From 8a8b871d37476046e859f74ff22ece6b17464400 Mon Sep 17 00:00:00 2001
From: Perry Werneck <perry.werneck@gmail.com>
Date: Fri, 19 Oct 2018 11:02:13 -0300
Subject: [PATCH] Iniciando implementação de validação de certificados revogados.

---
 locale/pw3270.pot |  4 ++--
 src/lib3270/ssl.c | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/locale/pw3270.pot b/locale/pw3270.pot
index e423c61..fb0da7e 100644
--- a/locale/pw3270.pot
+++ b/locale/pw3270.pot
@@ -9,7 +9,7 @@ msgstr ""
 "#-#-#-#-#  lib3270.pot (PACKAGE VERSION)  #-#-#-#-#\n"
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-18 15:19-0300\n"
+"POT-Creation-Date: 2018-10-19 09:56-0300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -20,7 +20,7 @@ msgstr ""
 "#-#-#-#-#  pw3270.pot (PACKAGE VERSION)  #-#-#-#-#\n"
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-18 15:19-0300\n"
+"POT-Creation-Date: 2018-10-19 09:56-0300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
diff --git a/src/lib3270/ssl.c b/src/lib3270/ssl.c
index 1539344..6db23c7 100644
--- a/src/lib3270/ssl.c
+++ b/src/lib3270/ssl.c
@@ -39,6 +39,7 @@
 #if defined(HAVE_LIBSSL)
 	#include <openssl/ssl.h>
 	#include <openssl/err.h>
+	#include <openssl/x509_vfy.h>
 
 	#ifndef SSL_ST_OK
 		#define SSL_ST_OK 3
@@ -54,6 +55,7 @@
 #include "trace_dsc.h"
 
 #if defined(HAVE_LIBSSL)
+
 static int ssl_3270_ex_index = -1;	/**< Index of h3270 handle in SSL session */
 #endif // HAVE_LIBSSL
 
@@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession)
 		SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
 		SSL_CTX_set_default_verify_paths(ssl_ctx);
 
+		/*
+		// Set up CRL validation
+		// https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
+		X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+
+		// Enable CRL checking
+		X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+		X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+		X509_STORE_set1_param(store, param);
+		X509_VERIFY_PARAM_free(param);
+		*/
+
+		// X509_STORE_free(store);
+
 #if defined(_WIN32)
 		{
 			HKEY hKey = 0;
--
libgit2 0.21.2