Index: java/io/netty/internal/tcnative/SSLContext.java |
diff --git a/java/src/org/apache/tomcat/jni/SSLContext.java b/java/io/netty/internal/tcnative/SSLContext.java |
similarity index 61% |
rename from java/src/org/apache/tomcat/jni/SSLContext.java |
rename to java/io/netty/internal/tcnative/SSLContext.java |
index a40d318d50c5c6c33a664fa4d6c9d13219867fd8..80d4aae3f7276dde74034a91883855b595bf0bb1 100644 |
--- a/java/src/org/apache/tomcat/jni/SSLContext.java |
+++ b/java/io/netty/internal/tcnative/SSLContext.java |
@@ -1,4 +1,19 @@ |
/* |
+ * Copyright 2016 The Netty Project |
+ * |
+ * The Netty Project licenses this file to you under the Apache License, |
+ * version 2.0 (the "License"); you may not use this file except in compliance |
+ * with the License. You may obtain a copy of the License at: |
+ * |
+ * http://www.apache.org/licenses/LICENSE-2.0 |
+ * |
+ * Unless required by applicable law or agreed to in writing, software |
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
+ * License for the specific language governing permissions and limitations |
+ * under the License. |
+ */ |
+/* |
* Licensed to the Apache Software Foundation (ASF) under one or more |
* contributor license agreements. See the NOTICE file distributed with |
* this work for additional information regarding copyright ownership. |
@@ -15,18 +30,14 @@ |
* limitations under the License. |
*/ |
-package org.apache.tomcat.jni; |
+package io.netty.internal.tcnative; |
-/** SSL Context |
- * |
- * @author Mladen Turk |
- */ |
public final class SSLContext { |
+ private SSLContext() { } |
/** |
* Initialize new SSL context |
- * @param pool The pool to use. |
* @param protocol The SSL protocol to use. It can be any combination of |
* the following: |
* <PRE> |
@@ -43,8 +54,10 @@ public final class SSLContext { |
* SSL_MODE_SERVER |
* SSL_MODE_COMBINED |
* </PRE> |
+ * @return the SSLContext struct |
+ * @throws Exception if an error happened |
*/ |
- public static native long make(long pool, int protocol, int mode) |
+ public static native long make(int protocol, int mode) |
throws Exception; |
/** |
@@ -62,27 +75,6 @@ public final class SSLContext { |
public static native void setContextId(long ctx, String id); |
/** |
- * Associate BIOCallback for input or output data capture. |
- * <br> |
- * First word in the output string will contain error |
- * level in the form: |
- * <PRE> |
- * [ERROR] -- Critical error messages |
- * [WARN] -- Warning messages |
- * [INFO] -- Informational messages |
- * [DEBUG] -- Debugging messaged |
- * </PRE> |
- * Callback can use that word to determine application logging level |
- * by intercepting <b>write</b> call. |
- * If the <b>bio</b> is set to 0 no error messages will be displayed. |
- * Default is to use the stderr output stream. |
- * @param ctx Server or Client context to use. |
- * @param bio BIO handle to use, created with SSL.newBIO |
- * @param dir BIO direction (1 for input 0 for output). |
- */ |
- public static native void setBIO(long ctx, long bio, int dir); |
- |
- /** |
* Set OpenSSL Option. |
* @param ctx Server or Client context to use. |
* @param options See SSL.SSL_OP_* for option flags. |
@@ -104,27 +96,6 @@ public final class SSLContext { |
public static native void clearOptions(long ctx, int options); |
/** |
- * Sets the "quiet shutdown" flag for <b>ctx</b> to be |
- * <b>mode</b>. SSL objects created from <b>ctx</b> inherit the |
- * <b>mode</b> valid at the time and may be 0 or 1. |
- * <br> |
- * Normally when a SSL connection is finished, the parties must send out |
- * "close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> |
- * for a clean shutdown. |
- * <br> |
- * When setting the "quiet shutdown" flag to 1, <b>SSL.shutdown</b> |
- * will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. |
- * (<b>SSL_shutdown</b> then behaves like called with |
- * SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) |
- * The session is thus considered to be shutdown, but no "close notify" alert |
- * is sent to the peer. This behaviour violates the TLS standard. |
- * The default is normal shutdown behaviour as described by the TLS standard. |
- * @param ctx Server or Client context to use. |
- * @param mode True to set the quiet shutdown. |
- */ |
- public static native void setQuietShutdown(long ctx, boolean mode); |
- |
- /** |
* Cipher Suite available for negotiation in SSL handshake. |
* <br> |
