a human-readable error message */
862	unsigned long err = ERR_get_error();	896	unsigned long err = SSL_ERR_get();
863	char msg[256];	897	char msg[256];
864		898
865	/* ERR_load_crypto_strings() already called in initialize() */	899	/* ERR_load_crypto_strings() already called in initialize() */
Lines 1196-1202 TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) Link Here
1196	{	1230	{
1197	char buf[256];	1231	char buf[256];
1198	UNREFERENCED(o);	1232	UNREFERENCED(o);
1199	ERR_error_string(ERR_get_error(), buf);	1233	ERR_error_string(SSL_ERR_get(), buf);
1200	return tcn_new_string(e, buf);	1234	return tcn_new_string(e, buf);
1201	}	1235	}
1202		1236
Lines 1208-1214 TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op) Link Here
1208	/* Begin Twitter 1:1 API addition */	1242	/* Begin Twitter 1:1 API addition */
1209	TCN_IMPLEMENT_CALL(jint, SSL, getLastErrorNumber)(TCN_STDARGS) {	1243	TCN_IMPLEMENT_CALL(jint, SSL, getLastErrorNumber)(TCN_STDARGS) {
1210	UNREFERENCED_STDARGS;	1244	UNREFERENCED_STDARGS;
1211	return ERR_get_error();	1245	return SSL_ERR_get();
1212	}	1246	}
1213		1247
1214	static void ssl_info_callback(const SSL *ssl, int where, int ret) {	1248	static void ssl_info_callback(const SSL *ssl, int where, int ret) {
Lines 1784-1790 TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl, Link Here
1784	}	1818	}
1785	if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {	1819	if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
1786	char err[256];	1820	char err[256];
1787	ERR_error_string(ERR_get_error(), err);	1821	ERR_error_string(SSL_ERR_get(), err);
1788	tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);	1822	tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
1789	rv = JNI_FALSE;	1823	rv = JNI_FALSE;
1790	}	1824	}





    if (!ctx) {
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);
        goto init_failed;
    }

    if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
#endif
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
        rv = JNI_FALSE;
    }

    if (J2S(file)) {
        lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());
        if (lookup == NULL) {
            ERR_error_string(SSL_ERR_get(), err);
            X509_STORE_free(c->crl);
            c->crl = NULL;
            tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);

    if (J2S(path)) {
        lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
        if (lookup == NULL) {
            ERR_error_string(SSL_ERR_get(), err);
            X509_STORE_free(c->crl);
            c->crl = NULL;
            tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);

    if (!SSL_CTX_load_verify_locations(c->ctx,
                                       J2S(file), J2S(path))) {
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Unable to configure locations "
                  "for client authentication (%s)", err);
        rv = JNI_FALSE;

    bio = BIO_new_file(J2S(file), "r");
    if (!bio) {
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err);
        TCN_FREE_CSTRING(file);
        return;

    BIO_free(bio);
    if (!dh) {
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err);
        TCN_FREE_CSTRING(file);
        return;

    if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) {
        char err[256];
        DH_free(dh);
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err);
        TCN_FREE_CSTRING(file);
        return;

    if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) {
        char err[256];
        EC_KEY_free(ecdh);
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err);
        TCN_FREE_CSTRING(curveName);
        return;

                (void *)cb_data);
    if (cert == NULL &&
       (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
        SSL_ERR_clear();
        BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
        cert = d2i_X509_bio(bio, NULL);
    }

    }
    if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {
        if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) {
            ERR_error_string(SSL_ERR_get(), err);
            tcn_Throw(e, "Unable to load certificate %s (%s)",
                      cert_file, err);
            rv = JNI_FALSE;

    }
    else {
        if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
            ERR_error_string(SSL_ERR_get(), err);
            tcn_Throw(e, "Unable to load certificate key %s (%s)",
                      key_file, err);
            rv = JNI_FALSE;
            goto cleanup;
        }
        if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) {
            ERR_error_string(SSL_ERR_get(), err);
            tcn_Throw(e, "Unable to load certificate %s (%s)",
                      cert_file, err);
            rv = JNI_FALSE;

