diff --git a/configure.ac b/configure.ac index 7f7adc9..28db2c3 100644 --- a/configure.ac +++ b/configure.ac @@ -472,9 +472,9 @@ else LDAP_LIBS= fi +AC_SUBST(LDAP_CFLAGS) AC_SUBST(LDAP_LIBS) - dnl --------------------------------------------------------------------------- dnl Directory config dnl --------------------------------------------------------------------------- diff --git a/src/include/config.h.in b/src/include/config.h.in index eb23510..01b8578 100644 --- a/src/include/config.h.in +++ b/src/include/config.h.in @@ -36,7 +36,6 @@ #undef PACKAGE_RELEASE #undef HAVE_GNUC_VISIBILITY - #undef HAVE_LIBM #undef HAVE_LIBINTL #undef HAVE_GETADDRINFO #undef HAVE_VASPRINTF diff --git a/src/include/lib3270.h b/src/include/lib3270.h index 38bed3e..cc4e05d 100644 --- a/src/include/lib3270.h +++ b/src/include/lib3270.h @@ -149,6 +149,7 @@ LIB3270_TOGGLE_ALTSCREEN, /**< @brief auto resize on altscreen */ LIB3270_TOGGLE_KEEP_ALIVE, /**< @brief Enable network keep-alive with SO_KEEPALIVE */ LIB3270_TOGGLE_NETWORK_TRACE, /**< @brief Enable network in/out trace */ + LIB3270_TOGGLE_SSL_TRACE, /**< @brief Enable security traces */ LIB3270_TOGGLE_COUNT diff --git a/src/include/toggle.h b/src/include/toggle.h index 11fc29d..a8b427e 100644 --- a/src/include/toggle.h +++ b/src/include/toggle.h @@ -62,7 +62,7 @@ // #define INSERT LIB3270_TOGGLE_INSERT #define KEYPAD LIB3270_TOGGLE_KEYPAD #define SMART_PASTE LIB3270_TOGGLE_SMART_PASTE - #define N_TOGGLES LIB3270_TOGGLE_COUNT +// #define N_TOGGLES LIB3270_TOGGLE_COUNT #define LIB3270_TOGGLE_ID LIB3270_TOGGLE diff --git a/src/include/trace_dsc.h b/src/include/trace_dsc.h index 713c68f..89ca5be 100644 --- a/src/include/trace_dsc.h +++ b/src/include/trace_dsc.h @@ -27,15 +27,12 @@ * */ -/* - * trace_dsc.h - * Global declarations for trace_ds.c. +/** + * @brief Global declarations for trace_ds.c. */ #if defined(X3270_TRACE) -// LIB3270_INTERNAL Boolean trace_skipping; - const char *rcba(H3270 *session, int baddr); void trace_ansi_disc(H3270 *hSession); @@ -43,23 +40,22 @@ void trace_ds(H3270 *hSession, const char *fmt, ...) LIB3270_GNUC_FORMAT(2, 3); void trace_ds_nb(H3270 *hSession, const char *fmt, ...) LIB3270_GNUC_FORMAT(2, 3); void trace_dsn(H3270 *hSession, const char *fmt, ...) LIB3270_GNUC_FORMAT(2, 3); + void trace_ssl(H3270 *hSession, const char *fmt, ...) LIB3270_GNUC_FORMAT(2, 3); void trace_screen(H3270 *session); -// #define trace_event(...) lib3270_trace_event(&h3270,__VA_ARGS__) - #elif defined(__GNUC__) #define trace_ds(session, format, args...) #define trace_dsn(session, format, args...) + #define trace_ssl(session, format, args...) #define trace_ds_nb(session, format, args...) -// #define trace_event(session, format, args...) #else #define trace_ds 0 && #define trace_ds_nb 0 && #define trace_dsn 0 && -// #define trace_event 0 && + #define trace_ssl 0 && #define rcba 0 && #endif diff --git a/src/lib3270/Makefile.in b/src/lib3270/Makefile.in index e5ede28..8142da1 100644 --- a/src/lib3270/Makefile.in +++ b/src/lib3270/Makefile.in @@ -94,13 +94,15 @@ CFLAGS= \ -g \ -I../include -DBUILD_DATE=`date +%Y%m%d` \ - @LIBSSL_CFLAGS@ + @LIBSSL_CFLAGS@ \ + @LDAP_CFLAGS@ LIBS= \ @LIBS@ \ @LIBSSL_LIBS@ \ @LIBICONV@ \ - @INTL_LIBS@ + @INTL_LIBS@ \ + @LDAP_LIBS@ #---[ Debug Rules ]---------------------------------------------------------------------- @@ -325,7 +327,14 @@ $(BINDBG)/$(LIBNAME)@EXEEXT@: \ @$(MKDIR) `dirname $@` @echo $< ... - @$(LD) -o $@ $^ $(LDFLAGS) $(LIBS) + @$(LD) \ + -Wl,--rpath,$(BINDBG) \ + -o $@ \ + $(foreach SRC, $(basename $(TEST_SOURCES)), $(OBJDBG)/$(SRC).o) \ + $(LDFLAGS) \ + $(LIBS) \ + -L$(BINDBG) \ + -l@LIB3270_NAME@ run: \ $(BINDBG)/$(LIBNAME)@EXEEXT@ diff --git a/src/lib3270/private.h b/src/lib3270/private.h index b0057d9..82caa52 100644 --- a/src/lib3270/private.h +++ b/src/lib3270/private.h @@ -605,6 +605,9 @@ struct _h3270 char host; LIB3270_SSL_STATE state; unsigned long error; +#ifdef SSL_ENABLE_CRL_CHECK + char * crl; +#endif // SSL_ENABLE_CRL_CHECK SSL * con; } ssl; #endif // HAVE_LIBSSL diff --git a/src/lib3270/session.c b/src/lib3270/session.c index 9637b2c..b691441 100644 --- a/src/lib3270/session.c +++ b/src/lib3270/session.c @@ -74,6 +74,14 @@ void lib3270_session_free(H3270 *h) shutdown_toggles(h); +#ifdef SSL_ENABLE_CRL_CHECK + if(h->ssl.crl) + { + free(h->ssl.crl); + h->ssl.crl = NULL; + } +#endif // SSL_ENABLE_CRL_CHECK + // Release state change callbacks for(f=0;funlock_delay_ms = 350; // 0.35s after last unlock hSession->pointer = (unsigned short) LIB3270_POINTER_LOCKED; +#ifdef SSL_ENABLE_CRL_CHECK + char *env = getenv("LIB3270_DEFAULT_CRL"); + if(env) + { + hSession->ssl.crl = strdup(env); + } +#endif // SSL_ENABLE_CRL_CHECK + // CSD for(f=0;f<4;f++) hSession->csd[f] = hSession->saved_csd[f] = LIB3270_ANSI_CSD_US; diff --git a/src/lib3270/ssl/ctx_init.c b/src/lib3270/ssl/ctx_init.c index 3b6d290..d8e6942 100644 --- a/src/lib3270/ssl/ctx_init.c +++ b/src/lib3270/ssl/ctx_init.c @@ -84,7 +84,7 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) if(ssl_ctx) return 0; - trace_dsn(hSession,"Initializing SSL context.\n"); + trace_ssl(hSession,"Initializing SSL context.\n"); SSL_load_error_strings(); SSL_library_init(); @@ -111,42 +111,42 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) // // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session // - lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message); + if(hSession->ssl.crl) + { + lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message); - if(!crl) - return -1; + if(!crl) + return -1; -// const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); -// X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) + { + BIO * out = BIO_new(BIO_s_mem()); + unsigned char * data; + unsigned char * text; + int n; - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_DS_TRACE)) - { - BIO * out = BIO_new(BIO_s_mem()); - unsigned char * data; - unsigned char * text; - int n; + X509_CRL_print(out,crl); - X509_CRL_print(out,crl); + n = BIO_get_mem_data(out, &data); + text = (unsigned char *) malloc (n+1); + text[n] ='\0'; + memcpy(text,data,n); - n = BIO_get_mem_data(out, &data); - text = (unsigned char *) malloc (n+1); - text[n] ='\0'; - memcpy(text,data,n); + trace_ssl(hSession,"\n%s\n",text); - trace_dsn(hSession,"\n%s\n",text); + free(text); + BIO_free(out); - free(text); - BIO_free(out); + } - } - - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); - X509_STORE_add_crl(store, crl); - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); - X509_STORE_set1_param(store, param); - X509_VERIFY_PARAM_free(param); + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); + X509_STORE_add_crl(store, crl); + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); + X509_STORE_set1_param(store, param); + X509_VERIFY_PARAM_free(param); + } #endif // SSL_ENABLE_CRL_CHECK return 0; diff --git a/src/lib3270/ssl/linux/getcrl.c b/src/lib3270/ssl/linux/getcrl.c new file mode 100644 index 0000000..97c79ee --- /dev/null +++ b/src/lib3270/ssl/linux/getcrl.c @@ -0,0 +1,298 @@ +/* + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a + * aplicativos mainframe. Registro no INPI sob o nome G3270. + * + * Copyright (C) <2008> + * + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela + * Free Software Foundation. + * + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para + * obter mais detalhes. + * + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin + * St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Este programa está nomeado como - e possui - linhas de código. + * + * Contatos: + * + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça) + * + * + * References: + * + * http://www.openssl.org/docs/ssl/ + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now + * + */ + +#include +#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) + +#include +#include +#include +#include + +#ifdef HAVE_LDAP + #define LDAP_DEPRECATED 1 + #include +#endif // HAVE_LDAP + +#include "../../private.h" +#include +#include + +/*--[ Implement ]------------------------------------------------------------------------------------*/ + +static inline void lib3270_autoptr_cleanup_FILE(FILE **file) +{ + if(*file) + fclose(*file); +} + +#ifdef HAVE_LDAP +static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message) +{ + debug("%s(%p)",__FUNCTION__,*message); + if(message) + ldap_msgfree(*message); + *message = NULL; +} + +static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld) +{ + debug("%s(%p)",__FUNCTION__,*ld); + if(*ld) + ldap_unbind_ext(*ld, NULL, NULL); + *ld = NULL; +} + +static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber) +{ + debug("%s(%p)",__FUNCTION__,*ber); + if(*ber) + ber_free(*ber, 0); + *ber = NULL; +} + +static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr) +{ + debug("%s(%p)",__FUNCTION__,*ptr); + if(*ptr) + ldap_memfree(*ptr); + *ptr = NULL; +} + +#endif // HAVE_LDAP + +X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) +{ + X509_CRL * crl = NULL; + + if(strncasecmp(hSession->ssl.crl,"file://",7) == 0) + { + lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r"); + + if(!hCRL) + { + // Can't open CRL File. + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't open CRL File" ); + message->description = strerror(errno); + lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description); + return NULL; + + } + + lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7); + d2i_X509_CRL_fp(hCRL, &crl); + + } +#ifdef HAVE_LDAP + else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0) + { + int rc; + lib3270_autoptr(char) url = strdup(hSession->ssl.crl); + + char * attrs[] = { NULL, NULL }; + char * base = NULL; + + const struct _args + { + const char * name; + char ** value; + } + args[] = + { + { "attr", &attrs[0] }, + { "base", &base } + }; + + // Get arguments + size_t arg; + char * ptr = strchr(url,'?'); + while(ptr) + { + *(ptr++) = 0; + char *value = strchr(ptr,'='); + if(!value) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Invalid argument format" ); + message->description = "The URL argument should be in the format name=value"; + return NULL; + } + + *(value++) = 0; + + debug("%s=%s",ptr,value); + + for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++) + { + if(!strcasecmp(ptr,args[arg].name)) + { + *args[arg].value = value; + debug("%s=\"%s\"",args[arg].name,*args[arg].value); + } + } + + ptr = strchr(value,'&'); + } + + // Do we get all the required arguments? + for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++) + { + if(!*args[arg].value) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't set LDAP query" ); + message->description = N_("Insuficient arguments"); + lib3270_write_log(hSession,"ssl","%s: Required argument \"%s\" is missing",url, args[arg].name); + return NULL; + } + } + + // Do LDAP Query + LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL; + BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL; + + rc = ldap_initialize(&ld, url); + if(rc != LDAP_SUCCESS) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't initialize LDAP" ); + message->description = ldap_err2string(rc); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description); + return NULL; + } + + unsigned long version = LDAP_VERSION3; + rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version); + if(rc != LDAP_SUCCESS) { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't set LDAP version" ); + message->description = ldap_err2string(rc); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description); + return NULL; + } + + rc = ldap_simple_bind_s(ld, "", ""); + if(rc != LDAP_SUCCESS) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't bind to LDAP server" ); + message->description = ldap_err2string(rc); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description); + return NULL; + } + + lib3270_autoptr(LDAPMessage) results = NULL; + rc = ldap_search_ext_s( + ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open(). + base, // Specifies the DN of the entry at which to start the search. + LDAP_SCOPE_BASE, // Specifies the scope of the search. + NULL, // Specifies a string representation of the filter to apply in the search. + (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter. + 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values. + NULL, + NULL, + NULL, + 0, + &results + ); + + if(rc != LDAP_SUCCESS) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't search LDAP server" ); + message->description = ldap_err2string(rc); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description); + return NULL; + } + + char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber); + if(!attr) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't get LDAP attribute" ); + message->description = N_("Search did not produce any attributes."); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description); + return NULL; + } + + struct berval ** value = ldap_get_values_len(ld, results, attr); + if(!value) + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Can't get LDAP attribute" ); + message->description = N_("Search did not produce any values."); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->description); + return NULL; + } + + debug("CRL Length=%d",(int) value[0]->bv_len); + + if(!d2i_X509_CRL(&crl, (const unsigned char **) &value[0]->bv_val, value[0]->bv_len)) + { + message->error = hSession->ssl.error = ERR_get_error(); + message->title = N_( "Security error" ); + message->text = N_( "Can't get CRL from LDAP Search" ); + lib3270_write_log(hSession,"ssl","%s: %s",url, message->text); + } + + // ldap_value_free_len(value); + + } +#endif // HAVE_LDAP + else + { + message->error = hSession->ssl.error = 0; + message->title = N_( "Security error" ); + message->text = N_( "Unexpected or invalid CRL URL" ); + message->description = N_("The URL scheme is unknown"); + lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description); + return NULL; + } + + return crl; + +} + +#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK diff --git a/src/lib3270/ssl/negotiate.c b/src/lib3270/ssl/negotiate.c index e5cdb5b..c7a19bf 100644 --- a/src/lib3270/ssl/negotiate.c +++ b/src/lib3270/ssl/negotiate.c @@ -125,7 +125,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) /* Set up the TLS/SSL connection. */ if(SSL_set_fd(hSession->ssl.con, hSession->sock) != 1) { - trace_dsn(hSession,"%s","SSL_set_fd failed!\n"); + trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); ((SSL_ERROR_MESSAGE *) message)->title = N_( "Security error" ); ((SSL_ERROR_MESSAGE *) message)->text = N_( "SSL negotiation failed" ); @@ -134,9 +134,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) return -1; } - trace("%s: Running SSL_connect",__FUNCTION__); + trace_ssl(hSession, "%s","Running SSL_connect\n"); rv = SSL_connect(hSession->ssl.con); - trace("%s: SSL_connect exits with rc=%d",__FUNCTION__,rv); + trace_ssl(hSession, "SSL_connect exits with rc=%d\n",rv); if (rv != 1) { @@ -148,7 +148,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) msg = ERR_lib_error_string(((SSL_ERROR_MESSAGE *) message)->error); - trace_dsn(hSession,"SSL_connect failed: %s %s\n",msg,ERR_reason_error_string(hSession->ssl.error)); + trace_ssl(hSession,"SSL_connect failed: %s %s\n",msg,ERR_reason_error_string(hSession->ssl.error)); ((SSL_ERROR_MESSAGE *) message)->title = N_( "Security error" ); ((SSL_ERROR_MESSAGE *) message)->text = N_( "SSL Connect failed" ); @@ -168,14 +168,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) peer = SSL_get_peer_certificate(hSession->ssl.con); debug("TLS/SSL negotiated connection complete. Peer certificate %s presented.", peer ? "was" : "was not"); - trace_dsn(hSession,"TLS/SSL negotiated connection complete. Peer certificate %s presented.\n", peer ? "was" : "was not"); + trace_ssl(hSession,"TLS/SSL negotiated connection complete. Peer certificate %s presented.\n", peer ? "was" : "was not"); break; case X509_V_ERR_UNABLE_TO_GET_CRL: debug("%s","The CRL of a certificate could not be found." ); - trace_dsn(hSession,"%s","The CRL of a certificate could not be found.\n" ); + trace_ssl(hSession,"%s","The CRL of a certificate could not be found.\n" ); ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); ((SSL_ERROR_MESSAGE *) message)->text = _( "Unable to get certificate CRL." ); @@ -184,7 +184,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) return -1; case X509_V_ERR_CRL_NOT_YET_VALID: - trace_dsn(hSession,"%s","The CRL of a certificate is not yet valid.\n" ); + trace_ssl(hSession,"%s","The CRL of a certificate is not yet valid.