Lines Matching refs:ssl
34 #include <openssl/ssl.h>
111 void operator()(SSL* p) const {
115 typedef UniquePtr<SSL, SSL_Delete> Unique_SSL;
160 * Frees the SSL error state.
203 * Throws a javax.net.ssl.SSLException with the given string as a message.
207 jniThrowException(env, "javax/net/ssl/SSLException", message);
211 * Throws a javax.net.ssl.SSLProcotolException with the given string as a message.
215 jniThrowException(env, "javax/net/ssl/SSLProtocolException", message);
220 * SSL errors. This will also log the errors.
223 * @param ssl the possibly NULL SSL
229 JNIEnv* env, SSL* ssl, int sslErrorCode, const char* message) {
232 message = "SSL error";
235 // First consult the SSL error code for the general message.
246 sslErrorStr = "Failure in SSL library, usually a protocol error";
270 sslErrorStr = "Unknown SSL error";
275 if (asprintf(&str, "%s: ssl=%p: %s", message, ssl, sslErrorStr) <= 0) {
278 LOGV("%s: ssl=%p: %s", message, ssl, sslErrorStr);
285 // For protocol errors, SSL might have more information.
342 * Helper function that grabs the casts an ssl pointer and then checks for nullness.
351 * @param throwIfNull whether to throw if the SSL pointer is NULL
363 static SSL* to_SSL(JNIEnv* env, int ssl_address, bool throwIfNull) {
364 SSL* ssl = reinterpret_cast<SSL*>(static_cast<uintptr_t>(ssl_address));
365 if ((ssl == NULL) && throwIfNull) {
366 JNI_TRACE("ssl == null");
367 jniThrowNullPointerException(env, "ssl == null");
369 return ssl;
885 * @return 1 on success, 0 on failure, -1 on error (check SSL errors then)
991 * Convert ssl version constant to string. Based on SSL_get_version
1032 LOGD("Unknown TLS/SSL content type %d", content_type);
1044 const void* buf, size_t len, SSL* ssl, void* arg) {
1045 JNI_TRACE("ssl=%p SSL msg %s %s %s %p %d %p",
1046 ssl,
1060 static void info_callback_LOG(const SSL* s __attribute__ ((unused)), int where, int ret)
1073 JNI_TRACE("ssl=%p %s:%s %s", s, str, SSL_state_string(s), SSL_state_string_long(s));
1076 JNI_TRACE("ssl=%p SSL3 alert %s:%s:%s %s %s",
1085 JNI_TRACE("ssl
1088 JNI_TRACE("ssl=%p %s:error exit in %s %s",
1091 JNI_TRACE("ssl=%p %s:ok exit in %s %s",
1094 JNI_TRACE("ssl=%p %s:unknown exit %d in %s %s",
1098 JNI_TRACE("ssl=%p handshake start in %s %s",
1101 JNI_TRACE("ssl=%p handshake done in %s %s",
1104 JNI_TRACE("ssl=%p %s:unknown where %d in %s %s",
1205 * (1) We use a flag to reflect whether we consider the SSL connection alive.
1259 * the JNIEnv on calls that can read and write to the SSL such as
1280 * Creates the application data context for the SSL*.
