From 0e9aa1f1a3f9de0e1e700ff3099b54dcb0473c0a Mon Sep 17 00:00:00 2001
From: Perry Werneck <perry.werneck@gmail.com>
Date: Tue, 9 Oct 2018 17:22:58 -0300
Subject: [PATCH] Incluindo opção de configuração para não aceitar conexões em hosts que apresentarem certificados SSL auto assinados.

---
 ssl.c | 6 ++++++
 1 file changed, 6 insertions(+), 0 deletions(-)

diff --git a/ssl.c b/ssl.c
index 3a52d15..db5c8ed 100644
--- a/ssl.c
+++ b/ssl.c
@@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession)
 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 		peer = SSL_get_peer_certificate(hSession->ssl_con);
 		trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
+
+#ifdef ENABLE_SELF_SIGNED_CERT
 		break;
+#else
+		lib3270_disconnect(hSession);
+		return -1;
+#endif // ENABLE_SELF_SIGNED_CERT
 
 	default:
 		trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
--
libgit2 0.21.2