rpms/jss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Support ECC POP on the server (#224688)

Browse Source 
- Server Sockets are hard coded to IPV4 (#469456)
- Set NSS dependency >= 3.12.3.99
This commit is contained in:
rcritten 2009-07-31 14:03:14 +00:00
parent 4eddd94b46
commit 4a26fbad6c
3 changed files with 664 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
jss-ECC-pop.patch Normal file
View File

@ -0,0 +1,29 @@
diff -rupN jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java 2004-04-25 08:02:26.000000000 -0700
+++ jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java 2009-07-27 13:38:38.197422000 -0700
@@ -130,6 +130,16 @@ public class CertReqMsg implements ASN1V
///////////////////////////////////////////////////////////////////////
public void verify() throws SignatureException,
+ InvalidKeyFormatException, NoSuchAlgorithmException,
+ org.mozilla.jss.CryptoManager.NotInitializedException,
+ TokenException, java.security.InvalidKeyException, IOException{
+
+ CryptoToken token = CryptoManager.getInstance()
+ .getInternalCryptoToken();
+ verify(token);
+ }
+
+ public void verify(CryptoToken token) throws SignatureException,
InvalidKeyFormatException, NoSuchAlgorithmException,
org.mozilla.jss.CryptoManager.NotInitializedException,
TokenException, java.security.InvalidKeyException, IOException{
@@ -149,8 +159,6 @@ public class CertReqMsg implements ASN1V
pubkey = (PublicKey) spi.toPublicKey();
}
- CryptoToken token = CryptoManager.getInstance()
- .getInternalCryptoToken();
SignatureAlgorithm sigAlg =
SignatureAlgorithm.fromOID(alg.getOID());
Signature sig = token.getSignatureContext(sigAlg);

623
jss-ipv6.patch Normal file
View File

@ -0,0 +1,623 @@
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def jss-4.2.6/mozilla/security/jss/lib/jss.def
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def 2009-06-24 17:08:59.784371000 -0700
+++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-06-19 17:56:00.000000000 -0700
@@ -175,6 +175,7 @@ Java_org_mozilla_jss_ssl_SSLServerSocket
Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake;
Java_org_mozilla_jss_ssl_SSLSocket_getKeepAlive;
Java_org_mozilla_jss_ssl_SSLSocket_getLocalAddressNative;
+Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative;
Java_org_mozilla_jss_ssl_SSLSocket_getPort;
Java_org_mozilla_jss_ssl_SSLSocket_getReceiveBufferSize;
Java_org_mozilla_jss_ssl_SSLSocket_getSendBufferSize;
@@ -199,6 +200,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
Java_org_mozilla_jss_ssl_SSLSocket_socketWrite;
Java_org_mozilla_jss_ssl_SocketBase_getLocalPortNative;
Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative;
+Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative;
Java_org_mozilla_jss_ssl_SocketBase_setClientCertNicknameNative;
Java_org_mozilla_jss_ssl_SocketBase_requestClientAuthNoExpiryCheckNative;
Java_org_mozilla_jss_ssl_SocketBase_setSSLOption;
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java 2007-03-20 15:39:28.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java 2009-06-24 13:46:49.000000000 -0700
@@ -36,7 +36,8 @@
package org.mozilla.jss.ssl;
-import java.net.InetAddress;
+import java.util.*;
+import java.net.*;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketException;
@@ -138,34 +139,34 @@ public class SSLServerSocket extends jav
super.close();
// create the socket
+
+ int socketFamily = SocketBase.SSL_AF_INET;
+ if(SocketBase.supportsIPV6()) {
+ socketFamily = SocketBase.SSL_AF_INET6;
+ }
+
sockProxy = new SocketProxy(
- base.socketCreate(this, certApprovalCallback, null) );
+ base.socketCreate(this, certApprovalCallback, null,socketFamily) );
base.setProxy(sockProxy);
setReuseAddress(reuseAddr);
- // bind it to the local address and port
- if( bindAddr == null ) {
- bindAddr = anyLocalAddr;
- }
byte[] bindAddrBA = null;
if( bindAddr != null ) {
bindAddrBA = bindAddr.getAddress();
}
base.socketBind(bindAddrBA, port);
+
+ String hostName = null;
+ if(bindAddr != null) {
+ hostName = bindAddr.getCanonicalHostName();
+ }
socketListen(backlog);
}
private native void socketListen(int backlog) throws SocketException;
- private static InetAddress anyLocalAddr;
- static {
- try {
- anyLocalAddr = InetAddress.getByName("0.0.0.0");
- } catch (java.net.UnknownHostException e) { }
- }
-
/**
* Accepts a connection. This call will block until a connection is made
* or the timeout is reached.
