add method to check if CRL is enabled in native wolfSSL
Chris Conlon
parent
de0e4e0a3a
commit
4ea4646e6c
|
|
@ -340,22 +340,24 @@ public class Client {
|
|||
ssl = new WolfSSLSession(sslCtx);
|
||||
|
||||
/* enable/load CRL functionality */
|
||||
ret = ssl.enableCRL(WolfSSL.WOLFSSL_CRL_CHECKALL);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to enable CRL check");
|
||||
System.exit(1);
|
||||
}
|
||||
ret = ssl.loadCRL(crlPemDir, WolfSSL.SSL_FILETYPE_PEM, 0);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("can't load CRL, check CRL file and date " +
|
||||
"validity");
|
||||
System.exit(1);
|
||||
}
|
||||
MyMissingCRLCallback crlCb = new MyMissingCRLCallback();
|
||||
ret = ssl.setCRLCb(crlCb);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("can't set CRL callback");
|
||||
System.exit(1);
|
||||
if (WolfSSL.isEnabledCRL() == 1) {
|
||||
ret = ssl.enableCRL(WolfSSL.WOLFSSL_CRL_CHECKALL);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to enable CRL check");
|
||||
System.exit(1);
|
||||
}
|
||||
ret = ssl.loadCRL(crlPemDir, WolfSSL.SSL_FILETYPE_PEM, 0);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("can't load CRL, check CRL file and " +
|
||||
"date validity");
|
||||
System.exit(1);
|
||||
}
|
||||
MyMissingCRLCallback crlCb = new MyMissingCRLCallback();
|
||||
ret = ssl.setCRLCb(crlCb);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("can't set CRL callback");
|
||||
System.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
/* open Socket */
|
||||
|
|
|
|||
|
|
@ -351,40 +351,42 @@ public class Server {
|
|||
}
|
||||
|
||||
/* enable/load CRL functionality */
|
||||
ret = ssl.enableCRL(0);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to enable CRL, ret = "
|
||||
+ ret);
|
||||
System.exit(1);
|
||||
}
|
||||
if (crlDirMonitor == 1) {
|
||||
ret = ssl.loadCRL(crlPemDir, WolfSSL.SSL_FILETYPE_PEM,
|
||||
(WolfSSL.WOLFSSL_CRL_MONITOR |
|
||||
WolfSSL.WOLFSSL_CRL_START_MON));
|
||||
if (ret == WolfSSL.MONITOR_RUNNING_E) {
|
||||
System.out.println("CRL monitor already running, " +
|
||||
"continuing");
|
||||
} else if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to start CRL monitor, ret = "
|
||||
if (WolfSSL.isEnabledCRL() == 1) {
|
||||
ret = ssl.enableCRL(0);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to enable CRL, ret = "
|
||||
+ ret);
|
||||
System.exit(1);
|
||||
}
|
||||
} else {
|
||||
ret = ssl.loadCRL(crlPemDir, WolfSSL.SSL_FILETYPE_PEM, 0);
|
||||
if (crlDirMonitor == 1) {
|
||||
ret = ssl.loadCRL(crlPemDir, WolfSSL.SSL_FILETYPE_PEM,
|
||||
(WolfSSL.WOLFSSL_CRL_MONITOR |
|
||||
WolfSSL.WOLFSSL_CRL_START_MON));
|
||||
if (ret == WolfSSL.MONITOR_RUNNING_E) {
|
||||
System.out.println("CRL monitor already running, " +
|
||||
"continuing");
|
||||
} else if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to start CRL monitor, ret = "
|
||||
+ ret);
|
||||
System.exit(1);
|
||||
}
|
||||
} else {
|
||||
ret = ssl.loadCRL(crlPemDir, WolfSSL.SSL_FILETYPE_PEM, 0);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to load CRL, ret = " + ret);
|
||||
System.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
MyMissingCRLCallback crlCb = new MyMissingCRLCallback();
|
||||
ret = ssl.setCRLCb(crlCb);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to load CRL, ret = " + ret);
|
||||
System.out.println("failed to set CRL callback, ret = "
|
||||
+ ret);
|
||||
System.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
MyMissingCRLCallback crlCb = new MyMissingCRLCallback();
|
||||
ret = ssl.setCRLCb(crlCb);
|
||||
if (ret != WolfSSL.SSL_SUCCESS) {
|
||||
System.out.println("failed to set CRL callback, ret = "
|
||||
+ ret);
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
if (useIOCallbacks || (doDTLS == 1)) {
|
||||
/* register I/O callbacks */
|
||||
MyRecvCallback rcb = new MyRecvCallback();
|
||||
|
|
|
|||
|
|
@ -409,3 +409,13 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacMaxSize
|
|||
return MAX_DIGEST_SIZE;
|
||||
}
|
||||
|
||||
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_isEnabledCRL
|
||||
(JNIEnv* jenv, jclass jcl)
|
||||
{
|
||||
#ifdef HAVE_CRL
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -391,6 +391,14 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSL_x509_1getDer
|
|||
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_getHmacMaxSize
|
||||
(JNIEnv *, jclass);
|
||||
|
||||
/*
|
||||
* Class: com_wolfssl_WolfSSL
|
||||
* Method: isEnabledCRL
|
||||
* Signature: ()I
|
||||
*/
|
||||
JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_isEnabledCRL
|
||||
(JNIEnv *, jclass);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -587,5 +587,12 @@ public class WolfSSL {
|
|||
*/
|
||||
public static native int getHmacMaxSize();
|
||||
|
||||
/**
|
||||
* Checks if CRL support is enabled in wolfSSL native library.
|
||||
*
|
||||
* @return 1 if enabled, 0 if not compiled in
|
||||
*/
|
||||
public static native int isEnabledCRL();
|
||||
|
||||
} /* end WolfSSL */
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue