Commit 17656d6c17697c8325acac574d60ffed1e506970
1 parent
12b95a78
Exists in
master
and in
2 other branches
Adding new SSL state active when downloading CRL.
Showing
2 changed files
with
5 additions
and
18 deletions
Show diff stats
src/include/lib3270/ssl.h
| @@ -51,6 +51,7 @@ | @@ -51,6 +51,7 @@ | ||
| 51 | LIB3270_SSL_SECURE, /**< @brief Connection secure with CA check */ | 51 | LIB3270_SSL_SECURE, /**< @brief Connection secure with CA check */ |
| 52 | LIB3270_SSL_NEGOTIATED, /**< @brief Connection secure, no CA, self-signed or expired CRL */ | 52 | LIB3270_SSL_NEGOTIATED, /**< @brief Connection secure, no CA, self-signed or expired CRL */ |
| 53 | LIB3270_SSL_NEGOTIATING, /**< @brief Negotiating SSL */ | 53 | LIB3270_SSL_NEGOTIATING, /**< @brief Negotiating SSL */ |
| 54 | + LIB3270_SSL_VERIFYING, /**< @brief Verifying SSL (Getting CRL) */ | ||
| 54 | LIB3270_SSL_UNDEFINED /**< @brief Undefined */ | 55 | LIB3270_SSL_UNDEFINED /**< @brief Undefined */ |
| 55 | } LIB3270_SSL_STATE; | 56 | } LIB3270_SSL_STATE; |
| 56 | 57 |
src/network_modules/openssl/start.c
| @@ -274,6 +274,8 @@ | @@ -274,6 +274,8 @@ | ||
| 274 | // CRL download is enabled and verification has failed; look for CRL file. | 274 | // CRL download is enabled and verification has failed; look for CRL file. |
| 275 | 275 | ||
| 276 | trace_ssl(hSession,"CRL Validation has failed, requesting CRL download\n"); | 276 | trace_ssl(hSession,"CRL Validation has failed, requesting CRL download\n"); |
| 277 | + set_ssl_state(hSession,LIB3270_SSL_VERIFYING); | ||
| 278 | + | ||
| 277 | if(context->crl.url) { | 279 | if(context->crl.url) { |
| 278 | import_crl(hSession, ctx_context,context,context->crl.url); | 280 | import_crl(hSession, ctx_context,context,context->crl.url); |
| 279 | } else { | 281 | } else { |
| @@ -306,29 +308,13 @@ | @@ -306,29 +308,13 @@ | ||
| 306 | } | 308 | } |
| 307 | 309 | ||
| 308 | // Check results. | 310 | // Check results. |
| 309 | - /* | ||
| 310 | - switch(verify_result) { | ||
| 311 | - case X509_V_OK: | ||
| 312 | - trace_ssl(hSession,"TLS/SSL negotiated connection complete. Peer certificate %s presented.\n", peer ? "was" : "was not"); | ||
| 313 | - break; | ||
| 314 | - | ||
| 315 | -#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
| 316 | - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | ||
| 317 | - trace_ssl(hSession,"TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n"); | ||
| 318 | - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); | ||
| 319 | - return EACCES; | ||
| 320 | -#endif | ||
| 321 | - | ||
| 322 | - default: | ||
| 323 | - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); | ||
| 324 | - } | ||
| 325 | - */ | ||
| 326 | - | ||
| 327 | if(hSession->ssl.message) | 311 | if(hSession->ssl.message) |
| 328 | trace_ssl(hSession,"%s",hSession->ssl.message->summary); | 312 | trace_ssl(hSession,"%s",hSession->ssl.message->summary); |
| 329 | else | 313 | else |
| 330 | trace_ssl(hSession,"TLS/SSL verify result was %ld\n", verify_result); | 314 | trace_ssl(hSession,"TLS/SSL verify result was %ld\n", verify_result); |
| 331 | 315 | ||
| 316 | + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); | ||
| 317 | + | ||
| 332 | return 0; | 318 | return 0; |
| 333 | 319 | ||
| 334 | } | 320 | } |