Lines 165-170
Link Here
|
165 |
private final OpenSSLSessionContext sessionContext; |
165 |
private final OpenSSLSessionContext sessionContext; |
166 |
private final boolean alpn; |
166 |
private final boolean alpn; |
167 |
private final boolean initialized; |
167 |
private final boolean initialized; |
|
|
168 |
private final int certificateVerificationDepth; |
169 |
private final boolean certificateVerificationOptionalNoCA; |
168 |
|
170 |
|
169 |
private String selectedProtocol = null; |
171 |
private String selectedProtocol = null; |
170 |
|
172 |
|
Lines 186-192
Link Here
|
186 |
boolean clientMode, OpenSSLSessionContext sessionContext, |
188 |
boolean clientMode, OpenSSLSessionContext sessionContext, |
187 |
boolean alpn) { |
189 |
boolean alpn) { |
188 |
this(sslCtx, fallbackApplicationProtocol, clientMode, sessionContext, |
190 |
this(sslCtx, fallbackApplicationProtocol, clientMode, sessionContext, |
189 |
alpn, false); |
191 |
alpn, false, VERIFY_DEPTH, false); |
190 |
} |
192 |
} |
191 |
|
193 |
|
192 |
/** |
194 |
/** |
Lines 202-211
Link Here
|
202 |
* otherwise |
204 |
* otherwise |
203 |
* @param initialized {@code true} if this instance gets its protocol, |
205 |
* @param initialized {@code true} if this instance gets its protocol, |
204 |
* cipher and client verification from the {@code SSL_CTX} {@code sslCtx} |
206 |
* cipher and client verification from the {@code SSL_CTX} {@code sslCtx} |
|
|
207 |
* @param certificateVerificationDepth Certificate verification depth |
208 |
* @param certificateVerificationOptionalNoCA Skip CA verificiation in |
209 |
* optional mode |
205 |
*/ |
210 |
*/ |
206 |
OpenSSLEngine(long sslCtx, String fallbackApplicationProtocol, |
211 |
OpenSSLEngine(long sslCtx, String fallbackApplicationProtocol, |
207 |
boolean clientMode, OpenSSLSessionContext sessionContext, boolean alpn, |
212 |
boolean clientMode, OpenSSLSessionContext sessionContext, boolean alpn, |
208 |
boolean initialized) { |
213 |
boolean initialized, int certificateVerificationDepth, |
|
|
214 |
boolean certificateVerificationOptionalNoCA) { |
209 |
if (sslCtx == 0) { |
215 |
if (sslCtx == 0) { |
210 |
throw new IllegalArgumentException(sm.getString("engine.noSSLContext")); |
216 |
throw new IllegalArgumentException(sm.getString("engine.noSSLContext")); |
211 |
} |
217 |
} |
Lines 219-224
Link Here
|
219 |
this.sessionContext = sessionContext; |
225 |
this.sessionContext = sessionContext; |
220 |
this.alpn = alpn; |
226 |
this.alpn = alpn; |
221 |
this.initialized = initialized; |
227 |
this.initialized = initialized; |
|
|
228 |
this.certificateVerificationDepth = certificateVerificationDepth; |
229 |
this.certificateVerificationOptionalNoCA = certificateVerificationOptionalNoCA; |
222 |
} |
230 |
} |
223 |
|
231 |
|
224 |
@Override |
232 |
@Override |
Lines 1111-1123
Link Here
|
1111 |
} |
1119 |
} |
1112 |
switch (mode) { |
1120 |
switch (mode) { |
1113 |
case NONE: |
1121 |
case NONE: |
1114 |
SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH); |
1122 |
SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, certificateVerificationDepth); |
1115 |
break; |
1123 |
break; |
1116 |
case REQUIRE: |
1124 |
case REQUIRE: |
1117 |
SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRE, VERIFY_DEPTH); |
1125 |
SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRE, certificateVerificationDepth); |
1118 |
break; |
1126 |
break; |
1119 |
case OPTIONAL: |
1127 |
case OPTIONAL: |
1120 |
SSL.setVerify(ssl, SSL.SSL_CVERIFY_OPTIONAL, VERIFY_DEPTH); |
1128 |
SSL.setVerify(ssl, |
|
|
1129 |
certificateVerificationOptionalNoCA ? SSL.SSL_CVERIFY_OPTIONAL_NO_CA : SSL.SSL_CVERIFY_OPTIONAL, |
1130 |
certificateVerificationDepth); |
1121 |
break; |
1131 |
break; |
1122 |
} |
1132 |
} |
1123 |
clientAuth = mode; |
1133 |
clientAuth = mode; |