Download as
Browse Code »

Commit 2fa612683abb6e3d86448072683a5f2f60763d64

Authored by Perry Werneck
1 parent 889dfbb2
Exists in master and in 3 other branches develop, macos, network_module

SSL support is now allways active; the network module takes care of it.

Showing 8 changed files with 91 additions and 202 deletions   Show diff stats
src/core/connect.c
  Diff comments   View file @2fa6126
... ... @@ -124,11 +124,10 @@
124 124 return errno == 0 ? -1 : errno;
125 125 }
126 126  
127   -// debug("%s: TLS/SSL is %s",__FUNCTION__,hSession->ssl.enabled ? "ENABLED" : "DISABLED")
128   -// trace_dsn(hSession,"TLS/SSL is %s\n", hSession->ssl.enabled ? "enabled" : "disabled" );
  127 + debug("%s: TLS/SSL is %s",__FUNCTION__,hSession->ssl.host ? "ENABLED" : "DISABLED")
  128 + trace_dsn(hSession,"TLS/SSL is %s\n", hSession->ssl.host ? "enabled" : "disabled" );
129 129  
130 130 set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
131   - // hSession->ssl.host = 0;
132 131  
133 132 snprintf(hSession->full_model_name,LIB3270_FULL_MODEL_NAME_LENGTH,"IBM-327%c-%d",hSession->m3279 ? '9' : '8', hSession->model_num);
134 133 lib3270_write_event_trace(hSession,"Reconnecting to %s\n",lib3270_get_url(hSession));
... ... @@ -139,12 +138,10 @@
139 138  
140 139 }
141 140  
142   - int lib3270_start_tls(H3270 *hSession, Bool required)
  141 + int lib3270_start_tls(H3270 *hSession)
143 142 {
144 143 int rc = 0;
145 144  
146   - hSession->ssl.required = (required ? 1 : 0);
147   -
148 145 LIB3270_NETWORK_STATE state;
149 146 memset(&state,0,sizeof(state));
150 147  
... ... @@ -156,10 +153,11 @@
156 153 &state
157 154 );
158 155  
159   - if(required && rc) {
  156 + non_blocking(hSession,True);
160 157  
161   - // SSL is required and TLS/SSL has failed, abort.
  158 + if(hSession->ssl.host && rc) {
162 159  
  160 + // SSL is required and TLS/SSL has failed, abort.
163 161 lib3270_popup(hSession,state.popup,0);
164 162 lib3270_disconnect(hSession);
165 163 return rc;
... ... @@ -168,8 +166,6 @@
168 166  
169 167 // Not required or success
170 168  
171   - non_blocking(hSession,True);
172   -
173 169 return 0;
174 170 }
175 171  
... ...
src/core/iocalls.c
  Diff comments   View file @2fa6126
... ... @@ -307,7 +307,10 @@ LIB3270_EXPORT void lib3270_remove_poll(H3270 *session, void *id)
307 307 LIB3270_EXPORT void lib3270_set_poll_state(H3270 *session, void *id, int enabled)
308 308 {
309 309 if(id)
  310 + {
  311 + debug("%s: Polling on %p is %s",__FUNCTION__,id,(enabled ? "enabled" : "disabled"))
310 312 set_poll_state(session, id, enabled);
  313 + }
311 314 }
312 315  
313 316 LIB3270_EXPORT void lib3270_remove_poll_fd(H3270 *session, int fd)
... ...
src/core/linux/connect.c
  Diff comments   View file @2fa6126
... ... @@ -105,7 +105,7 @@
105 105 hSession->xio.except = hSession->network.module->add_poll(hSession,LIB3270_IO_FLAG_EXCEPTION,net_exception,0);
106 106 hSession->xio.read = hSession->network.module->add_poll(hSession,LIB3270_IO_FLAG_READ,net_input,0);
107 107  
108   - if(lib3270_start_tls(hSession,0))
  108 + if(lib3270_start_tls(hSession))
109 109 return;
110 110  
111 111 lib3270_setup_session(hSession);
... ...
