View | Details | Raw Unified | Return to bug 63894
Collapse All | Expand All

(-)a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (-1 / +4 lines)
Lines 50-55 Link Here
50 
import org.apache.tomcat.util.net.Constants;
 50 
import org.apache.tomcat.util.net.Constants;
51 
import org.apache.tomcat.util.net.SSLHostConfig;
 51 
import org.apache.tomcat.util.net.SSLHostConfig;
52 
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
 52 
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
53 
import org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification;
53 
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
 54 
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
54 
import org.apache.tomcat.util.res.StringManager;
 55 
import org.apache.tomcat.util.res.StringManager;
55 

          56
          

        

  

    
      
            Lines 489-495
          
      
      
        Link Here
      
    
  

        

          489
          
    @Override

          490
          
    @Override

        

        

          490
          
    public SSLEngine createSSLEngine() {

          491
          
    public SSLEngine createSSLEngine() {

        

        

          491
          
        return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext,

          492
          
        return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext,

        

          
            

              492
              
                (negotiableProtocols != null && negotiableProtocols.size() > 0), initialized);


              493
              
                (negotiableProtocols != null && negotiableProtocols.size() > 0), initialized,

            

            

              
              

              494
              
                sslHostConfig.getCertificateVerificationDepth(),

            

            


              495
              
                sslHostConfig.getCertificateVerification() == CertificateVerification.OPTIONAL_NO_CA);

            

        

          493
          
    }

          496
          
    }

        

        

          494
          

          497
          

        

        

          495
          
    @Override

          498
          
    @Override

        



(-)a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
      (-5 / +15 lines)




  

    
      
            Lines 165-170
          
      
      
        Link Here
      
    
  

        

          165
          
    private final OpenSSLSessionContext sessionContext;

          165
          
    private final OpenSSLSessionContext sessionContext;

        

        

          166
          
    private final boolean alpn;

          166
          
    private final boolean alpn;

        

        

          167
          
    private final boolean initialized;

          167
          
    private final boolean initialized;

        

            

              
              
              168
              
    private final int certificateVerificationDepth;

            

            

              169
              
    private final boolean certificateVerificationOptionalNoCA;

            

        

          168
          

          170
          

        

        

          169
          
    private String selectedProtocol = null;

          171
          
    private String selectedProtocol = null;

        

        

          170
          

          172
          

        

  

    
      
            Lines 186-192
          
      
      
        Link Here
      
    
  

        

          186
          
            boolean clientMode, OpenSSLSessionContext sessionContext,

          188
          
            boolean clientMode, OpenSSLSessionContext sessionContext,

        

        

          187
          
            boolean alpn) {

          189
          
            boolean alpn) {

        

        

          188
          
        this(sslCtx, fallbackApplicationProtocol, clientMode, sessionContext,

          190
          
        this(sslCtx, fallbackApplicationProtocol, clientMode, sessionContext,

        

          
            

              189
              
             alpn, false);


              191
              
             alpn, false, VERIFY_DEPTH, false);

            

        

          190
          
    }

          192
          
    }

        

        

          191
          

          193
          

        

        

          192
          
    /**

          194
          
    /**

        

  

    
      
            Lines 202-211
          
      
      
        Link Here
      
    
  

        

          202
          
     * otherwise

          204
          
     * otherwise

        

        

          203
          
     * @param initialized {@code true} if this instance gets its protocol,

          205
          
     * @param initialized {@code true} if this instance gets its protocol,

        

        

          204
          
     * cipher and client verification from the {@code SSL_CTX} {@code sslCtx}

          206
          
     * cipher and client verification from the {@code SSL_CTX} {@code sslCtx}

        

            

              
              
              207
              
     * @param certificateVerificationDepth Certificate verification depth

            

            

              208
              
     * @param certificateVerificationOptionalNoCA Skip CA verificiation in

            

            

              209
              
     *   optional mode 

            

        

          205
          
     */

          210
          
     */

        

        

          206
          
    OpenSSLEngine(long sslCtx, String fallbackApplicationProtocol,

          211
          
    OpenSSLEngine(long sslCtx, String fallbackApplicationProtocol,

        

        

          207
          
            boolean clientMode, OpenSSLSessionContext sessionContext, boolean alpn,

          212
          
            boolean clientMode, OpenSSLSessionContext sessionContext, boolean alpn,

        

          
            

              208
              
            boolean initialized) {


              213
              
            boolean initialized, int certificateVerificationDepth,

            

            

              
              

              214
              
            boolean certificateVerificationOptionalNoCA) {

            

        

          209
          
        if (sslCtx == 0) {

          215
          
        if (sslCtx == 0) {

        

        

          210
          
            throw new IllegalArgumentException(sm.getString("engine.noSSLContext"));

          216
          
            throw new IllegalArgumentException(sm.getString("engine.noSSLContext"));

        

        

          211
          
        }

          217
          
        }

        

  

    
      
            Lines 219-224
          
      
      
        Link Here
      
    
  

        

          219
          
        this.sessionContext = sessionContext;

          225
          
        this.sessionContext = sessionContext;

        

        

          220
          
        this.alpn = alpn;

          226
          
        this.alpn = alpn;

        

        

          221
          
        this.initialized = initialized;

          227
          
        this.initialized = initialized;

        

            

              
              
              228
              
        this.certificateVerificationDepth = certificateVerificationDepth;

            

            

              229
              
        this.certificateVerificationOptionalNoCA = certificateVerificationOptionalNoCA;

            

        

          222
          
    }

          230
          
    }

        

        

          223
          

          231
          

        

        

          224
          
    @Override

          232
          
    @Override

        

  

    
      
            Lines 1111-1123
          
      
      
        Link Here
      
    
  

        

          1111
          
            }

          1119
          
            }

        

        

          1112
          
            switch (mode) {

          1120
          
            switch (mode) {

        

        

          1113
          
                case NONE:

          1121
          
                case NONE:

        

          
            

              1114
              
                    SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);


              1122
              
                    SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, certificateVerificationDepth);

            

        

          1115
          
                    break;

          1123
          
                    break;

        

        

          1116
          
                case REQUIRE:

          1124
          
                case REQUIRE:

        

          
            

              1117
              
                    SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRE, VERIFY_DEPTH);


              1125
              
                    SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRE, certificateVerificationDepth);

            

        

          1118
          
                    break;

          1126
          
                    break;

        

        

          1119
          
                case OPTIONAL:

          1127
          
                case OPTIONAL:

        

          
            

              1120
              
                    SSL.setVerify(ssl, SSL.SSL_CVERIFY_OPTIONAL, VERIFY_DEPTH);


              1128
              
                    SSL.setVerify(ssl,

            

            

              
              

              1129
              
                            certificateVerificationOptionalNoCA ? SSL.SSL_CVERIFY_OPTIONAL_NO_CA : SSL.SSL_CVERIFY_OPTIONAL,

            

            


              1130
              
                            certificateVerificationDepth);

            

        

          1121
          
                    break;

          1131
          
                    break;

        

        

          1122
          
            }

          1132
          
            }

        

        

          1123
          
            clientAuth = mode;

          1133
          
            clientAuth = mode;

        






  

  Return to bug 63894