Melhorando negociação SSL

perry.werneck@gmail.com
1 parent e3df55ed
Showing 1 changed file with 27 additions and 28 deletions Show diff stats
src/lib3270/telnet.c
@@ -239,15 +239,20 @@ static const char *trsp_flag[2] = { &quot;POSITIVE-RESPONSE&quot;, &quot;NEGATIVE-RESPONSE&quot; };
 #define XMIT_COLS	hSession->maxCOLS
  
 #if defined(HAVE_LIBSSL) /*[*/
-// static Boolean need_tls_follows = False;
-static void ssl_init(H3270 *session);
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/
-#define INFO_CONST const
-#else /*][*/
-#define INFO_CONST
-#endif /*]*/
-static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
-static void continue_tls(H3270 *hSession, unsigned char *sbbuf, int len);
+
+	static void ssl_init(H3270 *session);
+
+	#if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/
+		#define INFO_CONST const
+	#else /*][*/
+		#define INFO_CONST
+	#endif /*]*/
+
+	static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
+	static void continue_tls(H3270 *hSession, unsigned char *sbbuf, int len);
+
+	static int ssl_3270_ex_index = -1;	/**< Index of h3270 handle in SSL session */
+
 #endif /*]*/
  
 #if defined(_WIN32) /*[*/
@@ -3083,6 +3088,9 @@ static void ssl_init(H3270 *session)
 		SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
 		SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
 		SSL_CTX_set_default_verify_paths(ssl_ctx);
+
+		ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
+
 	}
  
 	if(session->ssl_con)
@@ -3096,32 +3104,23 @@ static void ssl_init(H3270 *session)
 		return;
 	}
  
-	SSL_set_verify(session->ssl_con, 0/*xxx*/, NULL);
-
-	/* XXX: May need to get key file and password. */
-	/*
-	if (appres.cert_file)
-	{
-		if (!(SSL_CTX_use_certificate_chain_file(ssl_ctx,
-						appres.cert_file))) {
-			unsigned long e;
-			char err_buf[120];
+	SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session);
  
-			e = ERR_get_error();
-			(void) ERR_error_string(e, err_buf);
+	SSL_set_verify(session->ssl_con, 0, NULL);
  
-			popup_an_error(NULL,"SSL_CTX_use_certificate_chain_file("
-					"\"%s\") failed:\n%s",
-					appres.cert_file, err_buf);
-		}
-	}
-	*/
 }
  
 /* Callback for tracing protocol negotiation. */
 static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret)
 {
-	H3270 *hSession = lib3270_get_default_session_handle(); // TODO: Find a better way!
+//	H3270 *hSession = lib3270_get_default_session_handle(); // TODO: Find a better way!
+	H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index);
+
+#ifdef DEBUG
+	trace("%s: hsession=%p, session=%p",__FUNCTION__,hSession,lib3270_get_default_session_handle());
+	if(hSession != lib3270_get_default_session_handle())
+		exit(-1);
+#endif // DEBUG
  
 	switch(where)
 	{
...	...	@@ -239,15 +239,20 @@ static const char *trsp_flag[2] = { "POSITIVE-RESPONSE", "NEGATIVE-RESPONSE" };
239	239	#define XMIT_COLS hSession->maxCOLS
240	240
241	241	#if defined(HAVE_LIBSSL) /[/
242		-// static Boolean need_tls_follows = False;
243		-static void ssl_init(H3270 *session);
244		-#if OPENSSL_VERSION_NUMBER >= 0x00907000L /[/
245		-#define INFO_CONST const
246		-#else /][/
247		-#define INFO_CONST
248		-#endif /]/
249		-static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
250		-static void continue_tls(H3270 hSession, unsigned char sbbuf, int len);
	242	+
	243	+ static void ssl_init(H3270 *session);
	244	+
	245	+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L /[/
	246	+ #define INFO_CONST const
	247	+ #else /][/
	248	+ #define INFO_CONST
	249	+ #endif /]/
	250	+
	251	+ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
	252	+ static void continue_tls(H3270 hSession, unsigned char sbbuf, int len);
	253	+
	254	+ static int ssl_3270_ex_index = -1; /*< Index of h3270 handle in SSL session /
	255	+
251	256	#endif /]/
252	257
253	258	#if defined(_WIN32) /[/
...	...	@@ -3083,6 +3088,9 @@ static void ssl_init(H3270 *session)
3083	3088	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
3084	3089	SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
3085	3090	SSL_CTX_set_default_verify_paths(ssl_ctx);
	3091	+
	3092	+ ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
	3093	+
3086	3094	}
3087	3095
3088	3096	if(session->ssl_con)
...	...	@@ -3096,32 +3104,23 @@ static void ssl_init(H3270 *session)
3096	3104	return;
3097	3105	}
3098	3106
3099		- SSL_set_verify(session->ssl_con, 0/xxx/, NULL);
3100		-
3101		- /* XXX: May need to get key file and password. */
3102		- /*
3103		- if (appres.cert_file)
3104		- {
3105		- if (!(SSL_CTX_use_certificate_chain_file(ssl_ctx,
3106		- appres.cert_file))) {
3107		- unsigned long e;
3108		- char err_buf[120];
	3107	+ SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session);
3109	3108
3110		- e = ERR_get_error();
3111		- (void) ERR_error_string(e, err_buf);
	3109	+ SSL_set_verify(session->ssl_con, 0, NULL);
3112	3110
3113		- popup_an_error(NULL,"SSL_CTX_use_certificate_chain_file("
3114		- "\"%s\") failed:\n%s",
3115		- appres.cert_file, err_buf);
3116		- }
3117		- }
3118		- */
3119	3111	}
3120	3112
3121	3113	/* Callback for tracing protocol negotiation. */
3122	3114	static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret)
3123	3115	{
3124		- H3270 *hSession = lib3270_get_default_session_handle(); // TODO: Find a better way!
	3116	+// H3270 *hSession = lib3270_get_default_session_handle(); // TODO: Find a better way!
	3117	+ H3270 hSession = (H3270 ) SSL_get_ex_data(s,ssl_3270_ex_index);
	3118	+
	3119	+#ifdef DEBUG
	3120	+ trace("%s: hsession=%p, session=%p",__FUNCTION__,hSession,lib3270_get_default_session_handle());
	3121	+ if(hSession != lib3270_get_default_session_handle())
	3122	+ exit(-1);
	3123	+#endif // DEBUG
3125	3124
3126	3125	switch(where)
3127	3126	{
...	...