src/core/telnet.c
  Diff comments   View file @2fa6126
... ... @@ -50,10 +50,6 @@
50 50 #endif // !ANDROID
51 51  
52 52 #include <config.h>
53   -#if defined(HAVE_LIBSSL)
54   - #include <openssl/ssl.h>
55   - #include <openssl/err.h>
56   -#endif
57 53  
58 54 #include <internals.h>
59 55 #include <errno.h>
... ... @@ -148,9 +144,7 @@ static void store3270in(H3270 *hSession, unsigned char c);
148 144 static void check_linemode(H3270 *hSession, Boolean init);
149 145 static int net_connected(H3270 *session);
150 146  
151   -#if defined(HAVE_LIBSSL)
152 147 static void continue_tls(H3270 *hSession, unsigned char *sbbuf, int len);
153   -#endif // HAVE_LIBSSL
154 148  
155 149 #if defined(X3270_TN3270E) /*[*/
156 150 static int tn3270e_negotiate(H3270 *hSession);
... ... @@ -397,33 +391,15 @@ static void setup_lus(H3270 *hSession)
397 391  
398 392 static int net_connected(H3270 *hSession)
399 393 {
400   - /*
401   - if(hSession->proxy_type > 0)
402   - {
403   - // Negotiate with the proxy.
404   - trace_dsn(hSession,"Connected to proxy server %s, port %u.\n",hSession->proxy_host, hSession->proxy_port);
405 394  
406   - if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0)
407   - {
408   - host_disconnect(hSession,True);
409   - return -1;
410   - }
411   - }
412   - */
  395 + // Set up SSL.
  396 + trace_dsn(hSession,"Connected to %s%s.\n", hSession->host.current,hSession->ssl.host ? " using SSL": "");
413 397  
414   -#if defined(HAVE_LIBSSL)
415   - /* Set up SSL. */
416   - trace_dsn(hSession,"Connected to %s%s.\n", hSession->host.current,hSession->ssl.host? " using SSL": "");
417   -
418   - if(hSession->ssl.con && hSession->ssl.state == LIB3270_SSL_UNDEFINED)
  398 + if(hSession->ssl.host && hSession->ssl.state == LIB3270_SSL_UNDEFINED)
419 399 {
420   - if(ssl_negotiate(hSession))
  400 + if(lib3270_start_tls(hSession))
421 401 return -1;
422 402 }
423   -#else
424   - trace_dsn(hSession,"Connected to %s.\n", hSession->host.current);
425   -
426   -#endif
427 403  
428 404 lib3270_setup_session(hSession);
429 405  
... ... @@ -449,9 +425,7 @@ LIB3270_EXPORT void lib3270_setup_session(H3270 *hSession)
449 425 hSession->response_required = TN3270E_RSF_NO_RESPONSE;
450 426 #endif
451 427  
452   -#if defined(HAVE_LIBSSL)
453 428 hSession->need_tls_follows = 0;
454   -#endif
455 429 hSession->telnet_state = TNS_DATA;
456 430 hSession->ibptr = hSession->ibuf;
457 431  
... ... @@ -485,14 +459,14 @@ LIB3270_EXPORT void lib3270_setup_session(H3270 *hSession)
485 459  
486 460 }
487 461  
488   -/**
489   - * @brief Connection_complete.
490   - *
491   - * The connection appears to be complete (output is possible or input
492   - * appeared ready but recv() returned EWOULDBLOCK). Complete the
493   - * connection-completion processing.
494   - *
495   - */
  462 +/*
  463 +///
  464 +/// @brief Connection_complete.
  465 +///
  466 +/// The connection appears to be complete (output is possible or input
  467 +/// appeared ready but recv() returned EWOULDBLOCK). Complete the
  468 +/// connection-completion processing.
  469 +///
496 470 static void connection_complete(H3270 *session)
497 471 {
498 472 if (non_blocking(session,False) < 0)
... ... @@ -503,56 +477,11 @@ static void connection_complete(H3270 *session)
503 477 lib3270_set_connected_initial(session);
504 478 net_connected(session);
505 479 }
506   -
507   -
508   -/*
509   -LIB3270_INTERNAL void lib3270_sock_disconnect(H3270 *hSession)
510   -{
511   - LIB3270_NETWORK_STATE state;
512   - memset(&state,0,sizeof(state));
513   -
514   -#if defined(HAVE_LIBSSL)
515   - if(hSession->ssl.con != NULL)
516   - {
517   - set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
518   - SSL_shutdown(hSession->ssl.con);
519   - SSL_free(hSession->ssl.con);
520   - hSession->ssl.con = NULL;
521   - }
522   -#endif
523   -
524   - if(hSession->xio.write)
525   - {
526   - lib3270_remove_poll(hSession, hSession->xio.write);
527   - hSession->xio.write = 0;
528   - }
529   -
530   - hSession->network.module->disconnect(hSession->network.context,hSession,&state);
531   -
532   -}
533 480 */
534 481  
535   -/**
536   - * @brief Disconnect from host.
537   - */
  482 +/// @brief Disconnect from host.
