org.apache.tomcat.jni

Class SSLSocket

public class SSLSocket extends Object

SSL Socket

Version: $Revision: 832222 $, $Date: 2009-11-03 01:28:22 +0100 (Tue, 03 Nov 2009) $

Author: Mladen Turk

Method Summary
static intattach(long ctx, long sock)
Attach APR socket on a SSL connection.
static byte[]getInfoB(long sock, int id)
Return SSL Info parameter as byte array.
static intgetInfoI(long sock, int id)
Return SSL Info parameter as integer.
static StringgetInfoS(long sock, int id)
Return SSL Info parameter as String.
static inthandshake(long thesocket)
Do a SSL handshake.
static intrenegotiate(long thesocket)
Do a SSL renegotiation.
static voidsetVerify(long sock, int level, int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.

Method Detail

attach

public static int attach(long ctx, long sock)
Attach APR socket on a SSL connection.

Parameters: ctx SSLContext to use. sock APR Socket that already did physical connect or accept.

Returns: APR_STATUS code.

getInfoB

public static byte[] getInfoB(long sock, int id)
Return SSL Info parameter as byte array.

Parameters: sock The socket to read the data from. id Parameter id.

Returns: Byte array containing info id value.

getInfoI

public static int getInfoI(long sock, int id)
Return SSL Info parameter as integer.

Parameters: sock The socket to read the data from. id Parameter id.

Returns: Integer containing info id value or -1 on error.

getInfoS

public static String getInfoS(long sock, int id)
Return SSL Info parameter as String.

Parameters: sock The socket to read the data from. id Parameter id.

Returns: String containing info id value.

handshake

public static int handshake(long thesocket)
Do a SSL handshake.

Parameters: thesocket The socket to use

renegotiate

public static int renegotiate(long thesocket)
Do a SSL renegotiation. SSL supports per-directory re-configuration of SSL parameters. This is implemented by performing an SSL renegotiation of the re-configured parameters after the request is read, but before the response is sent. In more detail: the renegotiation happens after the request line and MIME headers were read, but _before_ the attached request body is read. The reason simply is that in the HTTP protocol usually there is no acknowledgment step between the headers and the body (there is the 100-continue feature and the chunking facility only), so Apache has no API hook for this step.

Parameters: thesocket The socket to use

setVerify

public static void setVerify(long sock, int level, int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
This is used to change the verification level for a connection prior to starting a re-negotiation.
The following levels are available for level:
 SSL_CVERIFY_NONE           - No client Certificate is required at all
 SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
 SSL_CVERIFY_REQUIRE        - The client has to present a valid
                              Certificate
 SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                              but it need not to be (successfully)
                              verifiable
 

Parameters: sock The socket to change. level Type of Client Certificate verification.

Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.