        }
    }
    if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error setting certificate (%s)", err);
        rv = JNI_FALSE;
        goto cleanup;
    }
    if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error setting private key (%s)", err);
        rv = JNI_FALSE;
        goto cleanup;
    }
    if (SSL_CTX_check_private_key(c->ctx) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Private key does not match the certificate public key (%s)",
                  err);
        rv = JNI_FALSE;

    tmp = (const unsigned char *)cert;
    certs = d2i_X509(NULL, &tmp, lengthOfCert);
    if (certs == NULL) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error reading certificate (%s)", err);
        rv = JNI_FALSE;
        goto cleanup;

    evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
    if (evp == NULL) {
        BIO_free(bio);
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error reading private key (%s)", err);
        rv = JNI_FALSE;
        goto cleanup;

    c->keys[idx] = evp;

    if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error setting certificate (%s)", err);
        rv = JNI_FALSE;
        goto cleanup;
    }
    if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error setting private key (%s)", err);
        rv = JNI_FALSE;
        goto cleanup;
    }
    if (SSL_CTX_check_private_key(c->ctx) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Private key does not match the certificate public key (%s)",
                  err);
        rv = JNI_FALSE;

    tmp = (const unsigned char *)cert;
    certs = d2i_X509(NULL, &tmp, lengthOfCert);
    if (certs == NULL) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error reading certificate (%s)", err);
        rv = JNI_FALSE;
    } else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Error adding certificate to chain (%s)", err);
        rv = JNI_FALSE;
    }




    }
    if ((ssl = SSL_new(ctx->ctx)) == NULL) {
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(env, "SSL_new failed (%s)", err);
        con = NULL;
        return NULL;


    apr_socket_timeout_get(con->sock, &timeout);
    while (!SSL_is_init_finished(con->ssl)) {
        SSL_ERR_clear();
        if ((s = SSL_do_handshake(con->ssl)) <= 0) {
            if (!con->ssl)
                return APR_ENOTSOCK;

    }
    apr_socket_timeout_get(con->sock, &timeout);
    for (;;) {
        SSL_ERR_clear();
        if ((s = SSL_read(con->ssl, buf, rd)) <= 0) {
            if (!con->ssl)
                return APR_ENOTSOCK;

    }
    apr_socket_timeout_get(con->sock, &timeout);
    for (;;) {
        SSL_ERR_clear();
        if ((s = SSL_write(con->ssl, buf, wr)) <= 0) {
            if (!con->ssl)
                return APR_ENOTSOCK;

Lines 281-287 int SSL_CTX_use_certificate_chain(SSL_CTX ctx, const char file, Link Here

(-)a/native/src/sslutils.c (-2 / +1 lines)
281	BIO_free(bio);	281	BIO_free(bio);
282	return -1;	282	return -1;
283	}	283	}
284	while (ERR_get_error() > 0) ;	284	while (SSL_ERR_get() > 0) ;
285	}	285	}
286	BIO_free(bio);	286	BIO_free(bio);
287	return n;	287	return n;
288	-

Return to bug 59797

Lines 206-212 TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS, jlong pool, Link Here

