| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Licensed to the Apache Software Foundation (ASF) under one or more | |
| 3 * contributor license agreements. See the NOTICE file distributed with | |
| 4 * this work for additional information regarding copyright ownership. | |
| 5 * The ASF licenses this file to You under the Apache License, Version 2.0 | |
| 6 * (the "License"); you may not use this file except in compliance with | |
| 7 * the License. You may obtain a copy of the License at | |
| 8 * | |
| 9 * http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 * | |
| 11 * Unless required by applicable law or agreed to in writing, software | |
| 12 * distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 * See the License for the specific language governing permissions and | |
| 15 * limitations under the License. | |
| 16 */ | |
| 17 | |
| 18 package org.apache.tomcat.jni; | |
| 19 | |
| 20 /** SSL Context | |
| 21 * | |
| 22 * @author Mladen Turk | |
| 23 */ | |
| 24 public final class SSLContext { | |
| 25 | |
| 26 | |
| 27 /** | |
| 28 * Initialize new SSL context | |
| 29 * @param pool The pool to use. | |
| 30 * @param protocol The SSL protocol to use. It can be any combination of | |
| 31 * the following: | |
| 32 * <PRE> | |
| 33 * {@link SSL#SSL_PROTOCOL_SSLV2} | |
| 34 * {@link SSL#SSL_PROTOCOL_SSLV3} | |
| 35 * {@link SSL#SSL_PROTOCOL_TLSV1} | |
| 36 * {@link SSL#SSL_PROTOCOL_TLSV1_1} | |
| 37 * {@link SSL#SSL_PROTOCOL_TLSV1_2} | |
| 38 * {@link SSL#SSL_PROTOCOL_ALL} ( == all TLS versions, no SSL) | |
| 39 * </PRE> | |
| 40 * @param mode SSL mode to use | |
| 41 * <PRE> | |
| 42 * SSL_MODE_CLIENT | |
| 43 * SSL_MODE_SERVER | |
| 44 * SSL_MODE_COMBINED | |
| 45 * </PRE> | |
| 46 */ | |
| 47 public static native long make(long pool, int protocol, int mode) | |
| 48 throws Exception; | |
| 49 | |
| 50 /** | |
| 51 * Free the resources used by the Context | |
| 52 * @param ctx Server or Client context to free. | |
| 53 * @return APR Status code. | |
| 54 */ | |
| 55 public static native int free(long ctx); | |
| 56 | |
| 57 /** | |
| 58 * Set Session context id. Usually host:port combination. | |
| 59 * @param ctx Context to use. | |
| 60 * @param id String that uniquely identifies this context. | |
| 61 */ | |
| 62 public static native void setContextId(long ctx, String id); | |
| 63 | |
| 64 /** | |
| 65 * Associate BIOCallback for input or output data capture. | |
| 66 * <br> | |
| 67 * First word in the output string will contain error | |
| 68 * level in the form: | |
| 69 * <PRE> | |
| 70 * [ERROR] -- Critical error messages | |
| 71 * [WARN] -- Warning messages | |
| 72 * [INFO] -- Informational messages | |
| 73 * [DEBUG] -- Debugging messaged | |
| 74 * </PRE> | |
| 75 * Callback can use that word to determine application logging level | |
| 76 * by intercepting <b>write</b> call. | |
| 77 * If the <b>bio</b> is set to 0 no error messages will be displayed. | |
| 78 * Default is to use the stderr output stream. | |
| 79 * @param ctx Server or Client context to use. | |
| 80 * @param bio BIO handle to use, created with SSL.newBIO | |
| 81 * @param dir BIO direction (1 for input 0 for output). | |
| 82 */ | |
| 83 public static native void setBIO(long ctx, long bio, int dir); | |
| 84 | |
| 85 /** | |
| 86 * Set OpenSSL Option. | |
| 87 * @param ctx Server or Client context to use. | |
| 88 * @param options See SSL.SSL_OP_* for option flags. | |
| 89 */ | |
| 90 public static native void setOptions(long ctx, int options); | |
| 91 | |
| 92 /** | |
| 93 * Get OpenSSL Option. | |
| 94 * @param ctx Server or Client context to use. | |
| 95 * @return options See SSL.SSL_OP_* for option flags. | |
| 96 */ | |
| 97 public static native int getOptions(long ctx); | |
| 98 | |
| 99 /** | |
| 100 * Clears OpenSSL Options. | |
| 101 * @param ctx Server or Client context to use. | |
| 102 * @param options See SSL.SSL_OP_* for option flags. | |
| 103 */ | |
| 104 public static native void clearOptions(long ctx, int options); | |
| 105 | |
| 106 /** | |
| 107 * Sets the "quiet shutdown" flag for <b>ctx</b> to be | |
