Commit 0e9aa1f1a3f9de0e1e700ff3099b54dcb0473c0a

Authored by Perry Werneck
1 parent 911b4f9d

Incluindo opção de configuração para não aceitar conexões em hosts

que apresentarem certificados SSL auto assinados.
Showing 1 changed file with 6 additions and 0 deletions   Show diff stats
ssl.c
... ... @@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession)
136 136 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
137 137 peer = SSL_get_peer_certificate(hSession->ssl_con);
138 138 trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
  139 +
  140 +#ifdef ENABLE_SELF_SIGNED_CERT
139 141 break;
  142 +#else
  143 + lib3270_disconnect(hSession);
  144 + return -1;
  145 +#endif // ENABLE_SELF_SIGNED_CERT
140 146  
141 147 default:
142 148 trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
... ...