(-)a/native/src/sslcontext.c (-23 / +23 lines)
206		206
207	if (!ctx) {	207	if (!ctx) {
208	char err[256];	208	char err[256];
209	ERR_error_string(ERR_get_error(), err);	209	ERR_error_string(SSL_ERR_get(), err);
210	tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);	210	tcn_Throw(e, "Invalid Server SSL Protocol (%s)", err);
211	goto init_failed;	211	goto init_failed;
212	}	212	}
Lines 478-484 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCipherSuite)(TCN_STDARGS, jlong ctx, Link Here
478	if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {	478	if (!SSL_CTX_set_cipher_list(c->ctx, J2S(ciphers))) {
479	#endif	479	#endif
480	char err[256];	480	char err[256];
481	ERR_error_string(ERR_get_error(), err);	481	ERR_error_string(SSL_ERR_get(), err);
482	tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);	482	tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
483	rv = JNI_FALSE;	483	rv = JNI_FALSE;
484	}	484	}
Lines 512-518 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx Link Here
512	if (J2S(file)) {	512	if (J2S(file)) {
513	lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());	513	lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_file());
514	if (lookup == NULL) {	514	if (lookup == NULL) {
515	ERR_error_string(ERR_get_error(), err);	515	ERR_error_string(SSL_ERR_get(), err);
516	X509_STORE_free(c->crl);	516	X509_STORE_free(c->crl);
517	c->crl = NULL;	517	c->crl = NULL;
518	tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);	518	tcn_Throw(e, "Lookup failed for file %s (%s)", J2S(file), err);
Lines 523-529 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCARevocation)(TCN_STDARGS, jlong ctx Link Here
523	if (J2S(path)) {	523	if (J2S(path)) {
524	lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());	524	lookup = X509_STORE_add_lookup(c->crl, X509_LOOKUP_hash_dir());
525	if (lookup == NULL) {	525	if (lookup == NULL) {
526	ERR_error_string(ERR_get_error(), err);	526	ERR_error_string(SSL_ERR_get(), err);
527	X509_STORE_free(c->crl);	527	X509_STORE_free(c->crl);
528	c->crl = NULL;	528	c->crl = NULL;
529	tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);	529	tcn_Throw(e, "Lookup failed for path %s (%s)", J2S(file), err);
Lines 577-583 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCACertificate)(TCN_STDARGS, Link Here
577	if (!SSL_CTX_load_verify_locations(c->ctx,	577	if (!SSL_CTX_load_verify_locations(c->ctx,
578	J2S(file), J2S(path))) {	578	J2S(file), J2S(path))) {
579	char err[256];	579	char err[256];
580	ERR_error_string(ERR_get_error(), err);	580	ERR_error_string(SSL_ERR_get(), err);
581	tcn_Throw(e, "Unable to configure locations "	581	tcn_Throw(e, "Unable to configure locations "
582	"for client authentication (%s)", err);	582	"for client authentication (%s)", err);
583	rv = JNI_FALSE;	583	rv = JNI_FALSE;
Lines 642-648 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx, Link Here
642	bio = BIO_new_file(J2S(file), "r");	642	bio = BIO_new_file(J2S(file), "r");
643	if (!bio) {	643	if (!bio) {
644	char err[256];	644	char err[256];
645	ERR_error_string(ERR_get_error(), err);	645	ERR_error_string(SSL_ERR_get(), err);
646	tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err);	646	tcn_Throw(e, "Error while configuring DH using %s: %s", J2S(file), err);
647	TCN_FREE_CSTRING(file);	647	TCN_FREE_CSTRING(file);
648	return;	648	return;
Lines 652-658 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx, Link Here
652	BIO_free(bio);	652	BIO_free(bio);
653	if (!dh) {	653	if (!dh) {
654	char err[256];	654	char err[256];
655	ERR_error_string(ERR_get_error(), err);	655	ERR_error_string(SSL_ERR_get(), err);
656	tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err);	656	tcn_Throw(e, "Error while configuring DH: no DH parameter found in %s (%s)", J2S(file), err);
657	TCN_FREE_CSTRING(file);	657	TCN_FREE_CSTRING(file);
658	return;	658	return;
Lines 661-667 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpDH)(TCN_STDARGS, jlong ctx, Link Here
661	if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) {	661	if (1 != SSL_CTX_set_tmp_dh(c->ctx, dh)) {