* This complex directive uses a colon-separated cipher-spec string consisting |
@@ -137,32 +108,10 @@ public final class SSLContext { |
* was read but before the HTTP response is sent. |
* @param ctx Server or Client context to use. |
* @param ciphers An SSL cipher specification. |
+ * @return {@code true} if successful |
+ * @throws Exception if an error happened |
*/ |
- public static native boolean setCipherSuite(long ctx, String ciphers) |
- throws Exception; |
- |
- /** |
- * Set File of concatenated PEM-encoded CA CRLs or |
- * directory of PEM-encoded CA Certificates for Client Auth |
- * <br> |
- * This directive sets the all-in-one file where you can assemble the |
- * Certificate Revocation Lists (CRL) of Certification Authorities (CA) |
- * whose clients you deal with. These are used for Client Authentication. |
- * Such a file is simply the concatenation of the various PEM-encoded CRL |
- * files, in order of preference. |
- * <br> |
- * The files in this directory have to be PEM-encoded and are accessed through |
- * hash filenames. So usually you can't just place the Certificate files there: |
- * you also have to create symbolic links named hash-value.N. And you should |
- * always make sure this directory contains the appropriate symbolic links. |
- * Use the Makefile which comes with mod_ssl to accomplish this task. |
- * @param ctx Server or Client context to use. |
- * @param file File of concatenated PEM-encoded CA CRLs for Client Auth. |
- * @param path Directory of PEM-encoded CA Certificates for Client Auth. |
- */ |
- public static native boolean setCARevocation(long ctx, String file, |
- String path) |
- throws Exception; |
+ public static native boolean setCipherSuite(long ctx, String ciphers) throws Exception; |
/** |
* Set File of PEM-encoded Server CA Certificates |
@@ -183,9 +132,9 @@ public final class SSLContext { |
* @param file File of PEM-encoded Server CA Certificates. |
* @param skipfirst Skip first certificate if chain file is inside |
* certificate file. |
+ * @return {@code true} if successful |
*/ |
- public static native boolean setCertificateChainFile(long ctx, String file, |
- boolean skipfirst); |
+ public static native boolean setCertificateChainFile(long ctx, String file, boolean skipfirst); |
/** |
* Set BIO of PEM-encoded Server CA Certificates |
* <p> |
@@ -205,12 +154,13 @@ public final class SSLContext { |
* @param bio BIO of PEM-encoded Server CA Certificates. |
* @param skipfirst Skip first certificate if chain file is inside |
* certificate file. |
+ * @return {@code true} if successful |
*/ |
public static native boolean setCertificateChainBio(long ctx, long bio, boolean skipfirst); |
/** |
* Set Certificate |
- * <br> |
+ * <p> |
* Point setCertificateFile at a PEM encoded certificate. If |
* the certificate is encrypted, then you will be prompted for a |
* pass phrase. Note that a kill -HUP will prompt again. A test |
@@ -218,7 +168,7 @@ public final class SSLContext { |
* built time. Keep in mind that if you've both a RSA and a DSA |
* certificate you can configure both in parallel (to also allow |
* the use of DSA ciphers, etc.) |
- * <br> |
+ * <p> |
* If the key is not combined with the certificate, use key param |
* to point at the key file. Keep in mind that if |
* you've both a RSA and a DSA private key you can configure |
@@ -228,16 +178,14 @@ public final class SSLContext { |
* @param key Private Key file to use if not in cert. |
* @param password Certificate password. If null and certificate |
* is encrypted, password prompt will be displayed. |
- * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA. |
+ * @return {@code true} if successful |
+ * @throws Exception if an error happened |
*/ |
- public static native boolean setCertificate(long ctx, String cert, |
- String key, String password, |
- int idx) |
- throws Exception; |
+ public static native boolean setCertificate(long ctx, String cert, String key, String password) throws Exception; |
/** |
* Set Certificate |
- * <br> |
+ * <p> |
* Point setCertificate at a PEM encoded certificate stored in a BIO. If |
* the certificate is encrypted, then you will be prompted for a |
* pass phrase. Note that a kill -HUP will prompt again. A test |
@@ -245,7 +193,7 @@ public final class SSLContext { |
* built time. Keep in mind that if you've both a RSA and a DSA |
* certificate you can configure both in parallel (to also allow |
* the use of DSA ciphers, etc.) |
- * <br> |
+ * <p> |