538 483 void net_disconnect(H3270 *hSession)
539 484 {
540   -
541   - // Disconnect from host
542   -#if defined(HAVE_LIBSSL)
543   - if(hSession->ssl.con != NULL)
544   - {
545   - set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
546   - SSL_shutdown(hSession->ssl.con);
547   - SSL_free(hSession->ssl.con);
548   - hSession->ssl.con = NULL;
549   - }
550   - else
551   - {
552   - set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
553   - }
554   -#endif
555   -
556 485 if(hSession->xio.write)
557 486 {
558 487 lib3270_remove_poll(hSession, hSession->xio.write);
... ... @@ -633,71 +562,34 @@ void net_input(H3270 *hSession, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNUSED
633 562 hSession->ansi_data = 0;
634 563 #endif
635 564  
636   -#if defined(HAVE_LIBSSL)
  565 +/*
637 566 if (hSession->ssl.con != NULL)
638 567 nr = SSL_read(hSession->ssl.con, (char *) buffer, BUFSZ);
639 568 else
640 569 nr = hSession->network.module->recv(hSession, buffer, BUFSZ);
641   -#else
642   - nr = hSession->network.module->recv(hSession, buffer, BUFSZ);
643   -#endif // HAVE_LIBSSL
  570 +*/
  571 + nr = hSession->network.module->recv(hSession, buffer, BUFSZ);
644 572  
645 573 if (nr < 0)
646 574 {
647   - if (socket_errno() == SE_EWOULDBLOCK)
648   - return;
649   -
650   -#if defined(HAVE_LIBSSL) /*[*/
651   - if(hSession->ssl.con != NULL)
652   - {
653   - static const LIB3270_POPUP popup = {
654   - .type = LIB3270_NOTIFY_ERROR,
655   - .summary = N_( "SSL Read error" )
656   - };
657   -
658   - SSL_ERROR_MESSAGE message = {
659   - .code = ERR_get_error(),
660   - .popup = &popup
661   - };
662   -
663   - popup_ssl_error(hSession,0,&message);
664   -
665   - /*
666   - unsigned long e;
667   - char err_buf[120];
668   -
669   - e = ERR_get_error();
670   - if (e != 0)
671   - {
672   - (void) ERR_error_string(e, err_buf);
673   - trace_dsn(hSession,"RCVD SSL_read error %ld (%s)\n", e,err_buf);
674   - hSession->cbk.message(hSession,LIB3270_NOTIFY_ERROR,_( "SSL Error" ),_( "SSL Read error" ),err_buf );
675   - ssl_popup_message(hSession,msg);
676   - }
677   - else
678   - {
679   - trace_dsn(hSession,"RCVD SSL_read error %ld (%s)\n", e, "unknown");
680   - }
681   - */
682   -
683   - host_disconnect(hSession,True);
  575 + if (nr == -EWOULDBLOCK)
684 576 return;
685   - }
686   -#endif /*]*/
687 577  
688   - if (HALF_CONNECTED && socket_errno() == SE_EAGAIN)
  578 + /*
  579 + if (HALF_CONNECTED && nr == -EWOULDBLOCK)
689 580 {
690 581 connection_complete(hSession);
691 582 return;
692 583 }
  584 + */
693 585  
694   - trace_dsn(hSession,"RCVD socket error %d\n", errno);
  586 + trace_dsn(hSession,"RCVD socket error %d (%s)\n", -nr, strerror(-nr));
695 587  
696 588 if (HALF_CONNECTED)
697 589 {
698 590 popup_a_sockerr(hSession, "%s", hSession->host.current);
699 591 }
700   - else if (socket_errno() != SE_ECONNRESET)
  592 + else if (nr != -ECONNRESET)
701 593 {
702 594 popup_a_sockerr(hSession, _( "Socket read error" ) );
703 595 }
... ... @@ -1009,55 +901,52 @@ static int telnet_fsm(H3270 *hSession, unsigned char c)
1009 901 #if defined(X3270_TN3270E) /*[*/
1010 902 case TELOPT_TN3270E:
1011 903 #endif /*]*/
1012   -#if defined(HAVE_LIBSSL) /*[*/
1013 904 case TELOPT_STARTTLS:
1014   -#endif /*]*/
1015   - if (c == TELOPT_TN3270E && hSession->non_tn3270e_host)
1016   - goto wont;
1017   - if (c == TELOPT_TM && !hSession->bsd_tm)
1018   - goto wont;
  905 + if (c == TELOPT_TN3270E && hSession->non_tn3270e_host)