| 108 * <b>mode</b>. SSL objects created from <b>ctx</b> inherit the | |
| 109 * <b>mode</b> valid at the time and may be 0 or 1. | |
| 110 * <br> | |
| 111 * Normally when a SSL connection is finished, the parties must send out | |
| 112 * "close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)&
gt; | |
| 113 * for a clean shutdown. | |
| 114 * <br> | |
| 115 * When setting the "quiet shutdown" flag to 1, <b>SSL.shutdown</b> | |
| 116 * will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. | |
| 117 * (<b>SSL_shutdown</b> then behaves like called with | |
| 118 * SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) | |
| 119 * The session is thus considered to be shutdown, but no "close notify" aler
t | |
| 120 * is sent to the peer. This behaviour violates the TLS standard. | |
| 121 * The default is normal shutdown behaviour as described by the TLS standard
. | |
| 122 * @param ctx Server or Client context to use. | |
| 123 * @param mode True to set the quiet shutdown. | |
| 124 */ | |
| 125 public static native void setQuietShutdown(long ctx, boolean mode); | |
| 126 | |
| 127 /** | |
| 128 * Cipher Suite available for negotiation in SSL handshake. | |
| 129 * <br> | |
| 130 * This complex directive uses a colon-separated cipher-spec string consisti
ng | |
| 131 * of OpenSSL cipher specifications to configure the Cipher Suite the client | |
| 132 * is permitted to negotiate in the SSL handshake phase. Notice that this | |
| 133 * directive can be used both in per-server and per-directory context. | |
| 134 * In per-server context it applies to the standard SSL handshake when a | |
| 135 * connection is established. In per-directory context it forces a SSL | |
| 136 * renegotiation with the reconfigured Cipher Suite after the HTTP request | |
| 137 * was read but before the HTTP response is sent. | |
| 138 * @param ctx Server or Client context to use. | |
| 139 * @param ciphers An SSL cipher specification. | |
| 140 */ | |
| 141 public static native boolean setCipherSuite(long ctx, String ciphers) | |
| 142 throws Exception; | |
| 143 | |
| 144 /** | |
| 145 * Set File of concatenated PEM-encoded CA CRLs or | |
| 146 * directory of PEM-encoded CA Certificates for Client Auth | |
| 147 * <br> | |
| 148 * This directive sets the all-in-one file where you can assemble the | |
| 149 * Certificate Revocation Lists (CRL) of Certification Authorities (CA) | |
| 150 * whose clients you deal with. These are used for Client Authentication. | |
| 151 * Such a file is simply the concatenation of the various PEM-encoded CRL | |
| 152 * files, in order of preference. | |
| 153 * <br> | |
| 154 * The files in this directory have to be PEM-encoded and are accessed throu
gh | |
| 155 * hash filenames. So usually you can't just place the Certificate files the
re: | |
| 156 * you also have to create symbolic links named hash-value.N. And you should | |
| 157 * always make sure this directory contains the appropriate symbolic links. | |
| 158 * Use the Makefile which comes with mod_ssl to accomplish this task. | |
| 159 * @param ctx Server or Client context to use. | |
| 160 * @param file File of concatenated PEM-encoded CA CRLs for Client Auth. | |
| 161 * @param path Directory of PEM-encoded CA Certificates for Client Auth. | |
| 162 */ | |
| 163 public static native boolean setCARevocation(long ctx, String file, | |
| 164 String path) | |
| 165 throws Exception; | |
| 166 | |
| 167 /** | |
| 168 * Set File of PEM-encoded Server CA Certificates | |
| 169 * <br> | |
| 170 * This directive sets the optional all-in-one file where you can assemble t
he | |
| 171 * certificates of Certification Authorities (CA) which form the certificate | |
| 172 * chain of the server certificate. This starts with the issuing CA certific
ate | |
| 173 * of of the server certificate and can range up to the root CA certificate. | |
| 174 * Such a file is simply the concatenation of the various PEM-encoded CA | |
| 175 * Certificate files, usually in certificate chain order. | |
| 176 * <br> | |
| 177 * But be careful: Providing the certificate chain works only if you are usi
ng | |
