Incluindo opção de configuração para não aceitar conexões em hosts

que apresentarem certificados SSL auto assinados.

Incluindo opção de configuração para não aceitar conexões em hosts
que apresentarem certificados SSL auto assinados.
Perry Werneck
1 parent 911b4f9d
Showing 1 changed file with 6 additions and 0 deletions Show diff stats
ssl.c
@@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession)
 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 		peer = SSL_get_peer_certificate(hSession->ssl_con);
 		trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
+
+#ifdef ENABLE_SELF_SIGNED_CERT
 		break;
+#else
+		lib3270_disconnect(hSession);
+		return -1;
+#endif // ENABLE_SELF_SIGNED_CERT
  
 	default:
 		trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
...	...	@@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession)
136	136	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
137	137	peer = SSL_get_peer_certificate(hSession->ssl_con);
138	138	trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
	139	+
	140	+#ifdef ENABLE_SELF_SIGNED_CERT
139	141	break;
	142	+#else
	143	+ lib3270_disconnect(hSession);
	144	+ return -1;
	145	+#endif // ENABLE_SELF_SIGNED_CERT
140	146
141	147	default:
142	148	trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
...	...