  906 + goto wont;
  907 + if (c == TELOPT_TM && !hSession->bsd_tm)
  908 + goto wont;
1019 909  
1020   - trace("hSession->myopts[c]=%d",hSession->myopts[c]);
1021   - if (!hSession->myopts[c])
1022   - {
1023   - if (c != TELOPT_TM)
1024   - hSession->myopts[c] = 1;
1025   - will_opt[2] = c;
1026   - net_rawout(hSession, will_opt, sizeof(will_opt));
1027   - trace_dsn(hSession,"SENT %s %s\n", cmd(WILL), opt(c));
1028   - check_in3270(hSession);
1029   - check_linemode(hSession,False);
1030   - }
1031   - if (c == TELOPT_NAWS)
1032   - send_naws(hSession);
1033   -#if defined(HAVE_LIBSSL) /*[*/
1034   - if (c == TELOPT_STARTTLS) {
1035   - static unsigned char follows_msg[] = {
1036   - IAC, SB, TELOPT_STARTTLS,
1037   - TLS_FOLLOWS, IAC, SE
1038   - };
  910 + trace("hSession->myopts[c]=%d",hSession->myopts[c]);
  911 + if (!hSession->myopts[c])
  912 + {
  913 + if (c != TELOPT_TM)
  914 + hSession->myopts[c] = 1;
  915 + will_opt[2] = c;
  916 + net_rawout(hSession, will_opt, sizeof(will_opt));
  917 + trace_dsn(hSession,"SENT %s %s\n", cmd(WILL), opt(c));
  918 + check_in3270(hSession);
  919 + check_linemode(hSession,False);
  920 + }
  921 + if (c == TELOPT_NAWS)
  922 + send_naws(hSession);
  923 + if (c == TELOPT_STARTTLS) {
  924 + static unsigned char follows_msg[] = {
  925 + IAC, SB, TELOPT_STARTTLS,
  926 + TLS_FOLLOWS, IAC, SE
  927 + };
  928 +
  929 + //
  930 + // Send IAC SB STARTTLS FOLLOWS IAC SE
  931 + // to announce that what follows is TLS.
  932 + //
  933 + net_rawout(hSession, follows_msg, sizeof(follows_msg));
  934 + trace_dsn(hSession,"SENT %s %s FOLLOWS %s\n",
  935 + cmd(SB),
  936 + opt(TELOPT_STARTTLS),
  937 + cmd(SE));
  938 +
  939 + debug("%s: %s requires TLS/SSL",__FUNCTION__,opt(TELOPT_STARTTLS));
  940 + hSession->need_tls_follows = 1;
  941 + }
  942 + break;
1039 943  
1040   - /*
1041   - * Send IAC SB STARTTLS FOLLOWS IAC SE
1042   - * to announce that what follows is TLS.
1043   - */
1044   - net_rawout(hSession, follows_msg, sizeof(follows_msg));
1045   - trace_dsn(hSession,"SENT %s %s FOLLOWS %s\n",
1046   - cmd(SB),
1047   - opt(TELOPT_STARTTLS),
1048   - cmd(SE));
1049   -
1050   - debug("%s: %s requires TLS/SSL",__FUNCTION__,opt(TELOPT_STARTTLS));
1051   - hSession->need_tls_follows = 1;
1052   - }
1053   -#endif /*]*/
1054   - break;
1055 944 default:
1056   - wont:
1057   - wont_opt[2] = c;
1058   - net_rawout(hSession, wont_opt, sizeof(wont_opt));
1059   - trace_dsn(hSession,"SENT %s %s\n", cmd(WONT), opt(c));
1060   - break;
  945 + wont:
  946 + wont_opt[2] = c;
  947 + net_rawout(hSession, wont_opt, sizeof(wont_opt));
  948 + trace_dsn(hSession,"SENT %s %s\n", cmd(WONT), opt(c));
  949 + break;
1061 950 }
1062 951 hSession->telnet_state = TNS_DATA;
1063 952 break;
... ... @@ -1137,12 +1026,10 @@ static int telnet_fsm(H3270 *hSession, unsigned char c)
1137 1026 return -1;
1138 1027 }
1139 1028 #endif /*]*/
1140   -#if defined(HAVE_LIBSSL) /*[*/
1141 1029 else if (hSession->need_tls_follows && hSession->myopts[TELOPT_STARTTLS] && hSession->sbbuf[0] == TELOPT_STARTTLS)
1142 1030 {
1143 1031 continue_tls(hSession,hSession->sbbuf, hSession->sbptr - hSession->sbbuf);
1144 1032 }
1145   -#endif /*]*/
1146 1033  
1147 1034 } else {
1148 1035 hSession->telnet_state = TNS_SB;
... ... @@ -1152,16 +1039,13 @@ static int telnet_fsm(H3270 *hSession, unsigned char c)
1152 1039 return 0;
1153 1040 }
1154 1041  
1155   -#if defined(HAVE_LIBSSL)
1156   -/**
1157   - * Process a STARTTLS subnegotiation.
