Commit 02c53c4da99525521b8ded94271f54266948cec4
1 parent
8a8b871d
Exists in
master
and in
5 other branches
Incluindo opção para validação da lista de certificados SSL revogados
(CRL).
Showing
4 changed files
with
21 additions
and
15 deletions
Show diff stats
configure.ac
| @@ -325,7 +325,7 @@ if test $app_cv_fvisibility_ok = yes; then | @@ -325,7 +325,7 @@ if test $app_cv_fvisibility_ok = yes; then | ||
| 325 | fi | 325 | fi |
| 326 | 326 | ||
| 327 | dnl --------------------------------------------------------------------------- | 327 | dnl --------------------------------------------------------------------------- |
| 328 | -dnl Allow self signed certificates in SSL connections? | 328 | +dnl SSL Security options |
| 329 | dnl --------------------------------------------------------------------------- | 329 | dnl --------------------------------------------------------------------------- |
| 330 | 330 | ||
| 331 | AC_ARG_ENABLE([self-signed-certs], | 331 | AC_ARG_ENABLE([self-signed-certs], |
| @@ -336,8 +336,20 @@ AC_ARG_ENABLE([self-signed-certs], | @@ -336,8 +336,20 @@ AC_ARG_ENABLE([self-signed-certs], | ||
| 336 | app_cv_self_signed_certs="yes" | 336 | app_cv_self_signed_certs="yes" |
| 337 | ]) | 337 | ]) |
| 338 | 338 | ||
| 339 | +AC_ARG_WITH([ssl-crl-check], | ||
| 340 | + [AS_HELP_STRING([--with-ssl-crl-check], [enable validation of the certificate revogation list in TN3270S connections])], | ||
| 341 | +[ | ||
| 342 | + app_cv_enable_crl_check="$withval" | ||
| 343 | +],[ | ||
| 344 | + app_cv_enable_crl_check="no" | ||
| 345 | +]) | ||
| 346 | + | ||
| 339 | if test "$app_cv_self_signed_certs" == "yes"; then | 347 | if test "$app_cv_self_signed_certs" == "yes"; then |
| 340 | - AC_DEFINE(ENABLE_SELF_SIGNED_CERT) | 348 | + AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT) |
| 349 | +fi | ||
| 350 | + | ||
| 351 | +if test "$app_cv_enable_crl_check" == "yes"; then | ||
| 352 | + AC_DEFINE(SSL_ENABLE_CRL_CHECK) | ||
| 341 | fi | 353 | fi |
| 342 | 354 | ||
| 343 | 355 |
pw3270.cbp
| @@ -62,24 +62,17 @@ | @@ -62,24 +62,17 @@ | ||
| 62 | <Unit filename="android/src/br/com/bb/pw3270/PW3270Activity.java" /> | 62 | <Unit filename="android/src/br/com/bb/pw3270/PW3270Activity.java" /> |
| 63 | <Unit filename="android/src/br/com/bb/pw3270/lib3270.java" /> | 63 | <Unit filename="android/src/br/com/bb/pw3270/lib3270.java" /> |
| 64 | <Unit filename="autogen.sh" /> | 64 | <Unit filename="autogen.sh" /> |
| 65 | - <Unit filename="colors.conf" /> | ||
| 66 | <Unit filename="configure.ac" /> | 65 | <Unit filename="configure.ac" /> |
| 67 | - <Unit filename="debian.changelog" /> | ||
| 68 | - <Unit filename="debian.control" /> | ||
| 69 | - <Unit filename="debian.rules" /> | ||
| 70 | - <Unit filename="makedeb.sh" /> | ||
| 71 | - <Unit filename="makegtkruntime.sh.in" /> | ||
| 72 | <Unit filename="man/man1/pw3270.1" /> | 66 | <Unit filename="man/man1/pw3270.1" /> |
| 73 | - <Unit filename="pw3270.spec.in" /> | ||
| 74 | <Unit filename="src/classlib/Makefile.in" /> | 67 | <Unit filename="src/classlib/Makefile.in" /> |
| 75 | <Unit filename="src/classlib/class.mak.in" /> | 68 | <Unit filename="src/classlib/class.mak.in" /> |
| 76 | <Unit filename="src/classlib/private.h" /> | 69 | <Unit filename="src/classlib/private.h" /> |
| 70 | + <Unit filename="src/include/config.h.in" /> | ||
| 77 | <Unit filename="src/include/lib3270.h" /> | 71 | <Unit filename="src/include/lib3270.h" /> |
| 78 | <Unit filename="src/include/lib3270/X11keysym.h" /> | 72 | <Unit filename="src/include/lib3270/X11keysym.h" /> |
| 79 | <Unit filename="src/include/lib3270/action_table.h" /> | 73 | <Unit filename="src/include/lib3270/action_table.h" /> |
| 80 | <Unit filename="src/include/lib3270/actions.h" /> | 74 | <Unit filename="src/include/lib3270/actions.h" /> |
| 81 | <Unit filename="src/include/lib3270/charset.h" /> | 75 | <Unit filename="src/include/lib3270/charset.h" /> |
| 82 | - <Unit filename="src/include/lib3270/config.h.in" /> | ||
| 83 | <Unit filename="src/include/lib3270/filetransfer.h" /> | 76 | <Unit filename="src/include/lib3270/filetransfer.h" /> |
| 84 | <Unit filename="src/include/lib3270/html.h" /> | 77 | <Unit filename="src/include/lib3270/html.h" /> |
| 85 | <Unit filename="src/include/lib3270/internals.h" /> | 78 | <Unit filename="src/include/lib3270/internals.h" /> |
src/include/config.h.in
| @@ -49,7 +49,8 @@ | @@ -49,7 +49,8 @@ | ||
| 49 | #undef HAVE_ICONV | 49 | #undef HAVE_ICONV |
| 50 | #undef ICONV_CONST | 50 | #undef ICONV_CONST |
| 51 | 51 | ||
| 52 | - #undef ENABLE_SELF_SIGNED_CERT | 52 | + #undef SSL_ALLOW_SELF_SIGNED_CERT |
| 53 | + #undef SSL_ENABLE_CRL_CHECK | ||
| 53 | 54 | ||
| 54 | #ifdef WIN32 | 55 | #ifdef WIN32 |
| 55 | #undef HAVE_WIN_REGISTRY | 56 | #undef HAVE_WIN_REGISTRY |
src/lib3270/ssl.c
| @@ -139,7 +139,7 @@ int ssl_negotiate(H3270 *hSession) | @@ -139,7 +139,7 @@ int ssl_negotiate(H3270 *hSession) | ||
| 139 | peer = SSL_get_peer_certificate(hSession->ssl_con); | 139 | peer = SSL_get_peer_certificate(hSession->ssl_con); |
| 140 | trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); | 140 | trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); |
| 141 | 141 | ||
| 142 | -#ifdef ENABLE_SELF_SIGNED_CERT | 142 | +#ifdef SSL_ALLOW_SELF_SIGNED_CERT |
| 143 | break; | 143 | break; |
| 144 | #else | 144 | #else |
| 145 | lib3270_disconnect(hSession); | 145 | lib3270_disconnect(hSession); |
| @@ -151,7 +151,7 @@ int ssl_negotiate(H3270 *hSession) | @@ -151,7 +151,7 @@ int ssl_negotiate(H3270 *hSession) | ||
| 151 | ); | 151 | ); |
| 152 | 152 | ||
| 153 | return -1; | 153 | return -1; |
| 154 | -#endif // ENABLE_SELF_SIGNED_CERT | 154 | +#endif // SSL_ALLOW_SELF_SIGNED_CERT |
| 155 | 155 | ||
| 156 | default: | 156 | default: |
| 157 | trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | 157 | trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); |
| @@ -255,7 +255,7 @@ int ssl_init(H3270 *hSession) | @@ -255,7 +255,7 @@ int ssl_init(H3270 *hSession) | ||
| 255 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); | 255 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); |
| 256 | SSL_CTX_set_default_verify_paths(ssl_ctx); | 256 | SSL_CTX_set_default_verify_paths(ssl_ctx); |
| 257 | 257 | ||
| 258 | - /* | 258 | +#if defined(SSL_ENABLE_CRL_CHECK) |
| 259 | // Set up CRL validation | 259 | // Set up CRL validation |
| 260 | // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now | 260 | // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now |
| 261 | X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | 261 | X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); |
| @@ -265,9 +265,9 @@ int ssl_init(H3270 *hSession) | @@ -265,9 +265,9 @@ int ssl_init(H3270 *hSession) | ||
| 265 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | 265 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); |
| 266 | X509_STORE_set1_param(store, param); | 266 | X509_STORE_set1_param(store, param); |
| 267 | X509_VERIFY_PARAM_free(param); | 267 | X509_VERIFY_PARAM_free(param); |
| 268 | - */ | ||
| 269 | 268 | ||
| 270 | // X509_STORE_free(store); | 269 | // X509_STORE_free(store); |
| 270 | +#endif // SSL_ENABLE_CRL_CHECK | ||
| 271 | 271 | ||
| 272 | #if defined(_WIN32) | 272 | #if defined(_WIN32) |
| 273 | { | 273 | { |