Iniciando implementação de validação de certificados revogados.

Perry Werneck
1 parent f69b8b9a
Showing 2 changed files with 18 additions and 2 deletions Show diff stats
locale/pw3270.pot
src/lib3270/ssl.c
@@ -9,7 +9,7 @@ msgstr &quot;&quot;
 "#-#-#-#-#  lib3270.pot (PACKAGE VERSION)  #-#-#-#-#\n"
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-18 15:19-0300\n"
+"POT-Creation-Date: 2018-10-19 09:56-0300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -20,7 +20,7 @@ msgstr &quot;&quot;
 "#-#-#-#-#  pw3270.pot (PACKAGE VERSION)  #-#-#-#-#\n"
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-10-18 15:19-0300\n"
+"POT-Creation-Date: 2018-10-19 09:56-0300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -39,6 +39,7 @@
 #if defined(HAVE_LIBSSL)
 	#include <openssl/ssl.h>
 	#include <openssl/err.h>
+	#include <openssl/x509_vfy.h>
 	#ifndef SSL_ST_OK
 		#define SSL_ST_OK 3
@@ -54,6 +55,7 @@
 #include "trace_dsc.h"
 #if defined(HAVE_LIBSSL)
+
 static int ssl_3270_ex_index = -1;	/**< Index of h3270 handle in SSL session */
 #endif // HAVE_LIBSSL
@@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession)
 		SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
 		SSL_CTX_set_default_verify_paths(ssl_ctx);
+		/*
+		// Set up CRL validation
+		// https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
+		X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+
+		// Enable CRL checking
+		X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+		X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+		X509_STORE_set1_param(store, param);
+		X509_VERIFY_PARAM_free(param);
+		*/
+
+		// X509_STORE_free(store);
+
 #if defined(_WIN32)
 		{
 			HKEY hKey = 0;
	@@ -9,7 +9,7 @@ msgstr ""		@@ -9,7 +9,7 @@ msgstr ""
9	"#-#-#-#-# lib3270.pot (PACKAGE VERSION) #-#-#-#-#\n"	9	"#-#-#-#-# lib3270.pot (PACKAGE VERSION) #-#-#-#-#\n"
10	"Project-Id-Version: PACKAGE VERSION\n"	10	"Project-Id-Version: PACKAGE VERSION\n"
11	"Report-Msgid-Bugs-To: \n"	11	"Report-Msgid-Bugs-To: \n"
12	-"POT-Creation-Date: 2018-10-18 15:19-0300\n"	12	+"POT-Creation-Date: 2018-10-19 09:56-0300\n"
13	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"	13	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
14	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"	14	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
15	"Language-Team: LANGUAGE <LL@li.org>\n"	15	"Language-Team: LANGUAGE <LL@li.org>\n"
	@@ -20,7 +20,7 @@ msgstr ""		@@ -20,7 +20,7 @@ msgstr ""
20	"#-#-#-#-# pw3270.pot (PACKAGE VERSION) #-#-#-#-#\n"	20	"#-#-#-#-# pw3270.pot (PACKAGE VERSION) #-#-#-#-#\n"
21	"Project-Id-Version: PACKAGE VERSION\n"	21	"Project-Id-Version: PACKAGE VERSION\n"
22	"Report-Msgid-Bugs-To: \n"	22	"Report-Msgid-Bugs-To: \n"
23	-"POT-Creation-Date: 2018-10-18 15:19-0300\n"	23	+"POT-Creation-Date: 2018-10-19 09:56-0300\n"
24	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"	24	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
25	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"	25	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
26	"Language-Team: LANGUAGE <LL@li.org>\n"	26	"Language-Team: LANGUAGE <LL@li.org>\n"
	@@ -39,6 +39,7 @@		@@ -39,6 +39,7 @@
39	#if defined(HAVE_LIBSSL)	39	#if defined(HAVE_LIBSSL)
40	#include <openssl/ssl.h>	40	#include <openssl/ssl.h>
41	#include <openssl/err.h>	41	#include <openssl/err.h>
		42	+ #include <openssl/x509_vfy.h>
42		43
43	#ifndef SSL_ST_OK	44	#ifndef SSL_ST_OK
44	#define SSL_ST_OK 3	45	#define SSL_ST_OK 3
	@@ -54,6 +55,7 @@		@@ -54,6 +55,7 @@
54	#include "trace_dsc.h"	55	#include "trace_dsc.h"
55		56
56	#if defined(HAVE_LIBSSL)	57	#if defined(HAVE_LIBSSL)
		58	+
57	static int ssl_3270_ex_index = -1; /*< Index of h3270 handle in SSL session /	59	static int ssl_3270_ex_index = -1; /*< Index of h3270 handle in SSL session /
58	#endif // HAVE_LIBSSL	60	#endif // HAVE_LIBSSL
59		61
	@@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession)		@@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession)
253	SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);	255	SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
254	SSL_CTX_set_default_verify_paths(ssl_ctx);	256	SSL_CTX_set_default_verify_paths(ssl_ctx);
255		257
		258	+ /*
		259	+ // Set up CRL validation
		260	+ // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
		261	+ X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
		262	+
		263	+ // Enable CRL checking
		264	+ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
		265	+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
		266	+ X509_STORE_set1_param(store, param);
		267	+ X509_VERIFY_PARAM_free(param);
		268	+ */
		269	+
		270	+ // X509_STORE_free(store);
		271	+
256	#if defined(_WIN32)	272	#if defined(_WIN32)
257	{	273	{
258	HKEY hKey = 0;	274	HKEY hKey = 0;