1158   - */
  1042 +/// @brief Process a STARTTLS subnegotiation.
1159 1043 static void continue_tls(H3270 *hSession, unsigned char *sbbuf, int len)
1160 1044 {
1161   - /* Whatever happens, we're not expecting another SB STARTTLS. */
  1045 + // Whatever happens, we're not expecting another SB STARTTLS.
1162 1046 hSession->need_tls_follows = 0;
1163 1047  
1164   - /* Make sure the option is FOLLOWS. */
  1048 + // Make sure the option is FOLLOWS.
1165 1049 if (len < 2 || sbbuf[1] != TLS_FOLLOWS)
1166 1050 {
1167 1051 /* Trace the junk. */
... ... @@ -1171,11 +1055,13 @@ static void continue_tls(H3270 *hSession, unsigned char *sbbuf, int len)
1171 1055 return;
1172 1056 }
1173 1057  
1174   - /* Trace what we got. */
  1058 + // Trace what we got.
1175 1059 trace_dsn(hSession,"%s FOLLOWS %s\n", opt(TELOPT_STARTTLS), cmd(SE));
1176   - ssl_negotiate(hSession);
  1060 +
  1061 + hSession->ssl.host = 1; // Set host type as SSL.
  1062 + lib3270_start_tls(hSession);
  1063 +
1177 1064 }
1178   -#endif // HAVE_LIBSSL
1179 1065  
1180 1066 #if defined(X3270_TN3270E) /*[*/
1181 1067 /// @brief Send a TN3270E terminal type request.
... ...
src/include/internals.h
  Diff comments   View file @2fa6126
... ... @@ -683,8 +683,8 @@ struct _h3270
683 683  
684 684 struct
685 685 {
686   - int error; ///< @brief OpenSSL error.
687   - unsigned char required; ///< @brief Non zero if SSL is required.
  686 + int host : 1; ///< @brief Non zero if host requires SSL.
  687 + int error; ///< @brief OpenSSL error.
688 688 LIB3270_SSL_STATE state;
689 689 } ssl;
690 690  
... ... @@ -856,6 +856,6 @@ LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
856 856 ///
857 857 /// @retval ENOTSUP TLS/SSL is not supported by library.
858 858 ///
859   - LIB3270_INTERNAL int lib3270_start_tls(H3270 *hSession, Bool required);
  859 + LIB3270_INTERNAL int lib3270_start_tls(H3270 *hSession);
860 860  
861 861  
... ...
src/network_modules/openssl.c
  Diff comments   View file @2fa6126
... ... @@ -165,8 +165,9 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
165 165 }
166 166  
167 167 //
168   - // Connect to host.
  168 + // Enable SSL & Connect to host.
169 169 //
  170 + hSession->ssl.host = 1;
170 171 context->sock = lib3270_network_connect(hSession, state);
171 172  
172 173 return (context->sock < 0 ? -1 : 0);
... ... @@ -204,6 +205,7 @@ void lib3270_set_openssl_network_module(H3270 *hSession) {
204 205 hSession->network.module->finalize(hSession);
205 206 }
206 207  
  208 + hSession->ssl.host = 1;
207 209 hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT));
208 210 memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT));
209 211  
... ...
src/network_modules/unsecure.c
  Diff comments   View file @2fa6126
... ... @@ -249,7 +249,7 @@ static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *stat
249 249  
250 250 static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) {
251 251  
252   - if(hSession->ssl.required) {
  252 + if(hSession->ssl.host) {
253 253  
254 254 // TODO: Replace network module with the openssl version, initialize and execute start_tls on it.
255 255  
... ... @@ -292,6 +292,7 @@ void lib3270_set_default_network_module(H3270 *hSession) {
292 292 hSession->network.module->finalize(hSession);
293 293 }
294 294  
  295 + hSession->ssl.host = 0;
295 296 hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT));
296 297 memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT));
297 298 hSession->network.context->sock = -1;
... ...
src/testprogram/testprogram.c
  Diff comments   View file @2fa6126
... ... @@ -116,6 +116,7 @@ int main(int argc, char *argv[])
116 116 case 't':
117 117 trace_file = optarg;
118 118 lib3270_set_trace_handler(h,write_trace,NULL);
  119 + lib3270_set_toggle(h,LIB3270_TOGGLE_DS_TRACE,1);
119 120 break;
120 121 }
121 122  
... ...