Class SSLContext

java.lang.Object
org.apache.tomcat.jni.SSLContext

public final class SSLContext extends Object
  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static interface 
    Interface implemented by components that will receive the call back to select an OpenSSL SSLContext based on the host name requested by the client.
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final byte[]
     
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    static boolean
    addChainCertificateRaw(long ctx, byte[] cert)
    Add a certificate to the certificate chain.
    static boolean
    addClientCACertificateRaw(long ctx, byte[] cert)
    Add a CA certificate we accept as issuer for peer certs
    static void
    clearOptions(long ctx, int options)
    Clears OpenSSL Options.
    static int
    free(long ctx)
    Free the resources used by the Context
    static String[]
    getCiphers(long ctx)
    Returns all cipher suites that are enabled for negotiation in an SSL handshake.
    static int
    getOptions(long ctx)
    Get OpenSSL Option.
    static long
    Get the mode of the current used internal session cache.
    static long
    Get the size of the internal session cache.
    static long
    Get the timeout for the internal session cache in seconds.
    static long
    make(long pool, int protocol, int mode)
    Create a new SSL context.
    static void
    registerDefault(Long defaultSSLContext, SSLContext.SNICallBack sniCallBack)
    Deprecated.
    Unused.
    static long
    sessionAccept(long ctx)
     
    static long
     
    static long
     
    static long
    sessionCacheFull(long ctx)
     
    static long
    sessionCbHits(long ctx)
     
    static long
    sessionConnect(long ctx)
     
    static long
     
    static long
     
    static long
    sessionHits(long ctx)
     
    static long
    sessionMisses(long ctx)
     
    static long
    sessionNumber(long ctx)
     
    static long
    sessionTimeouts(long ctx)
     
    static int
    setALPN(long ctx, byte[] proto, int len)
    Deprecated.
    static void
    setAlpnProtos(long ctx, String[] alpnProtos, int selectorFailureBehavior)
    Set application layer protocol for application layer protocol negotiation extension
    static void
    setBIO(long ctx, long bio, int dir)
    Deprecated.
    Unused.
    static boolean
    setCACertificate(long ctx, String file, String path)
    Set File and Directory of concatenated PEM-encoded CA Certificates for Client Auth
    This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with.
    static boolean
    setCARevocation(long ctx, String file, String path)
    Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
    This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with.
    static boolean
    setCertificate(long ctx, String cert, String key, String password, int idx)
    Set Certificate
    Point setCertificateFile at a PEM encoded certificate.
    static boolean
    setCertificateChainFile(long ctx, String file, boolean skipfirst)
    Set File of PEM-encoded Server CA Certificates
    This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate.
    static boolean
    setCertificateRaw(long ctx, byte[] cert, byte[] key, int sslAidxRsa)
    Set CertificateRaw
    Use keystore a certificate and key to fill the BIOP
    static void
    Allow to hook CertificateVerifier into the handshake processing.
    static boolean
    setCipherSuite(long ctx, String ciphers)
    Cipher Suite available for negotiation in SSL handshake.
    static void
    setContextId(long ctx, String id)
    Deprecated.
    Unused.
    static void
    setNextProtos(long ctx, String nextProtos)
    static void
    setNpnProtos(long ctx, String[] nextProtos, int selectorFailureBehavior)
    Deprecated.
    Unused.
    static void
    setOptions(long ctx, int options)
    Set OpenSSL Option.
    static void
    setQuietShutdown(long ctx, boolean mode)
    Deprecated.
    Unused.
    static void
    setRandom(long ctx, String file)
    Deprecated.
    Unused.
    static long
    setSessionCacheMode(long ctx, long mode)
    Set the mode of the internal session cache and return the previous used mode.
    static long
    setSessionCacheSize(long ctx, long size)
    Set the size of the internal session cache.
    static long
    setSessionCacheTimeout(long ctx, long timeoutSeconds)
    Set the timeout for the internal session cache in seconds.
    static boolean
    setSessionIdContext(long ctx, byte[] sidCtx)
    Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html
    static void
    setSessionTicketKeys(long ctx, byte[] keys)
    Set TLS session keys.
    static void
    setShutdownType(long ctx, int type)
    Deprecated.
    Unused.
    static void
    setTmpDH(long ctx, String cert)
    Deprecated.
    Unused.
    static void
    setTmpECDHByCurveName(long ctx, String curveName)
    Deprecated.
    Unused.
    static void
    setVerify(long ctx, int level, int depth)
    Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
    static long
    sniCallBack(long currentCtx, String sniHostName)
    When tc-native encounters a SNI extension in the TLS handshake it will call this method to determine which OpenSSL SSLContext to use for the connection.
    static void
    unregisterDefault(Long defaultSSLContext)
    Deprecated.
    Unused.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • DEFAULT_SESSION_ID_CONTEXT

      public static final byte[] DEFAULT_SESSION_ID_CONTEXT
  • Constructor Details

    • SSLContext

      public SSLContext()
  • Method Details

    • make

      public static long make(long pool, int protocol, int mode) throws Exception
      Create a new SSL context.
      Parameters:
      pool - The pool to use.
      protocol - The SSL protocol to use. It can be any combination of the following:
       SSL.SSL_PROTOCOL_SSLV2
       SSL.SSL_PROTOCOL_SSLV3
       SSL.SSL_PROTOCOL_TLSV1
       SSL.SSL_PROTOCOL_TLSV1_1
       SSL.SSL_PROTOCOL_TLSV1_2
       SSL.SSL_PROTOCOL_TLSV1_3
       SSL.SSL_PROTOCOL_ALL ( == all TLS versions, no SSL)
       
      mode - SSL mode to use
       SSL_MODE_CLIENT
       SSL_MODE_SERVER
       SSL_MODE_COMBINED
       
      Returns:
      The Java representation of a pointer to the newly created SSL Context
      Throws:
      Exception - If the SSL Context could not be created
    • free

      public static int free(long ctx)
      Free the resources used by the Context
      Parameters:
      ctx - Server or Client context to free.
      Returns:
      APR Status code.
    • setContextId

      @Deprecated public static void setContextId(long ctx, String id)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Set Session context id. Usually host:port combination.
      Parameters:
      ctx - Context to use.
      id - String that uniquely identifies this context.
    • setBIO

      @Deprecated public static void setBIO(long ctx, long bio, int dir)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Associate BIOCallback for input or output data capture.
      First word in the output string will contain error level in the form:
       [ERROR]  -- Critical error messages
       [WARN]   -- Warning messages
       [INFO]   -- Informational messages
       [DEBUG]  -- Debugging messaged
       
      Callback can use that word to determine application logging level by intercepting write call. If the bio is set to 0 no error messages will be displayed. Default is to use the stderr output stream.
      Parameters:
      ctx - Server or Client context to use.
      bio - BIO handle to use, created with SSL.newBIO
      dir - BIO direction (1 for input 0 for output).
    • setOptions

      public static void setOptions(long ctx, int options)
      Set OpenSSL Option.
      Parameters:
      ctx - Server or Client context to use.
      options - See SSL.SSL_OP_* for option flags.
    • getOptions

      public static int getOptions(long ctx)
      Get OpenSSL Option.
      Parameters:
      ctx - Server or Client context to use.
      Returns:
      options See SSL.SSL_OP_* for option flags.
    • clearOptions

      public static void clearOptions(long ctx, int options)
      Clears OpenSSL Options.
      Parameters:
      ctx - Server or Client context to use.
      options - See SSL.SSL_OP_* for option flags.
    • getCiphers

      public static String[] getCiphers(long ctx)
      Returns all cipher suites that are enabled for negotiation in an SSL handshake.
      Parameters:
      ctx - Server or Client context to use.
      Returns:
      ciphers
    • setQuietShutdown

      @Deprecated public static void setQuietShutdown(long ctx, boolean mode)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Sets the "quiet shutdown" flag for ctx to be mode. SSL objects created from ctx inherit the mode valid at the time and may be 0 or 1.
      Normally when an SSL connection is finished, the parties must send out "close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> for a clean shutdown.
      When setting the "quiet shutdown" flag to 1, SSL.shutdown will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (SSL_shutdown then behaves like called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no "close notify" alert is sent to the peer. This behaviour violates the TLS standard. The default is normal shutdown behaviour as described by the TLS standard.
      Parameters:
      ctx - Server or Client context to use.
      mode - True to set the quiet shutdown.
    • setCipherSuite

      public static boolean setCipherSuite(long ctx, String ciphers) throws Exception
      Cipher Suite available for negotiation in SSL handshake.
      This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
      Parameters:
      ctx - Server or Client context to use.
      ciphers - An OpenSSL cipher specification.
      Returns:
      true if the operation was successful
      Throws:
      Exception - An error occurred
    • setCARevocation

      public static boolean setCARevocation(long ctx, String file, String path) throws Exception
      Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
      This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference.
      The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.
      Parameters:
      ctx - Server or Client context to use.
      file - File of concatenated PEM-encoded CA CRLs for Client Auth.
      path - Directory of PEM-encoded CA Certificates for Client Auth.
      Returns:
      true if the operation was successful
      Throws:
      Exception - An error occurred
    • setCertificateChainFile

      public static boolean setCertificateChainFile(long ctx, String file, boolean skipfirst)
      Set File of PEM-encoded Server CA Certificates
      This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
      But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both certificates use the same certificate chain. Else the browsers will be confused in this situation.
      Parameters:
      ctx - Server or Client context to use.
      file - File of PEM-encoded Server CA Certificates.
      skipfirst - Skip first certificate if chain file is inside certificate file.
      Returns:
      true if the operation was successful
    • setCertificate

      public static boolean setCertificate(long ctx, String cert, String key, String password, int idx) throws Exception
      Set Certificate
      Point setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with 'make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
      If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
      Parameters:
      ctx - Server or Client context to use.
      cert - Certificate file.
      key - Private Key file to use if not in cert.
      password - Certificate password. If null and certificate is encrypted, password prompt will be displayed.
      idx - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
      Returns:
      true if the operation was successful
      Throws:
      Exception - An error occurred
    • setSessionCacheSize

      public static long setSessionCacheSize(long ctx, long size)
      Set the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html
      Parameters:
      ctx - Server or Client context to use.
      size - The cache size
      Returns:
      the value set
    • getSessionCacheSize

      public static long getSessionCacheSize(long ctx)
      Get the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html
      Parameters:
      ctx - Server or Client context to use.
      Returns:
      the size
    • setSessionCacheTimeout

      public static long setSessionCacheTimeout(long ctx, long timeoutSeconds)
      Set the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
      Parameters:
      ctx - Server or Client context to use.
      timeoutSeconds - Timeout value
      Returns:
      the value set
    • getSessionCacheTimeout

      public static long getSessionCacheTimeout(long ctx)
      Get the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
      Parameters:
      ctx - Server or Client context to use.
      Returns:
      the timeout
    • setSessionCacheMode

      public static long setSessionCacheMode(long ctx, long mode)
      Set the mode of the internal session cache and return the previous used mode.
      Parameters:
      ctx - Server or Client context to use.
      mode - The mode to set
      Returns:
      the value set
    • getSessionCacheMode

      public static long getSessionCacheMode(long ctx)
      Get the mode of the current used internal session cache.
      Parameters:
      ctx - Server or Client context to use.
      Returns:
      the value set
    • sessionAccept

      public static long sessionAccept(long ctx)
    • sessionAcceptGood

      public static long sessionAcceptGood(long ctx)
    • sessionAcceptRenegotiate

      public static long sessionAcceptRenegotiate(long ctx)
    • sessionCacheFull

      public static long sessionCacheFull(long ctx)
    • sessionCbHits

      public static long sessionCbHits(long ctx)
    • sessionConnect

      public static long sessionConnect(long ctx)
    • sessionConnectGood

      public static long sessionConnectGood(long ctx)
    • sessionConnectRenegotiate

      public static long sessionConnectRenegotiate(long ctx)
    • sessionHits

      public static long sessionHits(long ctx)
    • sessionMisses

      public static long sessionMisses(long ctx)
    • sessionNumber

      public static long sessionNumber(long ctx)
    • sessionTimeouts

      public static long sessionTimeouts(long ctx)
    • setSessionTicketKeys

      public static void setSessionTicketKeys(long ctx, byte[] keys)
      Set TLS session keys. This allows us to share keys across TFEs.
      Parameters:
      ctx - Server or Client context to use.
      keys - Some session keys
    • setCACertificate

      public static boolean setCACertificate(long ctx, String file, String path) throws Exception
      Set File and Directory of concatenated PEM-encoded CA Certificates for Client Auth
      This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to path.
      The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.
      Parameters:
      ctx - Server or Client context to use.
      file - File of concatenated PEM-encoded CA Certificates for Client Auth.
      path - Directory of PEM-encoded CA Certificates for Client Auth.
      Returns:
      true if the operation was successful
      Throws:
      Exception - An error occurred
    • setRandom

      @Deprecated public static void setRandom(long ctx, String file)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Set file for randomness
      Parameters:
      ctx - Server or Client context to use.
      file - random file.
    • setShutdownType

      @Deprecated public static void setShutdownType(long ctx, int type)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Set SSL connection shutdown type
      The following levels are available for level:
       SSL_SHUTDOWN_TYPE_STANDARD
       SSL_SHUTDOWN_TYPE_UNCLEAN
       SSL_SHUTDOWN_TYPE_ACCURATE
       
      Parameters:
      ctx - Server or Client context to use.
      type - Shutdown type to use.
    • setVerify

      public static void setVerify(long ctx, int level, int depth)
      Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
      This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
      The following levels are available for level:
       SSL_CVERIFY_NONE           - No client Certificate is required at all
       SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
       SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
       SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                                    but it need not to be (successfully) verifiable
       

      The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under setCACertificatePath), etc.
      Parameters:
      ctx - Server or Client context to use.
      level - Type of Client Certificate verification.
      depth - Maximum depth of CA Certificates in Client Certificate verification.
    • setALPN

      @Deprecated public static int setALPN(long ctx, byte[] proto, int len)
      Deprecated.
    • sniCallBack

      public static long sniCallBack(long currentCtx, String sniHostName)
      When tc-native encounters a SNI extension in the TLS handshake it will call this method to determine which OpenSSL SSLContext to use for the connection.
      Parameters:
      currentCtx - The OpenSSL SSLContext that the handshake started to use. This will be the default OpenSSL SSLContext for the endpoint associated with the socket.
      sniHostName - The host name requested by the client
      Returns:
      The Java representation of the pointer to the OpenSSL SSLContext to use for the given host or zero if no SSLContext could be identified
    • registerDefault

      @Deprecated public static void registerDefault(Long defaultSSLContext, SSLContext.SNICallBack sniCallBack)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Register an OpenSSL SSLContext that will be used to initiate TLS connections that may use the SNI extension with the component that will be used to map the requested hostname to the correct OpenSSL SSLContext for the remainder of the connection.
      Parameters:
      defaultSSLContext - The Java representation of a pointer to the OpenSSL SSLContext that will be used to initiate TLS connections
      sniCallBack - The component that will map SNI hosts names received via connections initiated using defaultSSLContext to the correct OpenSSL SSLContext
    • unregisterDefault

      @Deprecated public static void unregisterDefault(Long defaultSSLContext)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Unregister an OpenSSL SSLContext that will no longer be used to initiate TLS connections that may use the SNI extension.
      Parameters:
      defaultSSLContext - The Java representation of a pointer to the OpenSSL SSLContext that will no longer be used
    • setCertVerifyCallback

      public static void setCertVerifyCallback(long ctx, CertificateVerifier verifier)
      Allow to hook CertificateVerifier into the handshake processing. This will call SSL_CTX_set_cert_verify_callback and so replace the default verification callback used by openssl
      Parameters:
      ctx - Server or Client context to use.
      verifier - the verifier to call during handshake.
    • setNextProtos

      @Deprecated public static void setNextProtos(long ctx, String nextProtos)
      Set next protocol for next protocol negotiation extension
      Parameters:
      ctx - Server context to use.
      nextProtos - comma delimited list of protocols in priority order
    • setNpnProtos

      @Deprecated public static void setNpnProtos(long ctx, String[] nextProtos, int selectorFailureBehavior)
      Deprecated.
      Unused. Will be removed in Tomcat 10.1.x
      Set next protocol for next protocol negotiation extension
      Parameters:
      ctx - Server context to use.
      nextProtos - protocols in priority order
      selectorFailureBehavior - see SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE and SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
    • setAlpnProtos

      public static void setAlpnProtos(long ctx, String[] alpnProtos, int selectorFailureBehavior)
      Set application layer protocol for application layer protocol negotiation extension
      Parameters:
      ctx - Server context to use.
      alpnProtos - protocols in priority order
      selectorFailureBehavior - see SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE and SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
    • setTmpDH

      @Deprecated public static void setTmpDH(long ctx, String cert) throws Exception
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Set DH parameters
      Parameters:
      ctx - Server context to use.
      cert - DH param file (can be generated from e.g. openssl dhparam -rand - 2048 > dhparam.pem - see the OpenSSL documentation).
      Throws:
      Exception - An error occurred
    • setTmpECDHByCurveName

      @Deprecated public static void setTmpECDHByCurveName(long ctx, String curveName) throws Exception
      Deprecated.
      Unused. Will be removed in Tomcat 10.1
      Set ECDH elliptic curve by name
      Parameters:
      ctx - Server context to use.
      curveName - the name of the elliptic curve to use (available names can be obtained from openssl ecparam -list_curves).
      Throws:
      Exception - An error occurred
    • setSessionIdContext

      public static boolean setSessionIdContext(long ctx, byte[] sidCtx)
      Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html
      Parameters:
      ctx - Server context to use.
      sidCtx - can be any kind of binary data, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name
      Returns:
      true if success, false otherwise.
    • setCertificateRaw

      public static boolean setCertificateRaw(long ctx, byte[] cert, byte[] key, int sslAidxRsa)
      Set CertificateRaw
      Use keystore a certificate and key to fill the BIOP
      Parameters:
      ctx - Server or Client context to use.
      cert - Byte array with the certificate in DER encoding.
      key - Byte array with the Private Key file in PEM format.
      sslAidxRsa - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
      Returns:
      true if success, false otherwise.
    • addChainCertificateRaw

      public static boolean addChainCertificateRaw(long ctx, byte[] cert)
      Add a certificate to the certificate chain. Certs should be added in order starting with the issuer of the host certs and working up the certificate chain to the CA.
      Use keystore a certificate chain to fill the BIOP
      Parameters:
      ctx - Server or Client context to use.
      cert - Byte array with the certificate in DER encoding.
      Returns:
      true if success, false otherwise.
    • addClientCACertificateRaw

      public static boolean addClientCACertificateRaw(long ctx, byte[] cert)
      Add a CA certificate we accept as issuer for peer certs
      Parameters:
      ctx - Server or Client context to use.
      cert - Byte array with the certificate in DER encoding.
      Returns:
      true if success, false otherwise.