| 178 * a single (either RSA or DSA) based server certificate. If you are using a | |
| 179 * coupled RSA+DSA certificate pair, this will work only if actually both | |
| 180 * certificates use the same certificate chain. Else the browsers will be | |
| 181 * confused in this situation. | |
| 182 * @param ctx Server or Client context to use. | |
| 183 * @param file File of PEM-encoded Server CA Certificates. | |
| 184 * @param skipfirst Skip first certificate if chain file is inside | |
| 185 * certificate file. | |
| 186 */ | |
| 187 public static native boolean setCertificateChainFile(long ctx, String file, | |
| 188 boolean skipfirst); | |
| 189 /** | |
| 190 * Set BIO of PEM-encoded Server CA Certificates | |
| 191 * <p> | |
| 192 * This directive sets the optional all-in-one file where you can assemble t
he | |
| 193 * certificates of Certification Authorities (CA) which form the certificate | |
| 194 * chain of the server certificate. This starts with the issuing CA certific
ate | |
| 195 * of of the server certificate and can range up to the root CA certificate. | |
| 196 * Such a file is simply the concatenation of the various PEM-encoded CA | |
| 197 * Certificate files, usually in certificate chain order. | |
| 198 * <p> | |
| 199 * But be careful: Providing the certificate chain works only if you are usi
ng | |
| 200 * a single (either RSA or DSA) based server certificate. If you are using a | |
| 201 * coupled RSA+DSA certificate pair, this will work only if actually both | |
| 202 * certificates use the same certificate chain. Otherwsie the browsers will
be | |
| 203 * confused in this situation. | |
| 204 * @param ctx Server or Client context to use. | |
| 205 * @param bio BIO of PEM-encoded Server CA Certificates. | |
| 206 * @param skipfirst Skip first certificate if chain file is inside | |
| 207 * certificate file. | |
| 208 */ | |
| 209 public static native boolean setCertificateChainBio(long ctx, long bio, bool
ean skipfirst); | |
| 210 | |
| 211 /** | |
| 212 * Set Certificate | |
| 213 * <br> | |
| 214 * Point setCertificateFile at a PEM encoded certificate. If | |
| 215 * the certificate is encrypted, then you will be prompted for a | |
| 216 * pass phrase. Note that a kill -HUP will prompt again. A test | |
| 217 * certificate can be generated with `make certificate' under | |
| 218 * built time. Keep in mind that if you've both a RSA and a DSA | |
| 219 * certificate you can configure both in parallel (to also allow | |
| 220 * the use of DSA ciphers, etc.) | |
| 221 * <br> | |
| 222 * If the key is not combined with the certificate, use key param | |
| 223 * to point at the key file. Keep in mind that if | |
| 224 * you've both a RSA and a DSA private key you can configure | |
| 225 * both in parallel (to also allow the use of DSA ciphers, etc.) | |
| 226 * @param ctx Server or Client context to use. | |
| 227 * @param cert Certificate file. | |
| 228 * @param key Private Key file to use if not in cert. | |
| 229 * @param password Certificate password. If null and certificate | |
| 230 * is encrypted, password prompt will be displayed. | |
| 231 * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA. | |
| 232 */ | |
| 233 public static native boolean setCertificate(long ctx, String cert, | |
| 234 String key, String password, | |
| 235 int idx) | |
| 236 throws Exception; | |
| 237 | |
| 238 /** | |
| 239 * Set Certificate | |
| 240 * <br> | |
| 241 * Point setCertificate at a PEM encoded certificate stored in a BIO. If | |
| 242 * the certificate is encrypted, then you will be prompted for a | |
| 243 * pass phrase. Note that a kill -HUP will prompt again. A test | |
| 244 * certificate can be generated with `make certificate' under | |
| 245 * built time. Keep in mind that if you've both a RSA and a DSA | |
| 246 * certificate you can configure both in parallel (to also allow | |
| 247 * the use of DSA ciphers, etc.) | |
| 248 * <br> | |
| 249 * If the key is not combined with the certificate, use key param | |
| 250 * to point at the key file. Keep in mind that if | |
| 251 * you've both a RSA and a DSA private key you can configure | |
| 252 * both in parallel (to also allow the use of DSA ciphers, etc.) | |