* If the key is not combined with the certificate, use key param |
* to point at the key file. Keep in mind that if |
* you've both a RSA and a DSA private key you can configure |
@@ -255,64 +203,199 @@ public final class SSLContext { |
* @param keyBio Private Key BIO to use if not in cert. |
* @param password Certificate password. If null and certificate |
* is encrypted, password prompt will be displayed. |
- * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA. |
+ * @return {@code true} if successful |
+ * @throws Exception if an error happened |
*/ |
- public static native boolean setCertificateBio( |
- long ctx, long certBio, long keyBio, String password, int idx) throws Exception; |
+ public static native boolean setCertificateBio(long ctx, long certBio, long keyBio, String password) throws Exception; |
/** |
* Set the size of the internal session cache. |
- * http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_set_cache_size.html">man SSL_CTX_sess_set_cache_size</a> |
+ * @param ctx Server or Client context to use. |
+ * @param size the size of the cache |
+ * @return the previous set value |
*/ |
public static native long setSessionCacheSize(long ctx, long size); |
/** |
* Get the size of the internal session cache. |
- * http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_get_cache_size.html">man SSL_CTX_sess_get_cache_size</a> |
+ * @param ctx Server or Client context to use. |
+ * @return the current value |
*/ |
public static native long getSessionCacheSize(long ctx); |
/** |
* Set the timeout for the internal session cache in seconds. |
- * http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html">man SSL_CTX_set_timeout</a> |
+ * @param ctx Server or Client context to use. |
+ * @param timeoutSeconds the timeout of the cache |
+ * @return the previous set value |
*/ |
public static native long setSessionCacheTimeout(long ctx, long timeoutSeconds); |
/** |
* Get the timeout for the internal session cache in seconds. |
- * http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_get_timeout.html">man SSL_CTX_get_timeout</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current value |
*/ |
public static native long getSessionCacheTimeout(long ctx); |
/** |
* Set the mode of the internal session cache and return the previous used mode. |
+ * @param ctx Server or Client context to use |
+ * @param mode the mode of the cache |
+ * @return the previous set value |
*/ |
public static native long setSessionCacheMode(long ctx, long mode); |
/** |
* Get the mode of the current used internal session cache. |
+ * |
+ * @param ctx Server or Client context to use |
+ * @return the current mode |
*/ |
public static native long getSessionCacheMode(long ctx); |
/** |
* Session resumption statistics methods. |
- * http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
*/ |
public static native long sessionAccept(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionAcceptGood(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionAcceptRenegotiate(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionCacheFull(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionCbHits(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionConnect(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionConnectGood(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionConnectRenegotiate(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionHits(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionMisses(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionNumber(long ctx); |
+ |
+ /** |
+ * Session resumption statistics methods. |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_sess_number.html">man SSL_CTX_sess_number</a> |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
public static native long sessionTimeouts(long ctx); |
/** |
- * Set TLS session keys. |
+ * TLS session ticket key resumption statistics. |
+ * |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
+ public static native long sessionTicketKeyNew(long ctx); |
+ |
+ /** |
+ * TLS session ticket key resumption statistics. |
+ * |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
+ public static native long sessionTicketKeyResume(long ctx); |
+ |
+ /** |
+ * TLS session ticket key resumption statistics. |
+ * |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
+ public static native long sessionTicketKeyRenew(long ctx); |
+ |
+ /** |
+ * TLS session ticket key resumption statistics. |
+ * |