\n" ); ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." ); @@ -192,7 +192,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) return -1; case X509_V_ERR_CRL_HAS_EXPIRED: - trace_dsn(hSession,"%s","The CRL of a certificate has expired.\n" ); + trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); @@ -203,7 +203,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) peer = SSL_get_peer_certificate(hSession->ssl.con); debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" ); - trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); + trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); #ifdef SSL_ALLOW_SELF_SIGNED_CERT break; @@ -220,7 +220,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); } - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_DS_TRACE)) + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) { char buffer[4096]; int alg_bits = 0; @@ -228,7 +228,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) trace_dsn(hSession,"TLS/SSL cipher description: %s",SSL_CIPHER_description((SSL_CIPHER *) cipher, buffer, 4095)); SSL_CIPHER_get_bits(cipher, &alg_bits); - trace_dsn(hSession,"%s version %s with %d bits\n", + trace_ssl(hSession,"%s version %s with %d bits\n", SSL_CIPHER_get_name(cipher), SSL_CIPHER_get_version(cipher), alg_bits); @@ -237,7 +237,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) if(peer) { - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_DS_TRACE)) + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) { BIO * out = BIO_new(BIO_s_mem()); unsigned char * data; @@ -251,7 +251,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) text[n] ='\0'; memcpy(text,data,n); - trace_dsn(hSession,"TLS/SSL peer certificate:\n%s\n",text); + trace_ssl(hSession,"TLS/SSL peer certificate:\n%s\n",text); free(text); BIO_free(out); diff --git a/src/lib3270/testprogram/testprogram.c b/src/lib3270/testprogram/testprogram.c index 4eca07b..8d5069c 100644 --- a/src/lib3270/testprogram/testprogram.c +++ b/src/lib3270/testprogram/testprogram.c @@ -17,7 +17,8 @@ int main(int numpar, char *param[]) h = lib3270_session_new(""); printf("3270 session %p created\n]",h); - lib3270_set_toggle(h,LIB3270_TOGGLE_DS_TRACE,1); +// lib3270_set_toggle(h,LIB3270_TOGGLE_DS_TRACE,1); + lib3270_set_toggle(h,LIB3270_TOGGLE_SSL_TRACE,1); lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com"); rc = lib3270_connect(h,120); diff --git a/src/lib3270/toggles.c b/src/lib3270/toggles.c index 00b722e..7422e9a 100644 --- a/src/lib3270/toggles.c +++ b/src/lib3270/toggles.c @@ -224,13 +224,19 @@ toggle_info[LIB3270_TOGGLE_COUNT] = N_( "Trace network data flow" ), N_( "Enable network in/out trace" ) }, + { + "ssltrace", + False, + N_( "Trace SSL negotiation" ), + N_( "Enable SSL messages trace" ) + }, }; LIB3270_EXPORT unsigned char lib3270_get_toggle(H3270 *session, LIB3270_TOGGLE ix) { CHECK_SESSION_HANDLE(session); - if(ix < 0 || ix >= N_TOGGLES) + if(ix < 0 || ix >= LIB3270_TOGGLE_COUNT) return 0; return session->toggle[ix].value != 0; @@ -324,8 +330,8 @@ static void toggle_keepalive(H3270 *session, struct lib3270_toggle *t unused, LI } } -/* - * Called from system initialization code to handle initial toggle settings. +/** + * @brief Called from system initialization code to handle initial toggle settings. */ void initialize_toggles(H3270 *session) { @@ -367,21 +373,21 @@ void shutdown_toggles(H3270 *session) LIB3270_EXPORT const char * lib3270_get_toggle_label(LIB3270_TOGGLE_ID ix) { - if(ix < N_TOGGLES) + if(ix < LIB3270_TOGGLE_COUNT) return toggle_info[ix].label; return ""; } LIB3270_EXPORT const char * lib3270_get_toggle_description(LIB3270_TOGGLE_ID ix) { - if(ix < N_TOGGLES) + if(ix < LIB3270_TOGGLE_COUNT) return toggle_info[ix].description; return ""; } LIB3270_EXPORT const char * lib3270_get_toggle_name(LIB3270_TOGGLE_ID ix) { - if(ix < N_TOGGLES) + if(ix < LIB3270_TOGGLE_COUNT) return toggle_info[ix].name; return ""; } @@ -391,7 +397,7 @@ LIB3270_EXPORT LIB3270_TOGGLE lib3270_get_toggle_id(const char *name) if(name) { int f; - for(f=0;ftrace.handler(session,session->trace.userdata,fmt, args); + va_end(args); +} + + /* Write to the trace file. */ static void wtrace(H3270 *session, const char *fmt, ...) { -- libgit2 0.21.2