| 253 * @param ctx Server or Client context to use. | |
| 254 * @param certBio Certificate BIO. | |
| 255 * @param keyBio Private Key BIO to use if not in cert. | |
| 256 * @param password Certificate password. If null and certificate | |
| 257 * is encrypted, password prompt will be displayed. | |
| 258 * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA. | |
| 259 */ | |
| 260 public static native boolean setCertificateBio( | |
| 261 long ctx, long certBio, long keyBio, String password, int idx) throw
s Exception; | |
| 262 | |
| 263 /** | |
| 264 * Set the size of the internal session cache. | |
| 265 * http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html | |
| 266 */ | |
| 267 public static native long setSessionCacheSize(long ctx, long size); | |
| 268 | |
| 269 /** | |
| 270 * Get the size of the internal session cache. | |
| 271 * http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html | |
| 272 */ | |
| 273 public static native long getSessionCacheSize(long ctx); | |
| 274 | |
| 275 /** | |
| 276 * Set the timeout for the internal session cache in seconds. | |
| 277 * http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html | |
| 278 */ | |
| 279 public static native long setSessionCacheTimeout(long ctx, long timeoutSecon
ds); | |
| 280 | |
| 281 /** | |
| 282 * Get the timeout for the internal session cache in seconds. | |
| 283 * http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html | |
| 284 */ | |
| 285 public static native long getSessionCacheTimeout(long ctx); | |
| 286 | |
| 287 /** | |
| 288 * Set the mode of the internal session cache and return the previous used m
ode. | |
| 289 */ | |
| 290 public static native long setSessionCacheMode(long ctx, long mode); | |
| 291 | |
| 292 /** | |
| 293 * Get the mode of the current used internal session cache. | |
| 294 */ | |
| 295 public static native long getSessionCacheMode(long ctx); | |
| 296 | |
| 297 /** | |
| 298 * Session resumption statistics methods. | |
| 299 * http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html | |
| 300 */ | |
| 301 public static native long sessionAccept(long ctx); | |
| 302 public static native long sessionAcceptGood(long ctx); | |
| 303 public static native long sessionAcceptRenegotiate(long ctx); | |
| 304 public static native long sessionCacheFull(long ctx); | |
| 305 public static native long sessionCbHits(long ctx); | |
| 306 public static native long sessionConnect(long ctx); | |
| 307 public static native long sessionConnectGood(long ctx); | |
| 308 public static native long sessionConnectRenegotiate(long ctx); | |
| 309 public static native long sessionHits(long ctx); | |
| 310 public static native long sessionMisses(long ctx); | |
| 311 public static native long sessionNumber(long ctx); | |
| 312 public static native long sessionTimeouts(long ctx); | |
| 313 | |
| 314 /** | |
| 315 * Set TLS session keys. | |
| 316 */ | |
| 317 public static void setSessionTicketKeys(long ctx, SessionTicketKey[] keys) { | |
| 318 if (keys == null || keys.length == 0) { | |
| 319 throw new IllegalArgumentException("Length of the keys should be lon
ger than 0."); | |
| 320 } | |
| 321 byte[] binaryKeys = new byte[keys.length * SessionTicketKey.TICKET_KEY_S
IZE]; | |
| 322 for (int i = 0; i < keys.length; i++) { | |
| 323 SessionTicketKey key = keys[i]; | |
| 324 int dstCurPos = SessionTicketKey.TICKET_KEY_SIZE * i; | |
| 325 System.arraycopy(key.getName(), 0, binaryKeys, dstCurPos, SessionTic
ketKey.NAME_SIZE); | |
| 326 dstCurPos += SessionTicketKey.NAME_SIZE; | |
| 327 System.arraycopy(key.getHmacKey(), 0, binaryKeys, dstCurPos, Session
TicketKey.HMAC_KEY_SIZE); | |
| 328 dstCurPos += SessionTicketKey.HMAC_KEY_SIZE; | |
| 329 System.arraycopy(key.getAesKey(), 0, binaryKeys, dstCurPos, SessionT
icketKey.AES_KEY_SIZE); | |
| 330 } | |
| 331 setSessionTicketKeys0(ctx, binaryKeys); | |
| 332 } | |
| 333 | |
| 334 /** | |
| 335 * Set TLS session keys. This allows us to share keys across TFEs. | |
| 336 */ | |
| 337 @Deprecated | |
| 338 public static void setSessionTicketKeys(long ctx, byte[] keys) { | |
