ASF Bugzilla – Attachment 35210 Details for
Bug 61394
NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAs to user agent
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
TC trunk support adding client CA list from trust managers
jsse-handshake-client-ca.patch (text/plain), 2.51 KB, created by
Rainer Jung
on 2017-08-10 03:42:32 UTC
(
hide
)
Description:
TC trunk support adding client CA list from trust managers
Filename:
MIME Type:
Creator:
Rainer Jung
Created:
2017-08-10 03:42:32 UTC
Size:
2.51 KB
patch
obsolete
>Index: java/org/apache/tomcat/jni/SSLContext.java >=================================================================== >--- java/org/apache/tomcat/jni/SSLContext.java (revision 1804601) >+++ java/org/apache/tomcat/jni/SSLContext.java (working copy) >@@ -562,4 +562,12 @@ > * @return {@code true} if success, {@code false} otherwise. > */ > public static native boolean addChainCertificateRaw(long ctx, byte[] cert); >+ >+ /** >+ * Add a CA certificate we accept as issuer for peer certs >+ * @param ctx Server or Client context to use. >+ * @param subject Byte array with the certificate in DER encoding. >+ * @return {@code true} if success, {@code false} otherwise. >+ */ >+ public static native boolean addClientCACertificateRaw(long ctx, byte[] cert); > } >Index: java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java >=================================================================== >--- java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (revision 1804601) >+++ java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (working copy) >@@ -252,10 +252,6 @@ > // Set certificate chain file > SSLContext.setCertificateChainFile(ctx, > SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()), false); >- // Support Client Certificates >- SSLContext.setCACertificate(ctx, >- SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()), >- SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())); > // Set revocation > SSLContext.setCARevocation(ctx, > SSLHostConfig.adjustRelativePath( >@@ -315,6 +311,15 @@ > return false; > } > }); >+ for (X509Certificate caCert : manager.getAcceptedIssuers()) { >+ // Pass along the DER encoded subject of the certificate >+ SSLContext.addClientCACertificateRaw(ctx, caCert.getEncoded()); >+ } >+ } else { >+ // Support Client Certificates >+ SSLContext.setCACertificate(ctx, >+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()), >+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())); > } > > if (negotiableProtocols != null && negotiableProtocols.size() > 0) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=35210">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 61394
: 35210 |
35228