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2007-05-08 18:40:14.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2009-06-24 13:27:15.000000000 -0700
@@ -460,10 +460,15 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
JSSL_SocketData *sock;
PRNetAddr addr;
jbyte *addrBAelems = NULL;
+ int addrBALen = 0;
PRStatus status;
int stat;
const char *hostnameStr=NULL;
+ jmethodID supportsIPV6ID;
+ jclass socketBaseClass;
+ jboolean supportsIPV6 = 0;
+
if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
/* exception was thrown */
goto finish;
@@ -472,16 +477,32 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
/*
* setup the PRNetAddr structure
*/
- addr.inet.family = AF_INET;
- addr.inet.port = htons(port);
- PR_ASSERT(sizeof(addr.inet.ip) == 4);
- PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
+
+ socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
+ if( socketBaseClass == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+ supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
+ SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
+
+ if( supportsIPV6ID == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+
+ supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
+ supportsIPV6ID);
+
addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
+ addrBALen = (*env)->GetArrayLength(env, addrBA);
+
+ PR_ASSERT(addrBALen != 0);
+
if( addrBAelems == NULL ) {
ASSERT_OUTOFMEM(env);
goto finish;
}
- memcpy(&addr.inet.ip, addrBAelems, 4);
/*
* Tell SSL the URL we think we want to connect to.
@@ -495,6 +516,38 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
goto finish;
}
+ if( addrBAelems == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+
+ if(addrBALen != 4 && addrBALen != 16) {
+ JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+ goto finish;
+ }
+
+ if( addrBALen == 4) {
+ addr.inet.family = AF_INET;
+ addr.inet.port = PR_htons(port);
+ memcpy(&addr.inet.ip, addrBAelems, 4);
+
+ if(supportsIPV6) {
+ addr.ipv6.family = AF_INET6;
+ addr.ipv6.port = PR_htons(port);
+ PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
+ }
+
+ } else { /* Must be 16 and ipv6 */
+ if(supportsIPV6) {
+ addr.ipv6.family = AF_INET6;
+ addr.ipv6.port = PR_htons(port);
+ memcpy(&addr.ipv6.ip,addrBAelems, 16);
+ } else {
+ JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+ goto finish;
+ }
+ }
+
/*
* make the connect call
*/
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java 2007-05-08 18:40:14.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java 2009-06-24 13:45:59.000000000 -0700
@@ -243,11 +243,16 @@ public class SSLSocket extends java.net.
SSLClientCertificateSelectionCallback clientCertSelectionCallback)
throws IOException
{
+
+ int socketFamily = SocketBase.SSL_AF_INET;
+ if(SocketBase.supportsIPV6()) {
+ socketFamily = SocketBase.SSL_AF_INET6;
+ }
// create the socket
sockProxy =
new SocketProxy(
base.socketCreate(
- this, certApprovalCallback, clientCertSelectionCallback) );
+ this, certApprovalCallback, clientCertSelectionCallback,socketFamily) );
base.setProxy(sockProxy);
@@ -288,7 +293,7 @@ public class SSLSocket extends java.net.
new SocketProxy(
base.socketCreate(
this, certApprovalCallback, clientCertSelectionCallback,
- s, host ) );
+ s, host,SocketBase.SSL_AF_INET ) );
base.setProxy(sockProxy);
resetHandshake();
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java 2007-03-20 15:39:28.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java 2009-06-24 13:50:32.000000000 -0700
@@ -70,16 +70,16 @@ class SocketBase {
native byte[] socketCreate(Object socketObject,
SSLCertificateApprovalCallback certApprovalCallback,
SSLClientCertificateSelectionCallback clientCertSelectionCallback,
- java.net.Socket javaSock, String host)
+ java.net.Socket javaSock, String host,int family)
throws SocketException;
byte[] socketCreate(Object socketObject,
SSLCertificateApprovalCallback certApprovalCallback,
- SSLClientCertificateSelectionCallback clientCertSelectionCallback)
+ SSLClientCertificateSelectionCallback clientCertSelectionCallback,int family)
throws SocketException
{
return socketCreate(socketObject, certApprovalCallback,
- clientCertSelectionCallback, null, null);
+ clientCertSelectionCallback, null, null,family);
}
native void socketBind(byte[] addrBA, int port) throws SocketException;
@@ -115,6 +115,10 @@ class SocketBase {
static final int SSL_REQUIRE_FIRST_HANDSHAKE = 20;
static final int SSL_REQUIRE_NO_ERROR = 21;
+
+ static final int SSL_AF_INET = 50;
+ static final int SSL_AF_INET6 = 51;
+
void close() throws IOException {
socketClose();
}
@@ -281,13 +285,25 @@ class SocketBase {
return in;
}
+ private native byte[] getLocalAddressByteArrayNative() throws SocketException;
+ private native byte[] getPeerAddressByteArrayNative() throws SocketException;
/**
* @return the InetAddress of the peer end of the socket.
*/
InetAddress getInetAddress()
{
try {
- return convertIntToInetAddress( getPeerAddressNative() );
+ byte[] address = getPeerAddressByteArrayNative();
+
+ InetAddress iAddr = null;
+
+ try {
+
+ iAddr = InetAddress.getByAddress(address);
+ } catch(UnknownHostException e) {
+ }
+
+ return iAddr;
} catch(SocketException e) {
return null;
}
@@ -299,7 +315,17 @@ class SocketBase {
*/
InetAddress getLocalAddress() {
try {
- return convertIntToInetAddress( getLocalAddressNative() );
+ byte[] address = getLocalAddressByteArrayNative();
+
+ InetAddress lAddr = null;
+
+ try {
+
+ lAddr = InetAddress.getByAddress(address);
+ } catch(UnknownHostException e) {
+ }
+
+ return lAddr;
} catch(SocketException e) {
return null;
}
@@ -378,4 +404,45 @@ class SocketBase {
return topException;
}
}
+
+ static private int supportsIPV6 = -1;
+ static boolean supportsIPV6() {
+
+ if(supportsIPV6 >= 0) {
+ if(supportsIPV6 > 0) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ Enumeration netInter;
+ try {
+ netInter = NetworkInterface.getNetworkInterfaces();
+ } catch (SocketException e) {
+
+ return false;
+ }
+ while ( netInter.hasMoreElements() )
+ {
+ NetworkInterface ni = (NetworkInterface)netInter.nextElement();
+ Enumeration addrs = ni.getInetAddresses();
+ while ( addrs.hasMoreElements() )
+ {
+ Object o = addrs.nextElement();
+ if ( o.getClass() == InetAddress.class ||
+ o.getClass() == Inet4Address.class ||
+ o.getClass() == Inet6Address.class )
+ {
+ InetAddress iaddr = (InetAddress) o;
+ if(o.getClass() == Inet6Address.class) {
+ supportsIPV6 = 1;
+ return true;
+ }
+ }
+ }
+ }
+ supportsIPV6 = 0;
+ return false;
+ }
}
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c 2007-04-24 11:34:58.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c 2009-06-24 14:22:02.000000000 -0700
@@ -33,7 +33,6 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-
#include <nspr.h>
#include <jni.h>
#include <pk11func.h>
@@ -51,6 +50,9 @@
#include <winsock.h>
#endif
+#define SSL_AF_INET 50
+#define SSL_AF_INET6 51
+
void
JSSL_throwSSLSocketException(JNIEnv *env, char *message)
{
@@ -142,7 +144,7 @@ finish:
JNIEXPORT jbyteArray JNICALL
Java_org_mozilla_jss_ssl_SocketBase_socketCreate(JNIEnv *env, jobject self,
jobject sockObj, jobject certApprovalCallback,
- jobject clientCertSelectionCallback, jobject javaSock, jstring host)
+ jobject clientCertSelectionCallback, jobject javaSock, jstring host,jint family)
{
jbyteArray sdArray = NULL;
JSSL_SocketData *sockdata = NULL;
@@ -150,10 +152,21 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
PRFileDesc *newFD;
PRFileDesc *tmpFD;
PRFilePrivate *priv = NULL;
+ int socketFamily = 0;
+
+ if (family != SSL_AF_INET6 && family != SSL_AF_INET) {
+ JSSL_throwSSLSocketException(env,
+ "socketCreate() Invalid family!");
+ goto finish;
+ }
+ if( family == SSL_AF_INET)
+ socketFamily = PR_AF_INET;
+ else
+ socketFamily = PR_AF_INET6;
if( javaSock == NULL ) {
/* create a TCP socket */
- newFD = PR_NewTCPSocket();
+ newFD = PR_OpenTCPSocket(socketFamily);
if( newFD == NULL ) {
JSSL_throwSSLSocketException(env,
"PR_NewTCPSocket() returned NULL");
@@ -394,10 +407,10 @@ PRInt32 JSSL_enums[] = {
SSL_REQUIRE_ALWAYS, /* 19 */ /* ssl.h */
SSL_REQUIRE_FIRST_HANDSHAKE,/* 20 */ /* ssl.h */
SSL_REQUIRE_NO_ERROR, /* 21 */ /* ssl.h */
-
0
};
+
JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SocketBase_socketBind
(JNIEnv *env, jobject self, jbyteArray addrBA, jint port)
@@ -405,8 +418,13 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
JSSL_SocketData *sock;
PRNetAddr addr;
jbyte *addrBAelems = NULL;
+ int addrBALen = 0;
PRStatus status;
+ jmethodID supportsIPV6ID;
+ jclass socketBaseClass;
+ jboolean supportsIPV6 = 0;
+
if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
/* exception was thrown */
goto finish;
@@ -415,19 +433,72 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
/*
* setup the PRNetAddr structure
*/
- addr.inet.family = AF_INET;
- addr.inet.port = htons(port);
+
+ /*
+ * Do we support IPV6?