| 339 if (keys.length % SessionTicketKey.TICKET_KEY_SIZE != 0) { | |
| 340 throw new IllegalArgumentException("Session ticket keys provided wer
e wrong size. keys.length % " + SessionTicketKey.TICKET_KEY_SIZE + " must be 0")
; | |
| 341 } | |
| 342 setSessionTicketKeys0(ctx, keys); | |
| 343 } | |
| 344 /** | |
| 345 * Set TLS session keys. This allows us to share keys across TFEs. | |
| 346 */ | |
| 347 private static native void setSessionTicketKeys0(long ctx, byte[] keys); | |
| 348 | |
| 349 /** | |
| 350 * Set File and Directory of concatenated PEM-encoded CA Certificates | |
| 351 * for Client Auth | |
| 352 * <br> | |
| 353 * This directive sets the all-in-one file where you can assemble the | |
| 354 * Certificates of Certification Authorities (CA) whose clients you deal wit
h. | |
| 355 * These are used for Client Authentication. Such a file is simply the | |
| 356 * concatenation of the various PEM-encoded Certificate files, in order of | |
| 357 * preference. This can be used alternatively and/or additionally to | |
| 358 * path. | |
| 359 * <br> | |
| 360 * The files in this directory have to be PEM-encoded and are accessed throu
gh | |
| 361 * hash filenames. So usually you can't just place the Certificate files the
re: | |
| 362 * you also have to create symbolic links named hash-value.N. And you should | |
| 363 * always make sure this directory contains the appropriate symbolic links. | |
| 364 * Use the Makefile which comes with mod_ssl to accomplish this task. | |
| 365 * @param ctx Server or Client context to use. | |
| 366 * @param file File of concatenated PEM-encoded CA Certificates for | |
| 367 * Client Auth. | |
| 368 * @param path Directory of PEM-encoded CA Certificates for Client Auth. | |
| 369 */ | |
| 370 public static native boolean setCACertificate(long ctx, String file, | |
| 371 String path) | |
| 372 throws Exception; | |
| 373 | |
| 374 /** | |
| 375 * Set file for randomness | |
| 376 * @param ctx Server or Client context to use. | |
| 377 * @param file random file. | |
| 378 */ | |
| 379 public static native void setRandom(long ctx, String file); | |
| 380 | |
| 381 /** | |
| 382 * Set SSL connection shutdown type | |
| 383 * <br> | |
| 384 * The following levels are available for level: | |
| 385 * <PRE> | |
| 386 * SSL_SHUTDOWN_TYPE_STANDARD | |
| 387 * SSL_SHUTDOWN_TYPE_UNCLEAN | |
| 388 * SSL_SHUTDOWN_TYPE_ACCURATE | |
| 389 * </PRE> | |
| 390 * @param ctx Server or Client context to use. | |
| 391 * @param type Shutdown type to use. | |
| 392 */ | |
| 393 public static native void setShutdownType(long ctx, int type); | |
| 394 | |
| 395 /** | |
| 396 * Set Type of Client Certificate verification and Maximum depth of CA Certi
ficates | |
| 397 * in Client Certificate verification. | |
| 398 * <br> | |
| 399 * This directive sets the Certificate verification level for the Client | |
| 400 * Authentication. Notice that this directive can be used both in per-server | |
| 401 * and per-directory context. In per-server context it applies to the client | |
| 402 * authentication process used in the standard SSL handshake when a connecti
on | |
| 403 * is established. In per-directory context it forces a SSL renegotiation wi
th | |
| 404 * the reconfigured client verification level after the HTTP request was rea
d | |
| 405 * but before the HTTP response is sent. | |
| 406 * <br> | |
| 407 * The following levels are available for level: | |
| 408 * <PRE> | |
| 409 * SSL_CVERIFY_NONE - No client Certificate is required at all | |
| 410 * SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate | |
| 411 * SSL_CVERIFY_REQUIRE - The client has to present a valid Certificat
e | |
| 412 * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate | |
| 413 * but it need not to be (successfully) verifia
ble | |
| 414 * </PRE> | |
| 415 * <br> | |
| 416 * The depth actually is the maximum number of intermediate certificate issu
ers, | |
| 417 * i.e. the number of CA certificates which are max allowed to be followed w
hile | |
| 418 * verifying the client certificate. A depth of 0 means that self-signed cli
ent | |
| 419 * certificates are accepted only, the default depth of 1 means the client | |
| 420 * certificate can be self-signed or has to be signed by a CA which is direc
tly | |
| 421 * known to the server (i.e. the CA's certificate is under | |
| 422 * <code>setCACertificatePath</code>), etc. | |
| 423 * @param ctx Server or Client context to use. | |
| 424 * @param level Type of Client Certificate verification. | |
| 425 * @param depth Maximum depth of CA Certificates in Client Certificate | |
| 426 * verification. | |
| 427 */ | |
| 428 public static native void setVerify(long ctx, int level, int depth); | |
| 429 | |
| 430 /** | |
| 431 * Allow to hook {@link CertificateVerifier} into the handshake processing. | |
| 432 * This will call {@code SSL_CTX_set_cert_verify_callback} and so replace th
e default verification | |
| 433 * callback used by openssl | |
| 434 * @param ctx Server or Client context to use. | |
| 435 * @param verifier the verifier to call during handshake. | |
| 436 */ | |
| 437 public static native void setCertVerifyCallback(long ctx, CertificateVerifie
r verifier); | |
| 438 | |
| 439 /** | |
| 440 * Set next protocol for next protocol negotiation extension | |
| 441 * @param ctx Server context to use. | |
| 442 * @param nextProtos comma delimited list of protocols in priority order | |
| 443 * | |
| 444 * @deprecated use {@link #setNpnProtos(long, String[], int)} | |
| 445 */ | |
| 446 @Deprecated | |
| 447 public static void setNextProtos(long ctx, String nextProtos) { | |
| 448 setNpnProtos(ctx, nextProtos.split(","), SSL.SSL_SELECTOR_FAILURE_CHOOSE
_MY_LAST_PROTOCOL); | |
| 449 } | |
| 450 | |
| 451 /** | |
| 452 * Set next protocol for next protocol negotiation extension | |
| 453 * @param ctx Server context to use. | |
| 454 * @param nextProtos protocols in priority order | |
| 455 * @param selectorFailureBehavior see {@link SSL#SSL_SELECTOR_FAILURE_NO_ADV
ERTISE} | |
| 456 * and {@link SSL#SSL_SELECTOR_FAILURE_CHOOSE
_MY_LAST_PROTOCOL} | |
| 457 */ | |
| 458 public static native void setNpnProtos(long ctx, String[] nextProtos, int se
lectorFailureBehavior); | |
| 459 | |
| 460 /** | |
| 461 * Set application layer protocol for application layer protocol negotiation
extension | |
| 462 * @param ctx Server context to use. | |
| 463 * @param alpnProtos protocols in priority order | |
| 464 * @param selectorFailureBehavior see {@link SSL#SSL_SELECTOR_FAILURE_NO_ADV
ERTISE} | |
| 465 * and {@link SSL#SSL_SELECTOR_FAILURE_CHOOSE
_MY_LAST_PROTOCOL} | |
| 466 */ | |
| 467 public static native void setAlpnProtos(long ctx, String[] alpnProtos, int s
electorFailureBehavior); | |
| 468 | |
| 469 /** | |
| 470 * Set DH parameters | |
| 471 * @param ctx Server context to use. | |
| 472 * @param cert DH param file (can be generated from e.g. {@code openssl dhpa
ram -rand - 2048 > dhparam.pem} - | |
| 473 * see the <a href="https://www.openssl.org/docs/apps/dhparam.ht
ml">OpenSSL documentation</a>). | |
| 474 */ | |
| 475 public static native void setTmpDH(long ctx, String cert) | |
| 476 throws Exception; | |
| 477 | |
| 478 /** | |
| 479 * Set ECDH elliptic curve by name | |
| 480 * @param ctx Server context to use. | |
| 481 * @param curveName the name of the elliptic curve to use | |
| 482 * (available names can be obtained from {@code openssl ecparam
-list_curves}). | |
| 483 */ | |
| 484 public static native void setTmpECDHByCurveName(long ctx, String curveName) | |
| 485 throws Exception; | |
| 486 | |
| 487 /** | |
| 488 * Set the context within which session be reused (server side only) | |
| 489 * http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html | |
| 490 * | |
| 491 * @param ctx Server context to use. | |
| 492 * @param sidCtx can be any kind of binary data, it is therefore possible to
use e.g. the name | |
| 493 * of the application and/or the hostname and/or service name | |
| 494 * @return {@code true} if success, {@code false} otherwise. | |
| 495 */ | |
| 496 public static native boolean setSessionIdContext(long ctx, byte[] sidCtx); | |
| 497 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2842333002:
Updated netty-tcnative to version 2.0.0.Final (Closed)