+ * @param ctx Server or Client context to use |
+ * @return the current number |
+ */ |
+ public static native long sessionTicketKeyFail(long ctx); |
+ |
+ /** |
+ * Set TLS session ticket keys. |
+ * |
+ * <p> The first key in the list is the primary key. Tickets dervied from the other keys |
+ * in the list will be accepted but updated to a new ticket using the primary key. This |
+ * is useful for implementing ticket key rotation. |
+ * See <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> |
+ * |
+ * @param ctx Server or Client context to use |
+ * @param keys the {@link SessionTicketKey}s |
*/ |
public static void setSessionTicketKeys(long ctx, SessionTicketKey[] keys) { |
if (keys == null || keys.length == 0) { |
@@ -322,75 +405,35 @@ public final class SSLContext { |
for (int i = 0; i < keys.length; i++) { |
SessionTicketKey key = keys[i]; |
int dstCurPos = SessionTicketKey.TICKET_KEY_SIZE * i; |
- System.arraycopy(key.getName(), 0, binaryKeys, dstCurPos, SessionTicketKey.NAME_SIZE); |
+ System.arraycopy(key.name, 0, binaryKeys, dstCurPos, SessionTicketKey.NAME_SIZE); |
dstCurPos += SessionTicketKey.NAME_SIZE; |
- System.arraycopy(key.getHmacKey(), 0, binaryKeys, dstCurPos, SessionTicketKey.HMAC_KEY_SIZE); |
+ System.arraycopy(key.hmacKey, 0, binaryKeys, dstCurPos, SessionTicketKey.HMAC_KEY_SIZE); |
dstCurPos += SessionTicketKey.HMAC_KEY_SIZE; |
- System.arraycopy(key.getAesKey(), 0, binaryKeys, dstCurPos, SessionTicketKey.AES_KEY_SIZE); |
+ System.arraycopy(key.aesKey, 0, binaryKeys, dstCurPos, SessionTicketKey.AES_KEY_SIZE); |
} |
setSessionTicketKeys0(ctx, binaryKeys); |
} |
/** |
- * Set TLS session keys. This allows us to share keys across TFEs. |
- */ |
- @Deprecated |
- public static void setSessionTicketKeys(long ctx, byte[] keys) { |
- if (keys.length % SessionTicketKey.TICKET_KEY_SIZE != 0) { |
- throw new IllegalArgumentException("Session ticket keys provided were wrong size. keys.length % " + SessionTicketKey.TICKET_KEY_SIZE + " must be 0"); |
- } |
- setSessionTicketKeys0(ctx, keys); |
- } |
- /** |
- * Set TLS session keys. This allows us to share keys across TFEs. |
+ * Set TLS session keys. |
*/ |
private static native void setSessionTicketKeys0(long ctx, byte[] keys); |
/** |
- * Set File and Directory of concatenated PEM-encoded CA Certificates |
- * for Client Auth |
+ * Set concatenated PEM-encoded CA Certificates for Client Auth |
* <br> |
- * This directive sets the all-in-one file where you can assemble the |
+ * This directive sets the all-in-one BIO where you can assemble the |
* Certificates of Certification Authorities (CA) whose clients you deal with. |
- * These are used for Client Authentication. Such a file is simply the |
+ * These are used for Client Authentication. Such a BIO is simply the |
* concatenation of the various PEM-encoded Certificate files, in order of |
* preference. This can be used alternatively and/or additionally to |
* path. |
* <br> |
- * The files in this directory have to be PEM-encoded and are accessed through |
- * hash filenames. So usually you can't just place the Certificate files there: |
- * you also have to create symbolic links named hash-value.N. And you should |
- * always make sure this directory contains the appropriate symbolic links. |
- * Use the Makefile which comes with mod_ssl to accomplish this task. |
- * @param ctx Server or Client context to use. |
- * @param file File of concatenated PEM-encoded CA Certificates for |
- * Client Auth. |
- * @param path Directory of PEM-encoded CA Certificates for Client Auth. |
- */ |
- public static native boolean setCACertificate(long ctx, String file, |
- String path) |
- throws Exception; |
- |
- /** |
- * Set file for randomness |
- * @param ctx Server or Client context to use. |
- * @param file random file. |
- */ |
- public static native void setRandom(long ctx, String file); |
- |
- /** |
- * Set SSL connection shutdown type |
- * <br> |
- * The following levels are available for level: |
- * <PRE> |
- * SSL_SHUTDOWN_TYPE_STANDARD |
- * SSL_SHUTDOWN_TYPE_UNCLEAN |
- * SSL_SHUTDOWN_TYPE_ACCURATE |
- * </PRE> |
- * @param ctx Server or Client context to use. |
- * @param type Shutdown type to use. |
+ * @param ctx Server context to use. |
+ * @param certBio Directory of PEM-encoded CA Certificates for Client Auth. |
+ * @return {@code true} if successful, {@code false} otherwise. |
*/ |
- public static native void setShutdownType(long ctx, int type); |