+ */
+
+ socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
+ if( socketBaseClass == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+ supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
+ SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
+
+ if( supportsIPV6ID == NULL ) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+
+ supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
+ supportsIPV6ID);
+
+ memset( &addr, 0, sizeof( PRNetAddr ));
+
if( addrBA != NULL ) {
- PR_ASSERT(sizeof(addr.inet.ip) == 4);
- PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
+ addrBALen = (*env)->GetArrayLength(env, addrBA);
+
if( addrBAelems == NULL ) {
ASSERT_OUTOFMEM(env);
goto finish;
}
- memcpy(&addr.inet.ip, addrBAelems, 4);
+
+ if(addrBALen != 4 && addrBALen != 16) {
+ JSS_throwMsgPrErr(env, BIND_EXCEPTION,
+ "Invalid address in bind!");
+ goto finish;
+ }
+
+ if( addrBALen == 4) {
+ addr.inet.family = PR_AF_INET;
+ addr.inet.port = PR_htons(port);
+ memcpy(&addr.inet.ip, addrBAelems, 4);
+
+ if(supportsIPV6) {
+ addr.inet.family = PR_AF_INET6;
+ addr.ipv6.port = PR_htons(port);
+ PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
+ }
+
+ } else { /* Must be 16 and ipv6 */
+ if(supportsIPV6) {
+ addr.ipv6.family = PR_AF_INET6;
+ addr.ipv6.port = PR_htons(port);
+ memcpy(&addr.ipv6.ip,addrBAelems, 16);
+ } else {
+ JSS_throwMsgPrErr(env, BIND_EXCEPTION,
+ "Invalid address in bind!");
+ goto finish;
+ }
+ }
} else {
- addr.inet.ip = PR_htonl(INADDR_ANY);
+ if(supportsIPV6) {
+ status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr);
+ } else {
+ status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, port, &addr);
+ }
}
/* do the bind() call */
@@ -601,6 +672,78 @@ finish:
return status;
}
+JNIEXPORT jbyteArray JNICALL
+Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative
+ (JNIEnv *env, jobject self)
+{
+ jbyteArray byteArray=NULL;
+ PRNetAddr addr;
+ jbyte *address=NULL;
+ int size=4;
+
+ if( JSSL_getSockAddr(env, self, &addr, PEER_SOCK) != PR_SUCCESS) {
+ goto finish;
+ }
+
+ if( PR_NetAddrFamily(&addr) == PR_AF_INET6) {
+ size = 16;
+ address = (jbyte *) &addr.ipv6.ip;
+ } else {
+ address = (jbyte *) &addr.inet.ip;
+ }
+
+ byteArray = (*env)->NewByteArray(env,size);
+ if(byteArray == NULL) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+ (*env)->SetByteArrayRegion(env, byteArray, 0,size ,address);
+ if( (*env)->ExceptionOccurred(env) != NULL) {
+ PR_ASSERT(PR_FALSE);
+ goto finish;
+ }
+
+finish:
+ return byteArray;
+}
+
+JNIEXPORT jbyteArray JNICALL
+Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative
+ (JNIEnv *env, jobject self)
+{
+ jbyteArray byteArray=NULL;
+ PRNetAddr addr;
+ jbyte *address=NULL;
+ int size=4;
+
+ if( JSSL_getSockAddr(env, self, &addr, LOCAL_SOCK) != PR_SUCCESS) {
+ goto finish;
+ }
+
+ if( PR_NetAddrFamily(&addr) == PR_AF_INET6) {
+ size = 16;
+ address = (jbyte *) &addr.ipv6.ip;
+ } else {
+ address = (jbyte *) &addr.inet.ip;
+ }
+
+ byteArray = (*env)->NewByteArray(env,size);
+ if(byteArray == NULL) {
+ ASSERT_OUTOFMEM(env);
+ goto finish;
+ }
+ (*env)->SetByteArrayRegion(env, byteArray, 0,size,address);
+ if( (*env)->ExceptionOccurred(env) != NULL) {
+ PR_ASSERT(PR_FALSE);