1321 * Used to set the SSL-to-Java callback state before each SSL_*
1349 * Dark magic helper function that checks, for a given SSL session, whether it
1532 static const char* SSL_authentication_method(SSL* ssl)
1534 switch (ssl->version) {
1540 return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
1546 static AppData* toAppData(const SSL* ssl) {
1547 return reinterpret_cast<AppData*>(SSL_get_app_data(ssl));
1556 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(x509_store_ctx,
1558 JNI_TRACE("ssl=%p cert_verify_callback x509_store_ctx=%p arg=%p", ssl, x509_store_ctx, arg);
1560 AppData* appData = toAppData(ssl);
1564 JNI_TRACE("ssl=%p cert_verify_callback => 0", ssl);
1575 const char* authMethod = SSL_authentication_method(ssl);
1576 JNI_TRACE("ssl=%p cert_verify_callback calling verifyCertificateChain authMethod=%s",
1577 ssl, authMethod);
1582 JNI_TRACE("ssl=%p cert_verify_callback => %d", ssl, result);
1591 static void info_callback(const SSL* ssl, int where, int ret __attribute__ ((unused))) {
1592 JNI_TRACE("ssl=%p info_callback where=0x%x ret=%d", ssl, where, ret);
1594 info_callback_LOG(ssl, where, ret);
1597 JNI_TRACE("ssl=%p info_callback ignored", ssl);
1601 AppData* appData = toAppData(ssl);
1605 JNI_TRACE("ssl=%p info_callback env error", ssl);
1609 JNI_TRACE("ssl=%p info_callback already pending exception", ssl);
1618 JNI_TRACE("ssl=%p info_callback calling handshakeCompleted", ssl);
1622 JNI_TRACE("ssl=%p info_callback exception", ssl);
1624 JNI_TRACE("ssl=%p info_callback completed", ssl);
1630 static int client_cert_cb(SSL* ssl, X509** x509Out, EVP_PKEY** pkeyOut) {
1631 JNI_TRACE("ssl=%p client_cert_cb x509Out=%p pkeyOut=%p", ssl, x509Out, pkeyOut);
1633 AppData* appData = toAppData(ssl);
1637 JNI_TRACE("ssl=%p client_cert_cb env error => 0", ssl);
1641 JNI_TRACE("ssl=%p client_cert_cb already pending exception", ssl);
1655 switch (ssl->version) {
1663 ctype = ssl->s3->tmp.ctype;
1664 ctype_num = ssl->s3->tmp.ctype_num;
1665 issuers = getPrincipalBytes(env, ssl->s3->tmp.ca_names);
1670 JNI_TRACE("ssl=%p clientCertificateRequested keyTypes[%d]=%d", ssl, i, ctype[i]);
1676 JNI_TRACE("ssl=%p client_cert_cb bytes == null => 0", ssl);
1681 JNI_TRACE("ssl=%p clientCertificateRequested calling clientCertificateRequested "
1682 "keyTypes=%p issuers=%p", ssl, keyTypes, issuers);
1686 JNI_TRACE("ssl=%p client_cert_cb exception => 0", ssl);
1691 X509* certificate = SSL_get_certificate(ssl);
1692 EVP_PKEY* privatekey = SSL_get_privatekey(ssl);
1703 JNI_TRACE("ssl=%p client_cert_cb => *x509=%p *pkey=%p %d", ssl, *x509Out, *pkeyOut, result);
1730 static RSA* tmp_rsa_callback(SSL* ssl __attribute__ ((unused)),
1733 JNI_TRACE("ssl=%p tmp_rsa_callback is_export=%d keylength=%d", ssl, is_export, keylength);
1735 AppData* appData = toAppData(ssl);
1737 JNI_TRACE("ssl=%p tmp_rsa_callback generating ephemeral RSA key", ssl);
1740 JNI_TRACE("ssl=%p tmp_rsa_callback => %p", ssl, appData->ephemeralRsa.get());
1747 * The SSL_CTX_set_tmp_dh_callback(3SSL) man page discusses two
1779 static DH* tmp_dh_callback(SSL* ssl __attribute__ ((unused)),
1782 JNI_TRACE("ssl=%p tmp_dh_callback is_export=%d keylength=%d", ssl, is_export, keylength);
1784 JNI_TRACE("ssl=%p tmp_dh_callback => %p", ssl, tmp_dh);
1819 #if defined(SSL_MODE_SMALL_BUFFERS) /* not all SSL versions have this */
1823 #if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH) /* not all SSL versions have this */
1866 Unique_SSL ssl(SSL_new(ssl_ctx));
1867 if (ssl.get() == NULL) {
1869 "Unable to create SSL structure");
1878 * checked after the TLS/SSL handshake using the SSL_get_verify_result(3)
1882 SSL_set_verify(ssl.get(), SSL_VERIFY_NONE, NULL);
1884 JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_new => ssl=%p", ssl_ctx, ssl.get());
1885 return (jint) ssl.release();
1891 SSL* ssl = to_SSL(env, ssl_address, true);
1892 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_PrivateKey privatekey=%p", ssl, privatekey);
1893 if (ssl == NULL) {
1899 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_PrivateKey => threw exception", ssl);
1906 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE,
1908 SSL_clear(ssl);
1909 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_PrivateKey => error from DER to PKCS8", ssl);
1916 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE,
1918 SSL_clear(ssl);
1919 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_PrivateKey => error from PKCS8 to key", ssl);
1923 int ret = SSL_use_PrivateKey(ssl, privatekeyevp.get());
1928 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error setting private key");
1929 SSL_clear(ssl);
1930 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_PrivateKey => error", ssl);
1934 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_PrivateKey => ok", ssl);
1940 SSL* ssl = to_SSL(env, ssl_address, true);
1941 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate certificates=%p", ssl, certificates);
1942 if (ssl == NULL) {
1948 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => certificates == null", ssl);
1955 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => certificates.length == 0", ssl);
1965 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => certificates element null", ssl);
1971 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => threw exception", ssl);
1979 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error parsing certificate");
1980 SSL_clear(ssl);
1981 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => certificates parsing error", ssl);
1986 int ret = SSL_use_certificate(ssl, certificatesX509[0].get());
1991 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error setting certificate");
1992 SSL_clear(ssl);
1993 JNI_TRACE("sslssl);
2000 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => chain allocation error", ssl);
2006 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => certificate push error", ssl);
2010 int chainResult = SSL_use_certificate_chain(ssl, chain.get());
2012 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error setting certificate chain");
2013 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => SSL_use_certificate_chain error",
2014 ssl);
2020 JNI_TRACE("ssl=%p NativeCrypto_SSL_use_certificate => ok", ssl);
2025 SSL* ssl = to_SSL(env, ssl_address, true);
2026 JNI_TRACE("ssl=%p NativeCrypto_SSL_check_private_key", ssl);
2027 if (ssl == NULL) {
2030 int ret = SSL_check_private_key(ssl);
2032 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error checking private key");
2033 SSL_clear(ssl);
2034 JNI_TRACE("ssl=%p NativeCrypto_SSL_check_private_key => error", ssl);
2037 JNI_TRACE("ssl=%p NativeCrypto_SSL_check_private_key => ok", ssl);
2043 SSL* ssl = to_SSL(env, ssl_address, true);
2044 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list principals=%p", ssl, principals);
2045 if (ssl == NULL) {
2051 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principals == null", ssl);
2058 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principals.length == 0", ssl);
2065 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => stack allocation error", ssl);
2073 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principals element null", ssl);
2079 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => threw exception", ssl);
2087 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error parsing principal");
2088 SSL_clear(ssl);
2089 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principals parsing error",
2090 ssl);
2096 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principal push error", ssl);
2101 SSL_set_client_CA_list(ssl, principalsStack.release());
2102 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => ok", ssl);
2106 * public static native long SSL_get_mode(int ssl);
2109 SSL* ssl = to_SSL(env, ssl_address, true);
2110 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_mode", ssl);
2111 if (ssl == NULL) {
2114 long mode = SSL_get_mode(ssl);
2115 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_mode => 0x%lx", ssl, mode);
2120 * public static native long SSL_set_mode(int ssl, long mode);
2124 SSL* ssl = to_SSL(env, ssl_address, true);
2125 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_mode mode=0x%llx", ssl, mode);
2126 if (ssl == NULL) {
2129 long result = SSL_set_mode(ssl, mode);
2130 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_mode => 0x%lx", ssl, result);
2135 * public static native long SSL_clear_mode(int ssl, long mode);
2139 SSL* ssl = to_SSL(env, ssl_address, true);
2140 JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_mode mode=0x%llx", ssl, mode);
2141 if (ssl == NULL) {
2144 long result = SSL_clear_mode(ssl, mode);
2145 JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_mode => 0x%lx", ssl, result);
2150 * public static native long SSL_get_options(int ssl);
2154 SSL* ssl = to_SSL(env, ssl_address, true);
2155 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_options", ssl);
2156 if (ssl == NULL) {
2159 long options = SSL_get_options(ssl);
2160 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_options => 0x%lx", ssl, options);
2165 * public static native long SSL_set_options(int ssl, long options);
2169 SSL* ssl = to_SSL(env, ssl_address, true);
2170 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_options options=0x%llx", ssl, options);
2171 if (ssl == NULL) {
2174 long result = SSL_set_options(ssl, options);
2175 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_options => 0x%lx", ssl, result);
2180 * public static native long SSL_clear_options(int ssl, long options);
2184 SSL* ssl = to_SSL(env, ssl_address, true);
2185 JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_options options=0x%llx", ssl, options);
2186 if (ssl == NULL) {
2189 long result = SSL_clear_options(ssl, options);
2190 JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_options => 0x%lx", ssl, result);
2195 * Sets the ciphers suites that are enabled in the SSL
2200 SSL* ssl = to_SSL(env, ssl_address, true);
2201 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuites=%p", ssl, cipherSuites);
2202 if (ssl == NULL) {
2216 const SSL_METHOD* ssl_method = ssl->method;
2220 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists length=%d", ssl, length);
2228 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuite=%s", ssl, c.c_str());
2236 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists => cipher push error", ssl);
2249 int rc = SSL_set_cipher_lists(ssl, cipherstack.get());
2265 SSL* ssl = to_SSL(env, ssl_address, true);
2266 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_verify mode=%x", ssl, mode);
2267 if (ssl == NULL) {
2270 SSL_set_verify(ssl, (int)mode, NULL);
2274 * Sets the ciphers suites that are enabled in the SSL
2279 SSL* ssl = to_SSL(env, ssl_address, true);
2281 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_session ssl_session=%p", ssl, ssl_session);
2282 if (ssl == NULL) {
2286 int ret = SSL_set_session(ssl, ssl_session);
2292 int sslErrorCode = SSL_get_error(ssl, ret);
2294 throwSSLExceptionWithSslErrors(env, ssl, sslErrorCode, "SSL session set");
2295 SSL_clear(ssl);
2301 * Sets the ciphers suites that are enabled in the SSL
2306 SSL* ssl = to_SSL(env, ssl_address, true);
2307 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_session_creation_enabled creation_enabled=%d",
2308 ssl, creation_enabled);
2309 if (ssl == NULL) {
2312 SSL_set_session_creation_enabled(ssl, creation_enabled);
2318 SSL* ssl = to_SSL(env, ssl_address, true);
2319 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_tlsext_host_name hostname=%p",
2320 ssl, hostname);
2321 if (ssl == NULL) {
2331 int ret = SSL_set_tlsext_host_name(ssl, hostnameChars.c_str());
2333 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE, "Error setting host name");
2334 SSL_clear(ssl);
2335 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_tlsext_host_name => error", ssl);
2338 JNI_TRACE("ssl=%p NativeCrypto_SSL_set_tlsext_host_name => ok", ssl);
2342 SSL* ssl = to_SSL(env, ssl_address, true);
2343 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_servername", ssl);
2344 if (ssl == NULL) {
2347 const char* servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
2348 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_servername => %s", ssl, servername);
2353 * Perform SSL handshake
2358 SSL* ssl = to_SSL(env, ssl_address, true);
2359 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake fd=%p shc=%p timeout=%d client_mode=%d",
2360 ssl, fdObject, shc, timeout, client_mode);
2361 if (ssl == NULL) {
2366 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2371 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2378 SSL_clear(ssl);
2379 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2383 int ret = SSL_set_fd(ssl, fd.get());
2384 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake s=%d", ssl, fd.get());
2387 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE,
2389 SSL_clear(ssl);
2390 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2400 SSL_clear(ssl);
2401 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2411 SSL_clear(ssl);
2412 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2415 SSL_set_app_data(ssl, reinterpret_cast<char*>(appData));
2416 JNI_TRACE("ssl=%p AppData::create => %p", ssl, appData);
2419 SSL_set_connect_state(ssl);
2421 SSL_set_accept_state(ssl);
2430 SSL_clear(ssl);
2431 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2434 ret = SSL_do_handshake(ssl);
2438 SSL_clear(ssl);
2439 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2451 int sslError = SSL_get_error(ssl, ret);
2452 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake ret=%d errno=%d sslError=%d timeout=%d",
2453 ssl, ret, errno, sslError, timeout);
2469 SSL_clear(ssl);
2470 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2474 throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_SYSCALL, "handshake error");
2475 SSL_clear(ssl);
2476 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2480 throwSocketTimeoutException(env, "SSL handshake timed out");
2481 SSL_clear(ssl);
2483 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2492 // clean error. See SSL_do_handshake(3SSL) man page.
2499 int sslError = SSL_get_error(ssl, ret);
2503 throwSSLExceptionWithSslErrors(env, ssl, sslError, "SSL handshake terminated");
2505 SSL_clear(ssl);
2506 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2510 // unclean error. See SSL_do_handshake(3SSL) man page.
2516 int sslError = SSL_get_error(ssl, ret);
2517 throwSSLExceptionWithSslErrors(env, ssl, sslError, "SSL handshake aborted");
2518 SSL_clear(ssl);
2519 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => 0", ssl);
2522 SSL_SESSION* ssl_session = SSL_get1_session(ssl);
2523 JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake => ssl_session=%p", ssl, ssl_session);
2528 * Perform SSL renegotiation
2532 SSL* ssl = to_SSL(env, ssl_address, true);
2533 JNI_TRACE("ssl=%p NativeCrypto_SSL_renegotiate", ssl);
2534 if (ssl == NULL) {
2537 int result = SSL_renegotiate(ssl);
2542 int ret = SSL_do_handshake(ssl);
2544 int sslError = SSL_get_error(ssl, ret);
2545 throwSSLExceptionWithSslErrors(env, ssl, sslError,
2550 JNI_TRACE("ssl=%p NativeCrypto_SSL_renegotiate =>", ssl);
2554 * public static native byte[][] SSL_get_certificate(int ssl);
2558 SSL* ssl = to_SSL(env, ssl_address, true);
2559 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_certificate", ssl);
2560 if (ssl == NULL) {
2563 X509* certificate = SSL_get_certificate(ssl);
2565 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_certificate => NULL", ssl);
2572 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_certificate => threw exception", ssl);
2577 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_certificate => NULL", ssl);
2580 STACK_OF(X509)* cert_chain = SSL_get_certificate_chain(ssl, certificate);
2584 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_certificate => NULL", ssl);
2590 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_certificate => %p", ssl, objectArray);
2597 SSL* ssl = to_SSL(env, ssl_address, true);
2598 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_peer_cert_chain", ssl);
2599 if (ssl == NULL) {
2602 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl);
2604 if (ssl->server) {
2605 X509* x509 = SSL_get_peer_certificate(ssl);
2607 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_peer_cert_chain => NULL", ssl);
2613 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_peer_cert_chain => certificate dup error", ssl);
2618 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_peer_cert_chain => certificate push error", ssl);
2624 JNI_TRACE("ssl=%p NativeCrypto_SSL_get_peer_cert_chain => %p", ssl, objectArray);
2632 * @param ssl non-null; the SSL context
2635 * @param sslReturnCode original SSL return code
2636 * @param sslErrorCode filled in with the SSL error code in case of error
2640 static int sslRead(JNIEnv* env, SSL* ssl, jobject fdObject, jobject shc, char* buf, jint len,
2650 BIO* bio = SSL_get_rbio(ssl);
2652 AppData* appData = toAppData(ssl);
2671 int result = SSL_read(ssl, buf, len);
2675 sslError = SSL_get_error(ssl, result);
2762 SSL* ssl = to_SSL(env, ssl_address, true);
2763 JNI_TRACE("ssl=%p NativeCrypto_SSL_read_byte fd=%p shc=%p timeout=%d",
2764 ssl, fdObject, shc, timeout);
2765 if (ssl == NULL) {
2770 JNI_TRACE("ssl=%p NativeCrypto_SSL_read_byte => 0", ssl);
2775 JNI_TRACE("ssl=%p NativeCrypto_SSL_read_byte => 0", ssl);
2783 int ret = sslRead(env, ssl, fdObject, shc, reinterpret_cast<char*>(&byteRead), 1,
2790 throwSSLExceptionWithSslErrors(env, ssl, sslErrorCode, "Read error");
2810 JNI_TRACE("ssl=%p NativeCrypto_SSL_read_byte => %d", ssl, result);
2821 SSL* ssl = to_SSL(env, ssl_address, true);
2822 JNI_TRACE("ssl=%p NativeCrypto_SSL_read fd=%p shc=%p b=%p offset=%d len=%d timeout=%d",
2823 ssl, fdObject, shc, b, offset, len, timeout);
2824 if (ssl == NULL) {
2829 JNI_TRACE("ssl=%p NativeCrypto_SSL_read => fd == null", ssl);
2834 JNI_TRACE("ssl=%p NativeCrypto_SSL_read => sslHandshakeCallbacks == null", ssl);
2840 JNI_TRACE("ssl=%p NativeCrypto_SSL_read => threw exception", ssl);
2846 int ret = sslRead(env, ssl, fdObject, shc, reinterpret_cast<char*>(bytes.get() + offset), len,
2853 throwSSLExceptionWithSslErrors(env, ssl, sslErrorCode, "Read error");
2869 JNI_TRACE("ssl=%p NativeCrypto_SSL_read => %d", ssl, result);
2877 * @param ssl non-null; the SSL context
2880 * @param sslReturnCode original SSL return code
2881 * @param sslErrorCode filled in with the SSL error code in case of error
2885 static int sslWrite(JNIEnv* env, SSL* ssl, jobject fdObject, jobject shc, const char* buf, jint len,
2895 BIO* bio = SSL_get_wbio(ssl);
2897 AppData* appData = toAppData(ssl);
2918 int result = SSL_write(ssl, buf, len);
2922 sslError = SSL_get_error(ssl, result);
3014 SSL* ssl = to_SSL(env, ssl_address, true);
3015 JNI_TRACE("ssl=%p NativeCrypto_SSL_write_byte fd=%p shc=%p b=%d", ssl, fdObject, shc, b);
3016 if (ssl == NULL) {
3021 JNI_TRACE("ssl=%p NativeCrypto_SSL_write_byte => fd == null", ssl);
3026 JNI_TRACE("ssl=%p NativeCrypto_SSL_write_byte => sslHandshakeCallbacks == null", ssl);
3033 int ret = sslWrite(env, ssl, fdObject, shc, buf, 1, &returnCode, &sslErrorCode);
3038 throwSSLExceptionWithSslErrors(env, ssl, sslErrorCode, "Write error");
3057 SSL* ssl = to_SSL(env, ssl_address, true);
3058 JNI_TRACE("ssl=%p NativeCrypto_SSL_write fd=%p shc=%p b=%p offset=%d len=%d",
3059 ssl, fdObject, shc, b, offset, len);
3060 if (ssl == NULL) {
3065 JNI_TRACE("ssl=%p NativeCrypto_SSL_write => fd == null", ssl);
3070 JNI_TRACE("ssl=%p NativeCrypto_SSL_write => sslHandshakeCallbacks == null", ssl);
3076 JNI_TRACE("ssl=%p NativeCrypto_SSL_write => threw exception", ssl);
3081 int ret = sslWrite(env, ssl, fdObject, shc, reinterpret_cast<const char*>(bytes.get() + offset),
3087 throwSSLExceptionWithSslErrors(env, ssl, sslErrorCode, "Write error");
3105 SSL* ssl = to_SSL(env, ssl_address, false);
3106 JNI_TRACE("ssl=%p NativeCrypto_SSL_interrupt", ssl);
3107 if (ssl == NULL) {
3115 AppData* appData = toAppData(ssl);
3126 * OpenSSL close SSL socket function.
3130 SSL* ssl = to_SSL(env, ssl_address, false);
3131 JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown fd=%p shc=%p", ssl, fdObject, shc);
3132 if (ssl == NULL) {
3137 JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown => fd == null", ssl);
3142 JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown => sslHandshakeCallbacks == null", ssl);
3146 AppData* appData = toAppData(ssl);
3150 SSL_clear(ssl);
3158 int fd = SSL_get_fd(ssl);
3159 JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown s=%d", ssl, fd);
3164 int ret = SSL_shutdown(ssl);
3188 int sslError = SSL_get_error(ssl, ret);
3189 throwSSLExceptionWithSslErrors(env, ssl, sslError, "SSL shutdown failed");
3195 SSL_clear(ssl);
3200 * public static native void SSL_free(int ssl);
3204 SSL* ssl = to_SSL(env, ssl_address, true);
3205 JNI_TRACE("ssl=%p NativeCrypto_SSL_free", ssl);
3206 if (ssl == NULL) {
3210 AppData* appData = toAppData(ssl);
3211 SSL_set_app_data(ssl, NULL);
3213 SSL_free(ssl);
3217 * Gets and returns in a byte array the ID of the actual SSL session.
3238 * actual SSL session.
3264 * Gets and returns in a string the version of the SSL protocol. If it
3279 * Gets and returns in a string the cipher negotiated for the SSL session.
3294 * Gets and returns in a string the compression method negotiated for the SSL session.
3331 * Frees the SSL session.