+ public static native boolean setCACertificateBio(long ctx, long certBio); |
/** |
* Set Type of Client Certificate verification and Maximum depth of CA Certificates |
@@ -405,14 +448,12 @@ public final class SSLContext { |
* but before the HTTP response is sent. |
* <br> |
* The following levels are available for level: |
- * <PRE> |
- * SSL_CVERIFY_NONE - No client Certificate is required at all |
- * SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate |
- * SSL_CVERIFY_REQUIRE - The client has to present a valid Certificate |
- * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate |
- * but it need not to be (successfully) verifiable |
- * </PRE> |
- * <br> |
+ * <ul> |
+ * <li>{@link SSL#SSL_CVERIFY_IGNORED} - The level is ignored. Only depth will change.</li> |
+ * <li>{@link SSL#SSL_CVERIFY_NONE} - No client Certificate is required at all</li> |
+ * <li>{@link SSL#SSL_CVERIFY_OPTIONAL} - The client may present a valid Certificate</li> |
+ * <li>{@link SSL#SSL_CVERIFY_REQUIRED} - The client has to present a valid Certificate</li> |
+ * </ul> |
* The depth actually is the maximum number of intermediate certificate issuers, |
* i.e. the number of CA certificates which are max allowed to be followed while |
* verifying the client certificate. A depth of 0 means that self-signed client |
@@ -437,16 +478,13 @@ public final class SSLContext { |
public static native void setCertVerifyCallback(long ctx, CertificateVerifier verifier); |
/** |
- * Set next protocol for next protocol negotiation extension |
- * @param ctx Server context to use. |
- * @param nextProtos comma delimited list of protocols in priority order |
- * |
- * @deprecated use {@link #setNpnProtos(long, String[], int)} |
+ * Allow to hook {@link CertificateRequestedCallback} into the certificate choosing process. |
+ * This will call {@code SSL_CTX_set_client_cert_cb} and so replace the default verification |
+ * callback used by openssl |
+ * @param ctx Server or Client context to use. |
+ * @param callback the callback to call during certificate selection. |
*/ |
- @Deprecated |
- public static void setNextProtos(long ctx, String nextProtos) { |
- setNpnProtos(ctx, nextProtos.split(","), SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL); |
- } |
+ public static native void setCertRequestedCallback(long ctx, CertificateRequestedCallback callback); |
/** |
* Set next protocol for next protocol negotiation extension |
@@ -467,26 +505,16 @@ public final class SSLContext { |
public static native void setAlpnProtos(long ctx, String[] alpnProtos, int selectorFailureBehavior); |
/** |
- * Set DH parameters |
- * @param ctx Server context to use. |
- * @param cert DH param file (can be generated from e.g. {@code openssl dhparam -rand - 2048 > dhparam.pem} - |
- * see the <a href="https://www.openssl.org/docs/apps/dhparam.html">OpenSSL documentation</a>). |
- */ |
- public static native void setTmpDH(long ctx, String cert) |
- throws Exception; |
- |
- /** |
- * Set ECDH elliptic curve by name |
+ * Set length of the DH to use. |
+ * |
* @param ctx Server context to use. |
- * @param curveName the name of the elliptic curve to use |
- * (available names can be obtained from {@code openssl ecparam -list_curves}). |
+ * @param length the length. |
*/ |
- public static native void setTmpECDHByCurveName(long ctx, String curveName) |
- throws Exception; |
+ public static native void setTmpDHLength(long ctx, int length); |
/** |
- * Set the context within which session be reused (server side only) |
- * http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html |
+ * Set the context within which session be reused (server side only). |
+ * See <a href="https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_session_id_context.html">man SSL_CTX_set_session_id_context</a> |
* |
* @param ctx Server context to use. |
* @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name |
@@ -494,4 +522,21 @@ public final class SSLContext { |
* @return {@code true} if success, {@code false} otherwise. |
*/ |
public static native boolean setSessionIdContext(long ctx, byte[] sidCtx); |
+ |
+ /** |
+ * Call SSL_CTX_set_mode |
+ * |
+ * @param ctx context to use |
+ * @param mode the mode |
+ * @return the set mode. |
+ */ |
+ public static native int setMode(long ctx, int mode); |
+ |
+ /** |
+ * Call SSL_CTX_get_mode |
+ * |
+ * @param ctx context to use |
+ * @return the mode. |
+ */ |
+ public static native int getMode(long ctx); |
} |