Commit 8489a9ba4dd58404b3a22ad7676695ac85e70255
1 parent
efa4ab24
Exists in
master
and in
5 other branches
Incluindo opção de configuração para não aceitar conexões em hosts
que apresentarem certificados SSL auto assinados.
Showing
3 changed files
with
25 additions
and
0 deletions
Show diff stats
configure.ac
| @@ -321,6 +321,23 @@ if test $app_cv_fvisibility_ok = yes; then | @@ -321,6 +321,23 @@ if test $app_cv_fvisibility_ok = yes; then | ||
| 321 | fi | 321 | fi |
| 322 | 322 | ||
| 323 | dnl --------------------------------------------------------------------------- | 323 | dnl --------------------------------------------------------------------------- |
| 324 | +dnl Allow self signed certificates in SSL connections? | ||
| 325 | +dnl --------------------------------------------------------------------------- | ||
| 326 | + | ||
| 327 | +AC_ARG_ENABLE([self-signed-certs], | ||
| 328 | + [AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])], | ||
| 329 | +[ | ||
| 330 | + app_cv_self_signed_certs="$enableval" | ||
| 331 | +],[ | ||
| 332 | + app_cv_self_signed_certs="yes" | ||
| 333 | +]) | ||
| 334 | + | ||
| 335 | +if test "$app_cv_self_signed_certs" == "yes"; then | ||
| 336 | + AC_DEFINE(ENABLE_SELF_SIGNED_CERT) | ||
| 337 | +fi | ||
| 338 | + | ||
| 339 | + | ||
| 340 | +dnl --------------------------------------------------------------------------- | ||
| 324 | dnl Check for pic | 341 | dnl Check for pic |
| 325 | dnl --------------------------------------------------------------------------- | 342 | dnl --------------------------------------------------------------------------- |
| 326 | AC_ARG_ENABLE([pic], | 343 | AC_ARG_ENABLE([pic], |
src/include/config.h.in
| @@ -49,6 +49,8 @@ | @@ -49,6 +49,8 @@ | ||
| 49 | #undef HAVE_ICONV | 49 | #undef HAVE_ICONV |
| 50 | #undef ICONV_CONST | 50 | #undef ICONV_CONST |
| 51 | 51 | ||
| 52 | + #undef ENABLE_SELF_SIGNED_CERT | ||
| 53 | + | ||
| 52 | #ifdef WIN32 | 54 | #ifdef WIN32 |
| 53 | #undef HAVE_WIN_REGISTRY | 55 | #undef HAVE_WIN_REGISTRY |
| 54 | #endif // HAVE_WIN_REGISTRY | 56 | #endif // HAVE_WIN_REGISTRY |
src/lib3270/ssl.c
| @@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession) | @@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession) | ||
| 136 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | 136 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
| 137 | peer = SSL_get_peer_certificate(hSession->ssl_con); | 137 | peer = SSL_get_peer_certificate(hSession->ssl_con); |
| 138 | trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); | 138 | trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); |
| 139 | + | ||
| 140 | +#ifdef ENABLE_SELF_SIGNED_CERT | ||
| 139 | break; | 141 | break; |
| 142 | +#else | ||
| 143 | + lib3270_disconnect(hSession); | ||
| 144 | + return -1; | ||
| 145 | +#endif // ENABLE_SELF_SIGNED_CERT | ||
| 140 | 146 | ||
| 141 | default: | 147 | default: |
| 142 | trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | 148 | trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); |