662	char err[256];	662	char err[256];
663	DH_free(dh);	663	DH_free(dh);
664	ERR_error_string(ERR_get_error(), err);	664	ERR_error_string(SSL_ERR_get(), err);
665	tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err);	665	tcn_Throw(e, "Error while configuring DH with file %s: %s", J2S(file), err);
666	TCN_FREE_CSTRING(file);	666	TCN_FREE_CSTRING(file);
667	return;	667	return;
Lines 702-708 TCN_IMPLEMENT_CALL(void, SSLContext, setTmpECDHByCurveName)(TCN_STDARGS, jlong c Link Here
702	if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) {	702	if (1 != SSL_CTX_set_tmp_ecdh(c->ctx, ecdh)) {
703	char err[256];	703	char err[256];
704	EC_KEY_free(ecdh);	704	EC_KEY_free(ecdh);
705	ERR_error_string(ERR_get_error(), err);	705	ERR_error_string(SSL_ERR_get(), err);
706	tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err);	706	tcn_Throw(e, "Error while configuring elliptic curve %s: %s", J2S(curveName), err);
707	TCN_FREE_CSTRING(curveName);	707	TCN_FREE_CSTRING(curveName);
708	return;	708	return;
Lines 809-815 static X509 load_pem_cert(tcn_ssl_ctxt_t c, const char *file) Link Here
809	(void *)cb_data);	809	(void *)cb_data);
810	if (cert == NULL &&	810	if (cert == NULL &&
811	(ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {	811	(ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE)) {
812	ERR_clear_error();	812	SSL_ERR_clear();
813	BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);	813	BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
814	cert = d2i_X509_bio(bio, NULL);	814	cert = d2i_X509_bio(bio, NULL);
815	}	815	}
Lines 921-927 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, Link Here
921	}	921	}
922	if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {	922	if ((p = strrchr(cert_file, '.')) != NULL && strcmp(p, ".pkcs12") == 0) {
923	if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) {	923	if (!ssl_load_pkcs12(c, cert_file, &c->keys[idx], &c->certs[idx], 0)) {
924	ERR_error_string(ERR_get_error(), err);	924	ERR_error_string(SSL_ERR_get(), err);
925	tcn_Throw(e, "Unable to load certificate %s (%s)",	925	tcn_Throw(e, "Unable to load certificate %s (%s)",
926	cert_file, err);	926	cert_file, err);
927	rv = JNI_FALSE;	927	rv = JNI_FALSE;
Lines 930-943 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, Link Here
930	}	930	}
931	else {	931	else {
932	if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {	932	if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) {
933	ERR_error_string(ERR_get_error(), err);	933	ERR_error_string(SSL_ERR_get(), err);
934	tcn_Throw(e, "Unable to load certificate key %s (%s)",	934	tcn_Throw(e, "Unable to load certificate key %s (%s)",
935	key_file, err);	935	key_file, err);
936	rv = JNI_FALSE;	936	rv = JNI_FALSE;
937	goto cleanup;	937	goto cleanup;
938	}	938	}
939	if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) {	939	if ((c->certs[idx] = load_pem_cert(c, cert_file)) == NULL) {
940	ERR_error_string(ERR_get_error(), err);	940	ERR_error_string(SSL_ERR_get(), err);
941	tcn_Throw(e, "Unable to load certificate %s (%s)",	941	tcn_Throw(e, "Unable to load certificate %s (%s)",
942	cert_file, err);	942	cert_file, err);
943	rv = JNI_FALSE;	943	rv = JNI_FALSE;
Lines 945-963 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, Link Here
945	}	945	}
946	}	946	}
947	if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {	947	if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
948	ERR_error_string(ERR_get_error(), err);	948	ERR_error_string(SSL_ERR_get(), err);
949	tcn_Throw(e, "Error setting certificate (%s)", err);	949	tcn_Throw(e, "Error setting certificate (%s)", err);
950	rv = JNI_FALSE;	950	rv = JNI_FALSE;
951	goto cleanup;	951	goto cleanup;
952	}	952	}
953	if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {	953	if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
954	ERR_error_string(ERR_get_error(), err);	954	ERR_error_string(SSL_ERR_get(), err);
955	tcn_Throw(e, "Error setting private key (%s)", err);	955	tcn_Throw(e, "Error setting private key (%s)", err);
956	rv = JNI_FALSE;	956	rv = JNI_FALSE;
957	goto cleanup;	957	goto cleanup;
958	}	958	}
959	if (SSL_CTX_check_private_key(c->ctx) <= 0) {	959	if (SSL_CTX_check_private_key(c->ctx) <= 0) {
960	ERR_error_string(ERR_get_error(), err);	960	ERR_error_string(SSL_ERR_get(), err);
961	tcn_Throw(e, "Private key does not match the certificate public key (%s)",	961	tcn_Throw(e, "Private key does not match the certificate public key (%s)",
962	err);	962	err);
963	rv = JNI_FALSE;	963	rv = JNI_FALSE;
Lines 1050-1056 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c Link Here
1050	tmp = (const unsigned char *)cert;	1050	tmp = (const unsigned char *)cert;
1051	certs = d2i_X509(NULL, &tmp, lengthOfCert);	1051	certs = d2i_X509(NULL, &tmp, lengthOfCert);
1052	if (certs == NULL) {	1052	if (certs == NULL) {
1053	ERR_error_string(ERR_get_error(), err);	1053	ERR_error_string(SSL_ERR_get(), err);
1054	tcn_Throw(e, "Error reading certificate (%s)", err);	1054	tcn_Throw(e, "Error reading certificate (%s)", err);
1055	rv = JNI_FALSE;	1055	rv = JNI_FALSE;
1056	goto cleanup;	1056	goto cleanup;
Lines 1066-1072 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c Link Here
1066	evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);	1066	evp = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
1067	if (evp == NULL) {	1067	if (evp == NULL) {
1068	BIO_free(bio);	1068	BIO_free(bio);
1069	ERR_error_string(ERR_get_error(), err);	1069	ERR_error_string(SSL_ERR_get(), err);
1070	tcn_Throw(e, "Error reading private key (%s)", err);	1070	tcn_Throw(e, "Error reading private key (%s)", err);
1071	rv = JNI_FALSE;	1071	rv = JNI_FALSE;
1072	goto cleanup;	1072	goto cleanup;
Lines 1078-1096 TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificateRaw)(TCN_STDARGS, jlong c Link Here
1078	c->keys[idx] = evp;	1078	c->keys[idx] = evp;
1079		1079
1080	if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {	1080	if (SSL_CTX_use_certificate(c->ctx, c->certs[idx]) <= 0) {
1081	ERR_error_string(ERR_get_error(), err);	1081	ERR_error_string(SSL_ERR_get(), err);
1082	tcn_Throw(e, "Error setting certificate (%s)", err);	1082	tcn_Throw(e, "Error setting certificate (%s)", err);
1083	rv = JNI_FALSE;	1083	rv = JNI_FALSE;
1084	goto cleanup;	1084	goto cleanup;
1085	}	1085	}
1086	if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {	1086	if (SSL_CTX_use_PrivateKey(c->ctx, c->keys[idx]) <= 0) {
1087	ERR_error_string(ERR_get_error(), err);	1087	ERR_error_string(SSL_ERR_get(), err);
1088	tcn_Throw(e, "Error setting private key (%s)", err);	1088	tcn_Throw(e, "Error setting private key (%s)", err);
1089	rv = JNI_FALSE;	1089	rv = JNI_FALSE;
1090	goto cleanup;	1090	goto cleanup;
1091	}	1091	}
1092	if (SSL_CTX_check_private_key(c->ctx) <= 0) {	1092	if (SSL_CTX_check_private_key(c->ctx) <= 0) {
1093	ERR_error_string(ERR_get_error(), err);	1093	ERR_error_string(SSL_ERR_get(), err);
1094	tcn_Throw(e, "Private key does not match the certificate public key (%s)",	1094	tcn_Throw(e, "Private key does not match the certificate public key (%s)",
1095	err);	1095	err);
1096	rv = JNI_FALSE;	1096	rv = JNI_FALSE;
Lines 1145-1155 TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, jl Link Here
1145	tmp = (const unsigned char *)cert;	1145	tmp = (const unsigned char *)cert;
1146	certs = d2i_X509(NULL, &tmp, lengthOfCert);	1146	certs = d2i_X509(NULL, &tmp, lengthOfCert);
1147	if (certs == NULL) {	1147	if (certs == NULL) {
1148	ERR_error_string(ERR_get_error(), err);	1148	ERR_error_string(SSL_ERR_get(), err);
1149	tcn_Throw(e, "Error reading certificate (%s)", err);	1149	tcn_Throw(e, "Error reading certificate (%s)", err);
1150	rv = JNI_FALSE;	1150	rv = JNI_FALSE;
1151	} else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {	1151	} else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
1152	ERR_error_string(ERR_get_error(), err);	1152	ERR_error_string(SSL_ERR_get(), err);
1153	tcn_Throw(e, "Error adding certificate to chain (%s)", err);	1153	tcn_Throw(e, "Error adding certificate to chain (%s)", err);
1154	rv = JNI_FALSE;	1154	rv = JNI_FALSE;
1155	}	1155	}

Lines 127-133 static tcn_ssl_conn_t ssl_create(JNIEnv env, tcn_ssl_ctxt_t ctx, apr_pool_t Link Here

(-)a/native/src/sslnetwork.c (-4 / +4 lines)
127	}	127	}
128	if ((ssl = SSL_new(ctx->ctx)) == NULL) {	128	if ((ssl = SSL_new(ctx->ctx)) == NULL) {
129	char err[256];	129	char err[256];
130	ERR_error_string(ERR_get_error(), err);	130	ERR_error_string(SSL_ERR_get(), err);
131	tcn_Throw(env, "SSL_new failed (%s)", err);	131	tcn_Throw(env, "SSL_new failed (%s)", err);
132	con = NULL;	132	con = NULL;
133	return NULL;	133	return NULL;
Lines 320-326 TCN_IMPLEMENT_CALL(jint, SSLSocket, handshake)(TCN_STDARGS, jlong sock) Link Here
320		320
321	apr_socket_timeout_get(con->sock, &timeout);	321	apr_socket_timeout_get(con->sock, &timeout);
322	while (!SSL_is_init_finished(con->ssl)) {	322	while (!SSL_is_init_finished(con->ssl)) {
323	ERR_clear_error();	323	SSL_ERR_clear();
324	if ((s = SSL_do_handshake(con->ssl)) <= 0) {	324	if ((s = SSL_do_handshake(con->ssl)) <= 0) {
325	if (!con->ssl)	325	if (!con->ssl)
326	return APR_ENOTSOCK;	326	return APR_ENOTSOCK;
Lines 406-412 ssl_socket_recv(apr_socket_t sock, char buf, apr_size_t *len) Link Here
406	}	406	}
407	apr_socket_timeout_get(con->sock, &timeout);	407	apr_socket_timeout_get(con->sock, &timeout);
408	for (;;) {	408	for (;;) {
409	ERR_clear_error();	409	SSL_ERR_clear();
410	if ((s = SSL_read(con->ssl, buf, rd)) <= 0) {	410	if ((s = SSL_read(con->ssl, buf, rd)) <= 0) {
411	if (!con->ssl)	411	if (!con->ssl)
412	return APR_ENOTSOCK;	412	return APR_ENOTSOCK;
Lines 488-494 ssl_socket_send(apr_socket_t sock, const char buf, Link Here
488	}	488	}
489	apr_socket_timeout_get(con->sock, &timeout);	489	apr_socket_timeout_get(con->sock, &timeout);
490	for (;;) {	490	for (;;) {
491	ERR_clear_error();	491	SSL_ERR_clear();
492	if ((s = SSL_write(con->ssl, buf, wr)) <= 0) {	492	if ((s = SSL_write(con->ssl, buf, wr)) <= 0) {
493	if (!con->ssl)	493	if (!con->ssl)
494	return APR_ENOTSOCK;	494	return APR_ENOTSOCK;