From 17656d6c17697c8325acac574d60ffed1e506970 Mon Sep 17 00:00:00 2001 From: Perry Werneck Date: Wed, 2 Sep 2020 19:17:51 -0300 Subject: [PATCH] Adding new SSL state active when downloading CRL. --- src/include/lib3270/ssl.h | 1 + src/network_modules/openssl/start.c | 22 ++++------------------ 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/src/include/lib3270/ssl.h b/src/include/lib3270/ssl.h index e620798..4b29cc8 100644 --- a/src/include/lib3270/ssl.h +++ b/src/include/lib3270/ssl.h @@ -51,6 +51,7 @@ LIB3270_SSL_SECURE, /**< @brief Connection secure with CA check */ LIB3270_SSL_NEGOTIATED, /**< @brief Connection secure, no CA, self-signed or expired CRL */ LIB3270_SSL_NEGOTIATING, /**< @brief Negotiating SSL */ + LIB3270_SSL_VERIFYING, /**< @brief Verifying SSL (Getting CRL) */ LIB3270_SSL_UNDEFINED /**< @brief Undefined */ } LIB3270_SSL_STATE; diff --git a/src/network_modules/openssl/start.c b/src/network_modules/openssl/start.c index 672ea2d..5fbb07e 100644 --- a/src/network_modules/openssl/start.c +++ b/src/network_modules/openssl/start.c @@ -274,6 +274,8 @@ // CRL download is enabled and verification has failed; look for CRL file. trace_ssl(hSession,"CRL Validation has failed, requesting CRL download\n"); + set_ssl_state(hSession,LIB3270_SSL_VERIFYING); + if(context->crl.url) { import_crl(hSession, ctx_context,context,context->crl.url); } else { @@ -306,29 +308,13 @@ } // Check results. - /* - switch(verify_result) { - case X509_V_OK: - trace_ssl(hSession,"TLS/SSL negotiated connection complete. Peer certificate %s presented.\n", peer ? "was" : "was not"); - break; - -#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - trace_ssl(hSession,"TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n"); - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); - return EACCES; -#endif - - default: - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); - } - */ - if(hSession->ssl.message) trace_ssl(hSession,"%s",hSession->ssl.message->summary); else trace_ssl(hSession,"TLS/SSL verify result was %ld\n", verify_result); + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); + return 0; } -- libgit2 0.21.2