Package org.apache.tomcat.jni
Class SSLExt
- java.lang.Object
-
- org.apache.tomcat.jni.SSLExt
-
public final class SSLExt extends java.lang.Object
Support TLS extensions and extra methods. The methods are separated to make it easier for java code to support existing native library - it can check if this class can be loaded in order to use the exensions.
-
-
Field Summary
Fields Modifier and Type Field Description static int
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
static int
SSL_MODE_ENABLE_PARTIAL_WRITE
(package private) static int
SSL_MODE_NO_AUTO_CHAIN
static int
SSL_MODE_RELEASE_BUFFERS
-
Constructor Summary
Constructors Constructor Description SSLExt()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
checkNPN(long tcsocket, byte[] expected)
Higher level method, checking if the specified protocol has been negotiated.static int
debug(long tcsock)
Enabling dump/debugging on the socket.static int
getNPN(long tcsock, byte[] proto)
Get other side's advertised protocols.static byte[]
getSessionData(long tcsock)
Server: Extract the session data associated with the socket.static int
getTicket(long tcsock, byte[] resBuf)
Client: get the ticket received from server, if tickets are supported.static int
setNPN(long sslContext, byte[] spdyNPN)
static int
setNPN(long tcctx, byte[] proto, int len)
Set advertised NPN protocol.static int
setSessionData(long tcsock, byte[] data, int len)
Server: Set the session data for a socket.static int
setSNI(long tcsock, byte[] data, int len)
For client side calls.static int
setTicket(long tcsock, byte[] data, int len)
Client: set the previously received ticket.static int
setTicketKeys(long ctx, byte[] data, int len)
Set the key used by server to generate tickets.static long
sslCtxSetMode(long ctx, long mode)
static java.lang.String
sslErrReasonErrorString()
Return the last openssl errorstatic long
sslSetMode(long tcsock, long mode)
SSL_set_mode
-
-
-
Field Detail
-
SSL_MODE_ENABLE_PARTIAL_WRITE
public static final int SSL_MODE_ENABLE_PARTIAL_WRITE
- See Also:
- Constant Field Values
-
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
public static final int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
- See Also:
- Constant Field Values
-
SSL_MODE_NO_AUTO_CHAIN
static final int SSL_MODE_NO_AUTO_CHAIN
- See Also:
- Constant Field Values
-
SSL_MODE_RELEASE_BUFFERS
public static final int SSL_MODE_RELEASE_BUFFERS
- See Also:
- Constant Field Values
-
-
Method Detail
-
setNPN
public static int setNPN(long tcctx, byte[] proto, int len)
Set advertised NPN protocol. This is only available for recent or patched openssl. Example: "\x06spdy/2" Works with TLS1, doesn't with SSL2/SSL3 Servers sends list in ServerHelo, client selects it and sends it back after ChangeChipher Not supported in 1.0.0, seems to be in 1.0.1 and after
-
getNPN
public static int getNPN(long tcsock, byte[] proto)
Get other side's advertised protocols. Only works after handshake.
-
debug
public static int debug(long tcsock)
Enabling dump/debugging on the socket. Both raw and decrypted packets will be logged.
-
getSessionData
public static byte[] getSessionData(long tcsock)
Server: Extract the session data associated with the socket. Must be saved, keyed by session ID.
-
setSessionData
public static int setSessionData(long tcsock, byte[] data, int len)
Server: Set the session data for a socket.
-
getTicket
public static int getTicket(long tcsock, byte[] resBuf)
Client: get the ticket received from server, if tickets are supported.
-
setTicket
public static int setTicket(long tcsock, byte[] data, int len)
Client: set the previously received ticket.
-
setTicketKeys
public static int setTicketKeys(long ctx, byte[] data, int len)
Set the key used by server to generate tickets. Key must be 48 bytes.
-
setSNI
public static int setSNI(long tcsock, byte[] data, int len)
For client side calls. Data should be a \0 terminated string
-
sslErrReasonErrorString
public static java.lang.String sslErrReasonErrorString()
Return the last openssl error
-
sslCtxSetMode
public static long sslCtxSetMode(long ctx, long mode)
-
sslSetMode
public static long sslSetMode(long tcsock, long mode)
SSL_set_mode
-
setNPN
public static int setNPN(long sslContext, byte[] spdyNPN)
-
checkNPN
public static boolean checkNPN(long tcsocket, byte[] expected)
Higher level method, checking if the specified protocol has been negotiated.
-
-