*/
if (sslCreateAppData(ssl) == -1) {
throwIOExceptionStr(env, "Unable to create application data");
- free_ssl(env, object);
- return;
- }
-}
-
-/**
- * Loads the desired protocol for the OpenSSL client and enables it.
- * For example SSL_OP_NO_TLSv1 means do not use TLS v. 1.
- */
-static void org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl_setenabledprotocols(JNIEnv* env, jobject object,
- jlong protocol)
-{
- if (protocol != 0x00000000L) {
- if (protocol & SSL_OP_NO_SSLv3)
- LOGD("SSL_OP_NO_SSLv3 is set");
- if (protocol & SSL_OP_NO_TLSv1)
- LOGD("SSL_OP_NO_TLSv1 is set");
-
- SSL_CTX* ctx = (SSL_CTX*)env->GetIntField(object, field_Socket_ssl_ctx);
- int options = SSL_CTX_get_options(ctx);
- options |= protocol; // Note: SSLv2 disabled earlier.
- SSL_CTX_set_options(ctx, options);
- }
-}
-
-static jobjectArray makeCipherList(JNIEnv* env, SSL* ssl) {
- STACK_OF(SSL_CIPHER)* cipher_list = SSL_get_ciphers(ssl);
- // Count the ciphers.
- int num = sk_SSL_CIPHER_num(cipher_list);
- int cipherCount = 0;
- for (int i = 0; i < num; ++i) {
- SSL_CIPHER* cipher = sk_SSL_CIPHER_value(cipher_list, i);
- if (strcmp(SSL_CIPHER_get_version(cipher), SSL_TXT_SSLV2) == 0) {
- // openssl-1.0.0 includes duplicate names for SSLv2 and SSLv3 ciphers
- continue;
- }
- ++cipherCount;
- }
-
- // Create a String[].
- jclass stringClass = env->FindClass("java/lang/String");
- if (stringClass == NULL) {
+ SSL_clear(ssl);
return NULL;
}
- jobjectArray array = env->NewObjectArray(cipherCount, stringClass, NULL);
- if (array == NULL) {
- return NULL;
- }
-
- // Fill in the cipher names.
- int cipherIndex = 0;
- for (int i = 0; i < num; ++i) {
- SSL_CIPHER* cipher = sk_SSL_CIPHER_value(cipher_list, i);
- if (strcmp(SSL_CIPHER_get_version(cipher), SSL_TXT_SSLV2) == 0) {
- continue;
- }
- env->SetObjectArrayElement(array, cipherIndex, env->NewStringUTF(cipher->name));
- ++cipherIndex;
- }
- return array;
-}
-
-jobjectArray makeCipherList(JNIEnv* env, SSL_CTX* ssl_ctx) {
- SSL* ssl = SSL_new(ssl_ctx);
- if (ssl == NULL) {
- return NULL;
- }
- jobjectArray result = makeCipherList(env, ssl);
- SSL_free(ssl);
- return result;
-}
-
-/**
- * Loads the ciphers suites that are supported by the OpenSSL client
- * and returns them in a string array.
- */
-static jobjectArray org_apache_harmony_xnet_provider_jsse_OpenSSLSocketImpl_getsupportedciphersuites(JNIEnv* env,
- jobject object)
-{
- SSL_CTX* ssl_ctx = SSL_CTX_new(SSLv23_client_method());
- if (ssl_ctx == NULL) {
- return NULL;
- }
- jobjectArray result = makeCipherList(env, ssl_ctx);
- SSL_CTX_free(ssl_ctx);
- return result;
-}
-
-/**
- * Loads the ciphers suites that are enabled in the OpenSSL client
- * and returns them in a string array.
- */
-static jobjectArray OpenSSLSocketImpl_nativeGetEnabledCipherSuites(JNIEnv* env,
- jclass, jint ssl_ctx_address)
-{
- SSL_CTX* ssl_ctx =
- reinterpret_cast<SSL_CTX*>(static_cast<uintptr_t>(ssl_ctx_address));
- return makeCipherList(env, ssl_ctx);
-}
-
-void setEnabledCipherSuites(JNIEnv* env, jstring controlString, SSL_CTX* ssl_ctx) {
- const char* str = env->GetStringUTFChars(controlString, NULL);
- int rc = SSL_CTX_set_cipher_list(ssl_ctx, str);
- env->ReleaseStringUTFChars(controlString, str);
- if (rc == 0) {
- freeSslErrorState();
- jniThrowException(env, "java/lang/IllegalArgumentException",
- "Illegal cipher suite strings.");
- }
-}
-/**
- * Sets the ciphers suites that are enabled in the OpenSSL client.
- */
-static void OpenSSLSocketImpl_nativeSetEnabledCipherSuites(JNIEnv* env, jclass,
- jint ssl_ctx_address, jstring controlString)
-{
- SSL_CTX* ssl_ctx =
- reinterpret_cast<SSL_CTX*>(static_cast<uintptr_t>(ssl_ctx_address));
- setEnabledCipherSuites(env, controlString, ssl_ctx);
+ return (jint) ssl;
}
- #define SSL_AUTH_MASK 0x00007F00L
- #define SSL_aRSA 0x00000100L /* Authenticate with RSA */
- #define SSL_aDSS 0x00000200L /* Authenticate with DSS */
- #define SSL_DSS SSL_aDSS
- #define SSL_aFZA 0x00000400L
- #define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
- #define SSL_aDH 0x00001000L /* no Authenticate, ADH */
- #define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
- #define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
+ #define SSL_aRSA 0x00000001L
+ #define SSL_aDSS 0x00000002L
+ #define SSL_aNULL 0x00000004L
+ #define SSL_aDH 0x00000008L
+ #define SSL_aECDH 0x00000010L
+ #define SSL_aKRB5 0x00000020L
+ #define SSL_aECDSA 0x00000040L
+ #define SSL_aPSK 0x00000080L
/**
* Sets the client's crypto algorithms and authentication methods.
return NULL;
}
- SSL_CIPHER* cipher = SSL_get_current_cipher(ssl);
- cipher = SSL_get_current_cipher(ssl);
++ const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl);
- unsigned long alg = cipher->algorithms;
- alg_auth = cipher->algorithm_auth;
++ unsigned long alg_auth = cipher->algorithm_auth;
- switch (alg&SSL_AUTH_MASK) {
+ const char *au;
+ switch (alg_auth) {
case SSL_aRSA:
au="RSA";
break;
/**
* Gets and returns in a string the set of ciphers the actual SSL session uses.
*/
-static jstring OpenSSLSessionImpl_getCipherSuite(JNIEnv* env, jobject object) {
- SSL_SESSION* ssl_session = getSslSessionPointer(env, object);
- SSL_CTX* ssl_ctx = SSL_CTX_new(SSLv23_client_method());
- SSL* ssl = SSL_new(ssl_ctx);
-
- SSL_set_session(ssl, ssl_session);
-
- const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl);
+static jstring OpenSSLSessionImpl_getCipherSuite(JNIEnv* env, jclass, jint ssl_session_address) {
+ SSL_SESSION* ssl_session = reinterpret_cast<SSL_SESSION*>(static_cast<uintptr_t>(ssl_session_address));
- SSL_CIPHER* cipher = ssl_session->cipher;
++ const SSL_CIPHER* cipher = ssl_session->cipher;
jstring result = env->NewStringUTF(SSL_CIPHER_get_name(cipher));
-
- SSL_free(ssl);
- SSL_CTX_free(ssl_ctx);
return result;
}