+ goto finish;
+ }
+
+finish:
+ return byteArray;
+}
+
+/* Leave the original versions of these functions for compatibility */
+
JNIEXPORT jint JNICALL
Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative
(JNIEnv *env, jobject self)
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c 2007-04-24 11:34:58.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c 2009-06-24 13:43:13.000000000 -0700
@@ -290,6 +290,7 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
jobject inetAddress;
jbyteArray addrByteArray;
jint port;
+ int addrBALen = 0;
if( GET_ENV(fd->secret->javaVM, env) ) goto finish;
@@ -377,8 +378,9 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
memset(addr, 0, sizeof(PRNetAddr));
- /* we only handle IPV4 */
- PR_ASSERT( (*env)->GetArrayLength(env, addrByteArray) == 4 );
+ addrBALen = (*env)->GetArrayLength(env, addrByteArray);
+
+ PR_ASSERT( (addrBALen == 4) || (addrBALen == 16 ) );
/* make sure you release them later */
addrBytes = (*env)->GetByteArrayElements(env, addrByteArray, NULL);
@@ -388,9 +390,16 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
}
/* ip field is in network byte order */
- memcpy( (void*) &addr->inet.ip, addrBytes, 4);
- addr->inet.family = PR_AF_INET;
- addr->inet.port = port;
+
+ if (addrBALen == 4) {
+ memcpy( (void*) &addr->inet.ip, addrBytes, 4);
+ addr->inet.family = PR_AF_INET;
+ addr->inet.port = port;
+ } else {
+ memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
+ addr->inet.family = PR_AF_INET6;
+ addr->inet.port = port;
+ }
(*env)->ReleaseByteArrayElements(env, addrByteArray, addrBytes,
JNI_ABORT);
diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h 2006-02-22 17:21:52.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h 2009-06-19 17:56:00.000000000 -0700
@@ -312,6 +312,8 @@ PR_BEGIN_EXTERN_C
#define SOCKET_BASE_NAME "org/mozilla/jss/ssl/SocketBase"
#define PROCESS_EXCEPTIONS_NAME "processExceptions"
#define PROCESS_EXCEPTIONS_SIG "(Ljava/lang/Throwable;Ljava/lang/Throwable;)Ljava/lang/Throwable;"
+#define SUPPORTS_IPV6_NAME "supportsIPV6"
+#define SUPPORTS_IPV6_SIG "()Z"
/*
* SSLCertificateApprovalCallback

14
jss.spec
View File

@ -1,6 +1,6 @@
Name: jss
Version: 4.2.6
Release: 3%{?dist}
Release: 4%{?dist}
Summary: Java Security Services (JSS)
Group: System Environment/Libraries
@ -16,13 +16,16 @@ Source2: gpl.txt
Source3: lgpl.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nss-devel >= 3.12.0
BuildRequires: nss-devel >= 3.12.3.99
BuildRequires: nspr-devel >= 4.6.99
BuildRequires: java-devel
Requires: java
Requires: nss >= 3.12.3.99
Patch1: jss-key_pair_usage_with_op_flags.patch
Patch2: jss-javadocs-param.patch
Patch3: jss-ipv6.patch
Patch4: jss-ECC-pop.patch
%description
Java Security Services (JSS) is a java native interface which provides a bridge
@ -41,6 +44,8 @@ This package contains the API documentation for JSS.
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@ -136,6 +141,11 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Jul 31 2009 Rob Crittenden <rcritten@redhat.com> 4.2.6-4
- Support ECC POP on the server (#224688)
- Server Sockets are hard coded to IPV4 (#469456)
- Set NSS dependency >= 3.12.3.99
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild