Download as
Browse Code »

Commit 3289390cd742635e6c2c3286db99c73e7b548e51

Authored by Perry Werneck
1 parent a5300584
Exists in master and in 3 other branches develop, macos, network_module

Updating configure options.

Showing 5 changed files with 30 additions and 24 deletions   Show diff stats
configure.ac
  Diff comments   View file @3289390
... ... @@ -341,20 +341,20 @@ dnl ---------------------------------------------------------------------------
341 341 dnl SSL Security options
342 342 dnl ---------------------------------------------------------------------------
343 343  
344   -AC_ARG_ENABLE([self-signed-certs],
345   - [AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])],
  344 +AC_ARG_ENABLE([self-signed-cert-check],
  345 + [AS_HELP_STRING([--enable-self-signed-cert-check], [Reject SSL connection when host presents a self signed certificate])],
346 346 [
347 347 app_cv_self_signed_certs="$enableval"
348 348 ],[
349   - app_cv_self_signed_certs="yes"
  349 + app_cv_self_signed_certs="no"
350 350 ])
351 351  
352 352 if test "$app_cv_self_signed_certs" == "yes"; then
353   - AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT)
  353 + AC_DEFINE(SSL_ENABLE_SELF_SIGNED_CERT_CHECK)
354 354 fi
355 355  
356   -AC_ARG_ENABLE([expired-crl],
357   - [AS_HELP_STRING([--disable-expired-crl], [disable SSL connection when host presents an expired certificate revocation list])],
  356 +AC_ARG_ENABLE([crl-expiration-check],
  357 + [AS_HELP_STRING([--enable-crl-expiration-check], [Reject SSL connection when host presents an expired certificate revocation list])],
358 358 [
359 359 app_cv_expired_crl="$enableval"
360 360 ],[
... ... @@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl],
362 362 ])
363 363  
364 364 if test "$app_cv_expired_crl" == "yes"; then
365   - AC_DEFINE(SSL_ALLOW_EXPIRED_CRL)
  365 + AC_DEFINE(SSL_ENABLE_CRL_EXPIRATION_CHECK)
366 366 fi
367 367  
368 368  
... ... @@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then
378 378 AC_DEFINE(SSL_ENABLE_CRL_CHECK)
379 379 fi
380 380  
381   -AC_ARG_WITH([default-crl], [AS_HELP_STRING([--with-default-crl], [Set lib3270 default crl url])], [ AC_DEFINE_UNQUOTED(LIB3270_DEFAULT_CRL,"$withval") ],[ AC_MSG_NOTICE(No default crl)])
  381 +AC_ARG_WITH([default-crl-url],
  382 + [AS_HELP_STRING([--with-default-crl-url], [Set lib3270 default crl url])],
  383 +[
  384 + AC_DEFINE_UNQUOTED(SSL_DEFAULT_CRL_URL,"$withval")
  385 +],[
  386 + AC_MSG_NOTICE(No default crl url)
  387 +])
382 388  
383 389 dnl ---------------------------------------------------------------------------
384 390 dnl Check for pic
... ...
lib3270.cbp
  Diff comments   View file @3289390
... ... @@ -39,7 +39,6 @@
39 39 <Unit filename="LICENCA" />
40 40 <Unit filename="LICENSE" />
41 41 <Unit filename="README.md" />
42   - <Unit filename="configure.ac" />
43 42 <Unit filename="gitsync.sh" />
44 43 <Unit filename="src/include/3270ds.h" />
45 44 <Unit filename="src/include/actionsc.h" />
... ...
src/include/config.h.in
  Diff comments   View file @3289390
... ... @@ -53,10 +53,12 @@
53 53 /* Security options */
54 54 #undef HAVE_LDAP
55 55 #undef HAVE_LIBSSL
56   - #undef SSL_ALLOW_SELF_SIGNED_CERT
57   - #undef SSL_ALLOW_EXPIRED_CRL
  56 +
  57 + #undef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
  58 +
58 59 #undef SSL_ENABLE_CRL_CHECK
59   - #undef LIB3270_DEFAULT_CRL
  60 + #undef SSL_ENABLE_CRL_EXPIRATION_CHECK
  61 + #undef SSL_DEFAULT_CRL_URL
60 62  
61 63 /* Windows Options */
62 64 #ifdef WIN32
... ...
src/lib3270/properties.c
  Diff comments   View file @3289390
... ... @@ -298,11 +298,11 @@
298 298 if(hSession->ssl.crl)
299 299 return hSession->ssl.crl;
300 300  
301   -#ifdef LIB3270_DEFAULT_CRL
302   - return LIB3270_DEFAULT_CRL;
  301 +#ifdef SSL_DEFAULT_CRL_URL
  302 + return SSL_DEFAULT_CRL_URL;
303 303 #else
304 304 return getenv("LIB3270_DEFAULT_CRL");
305   -#endif // LIB3270_DEFAULT_CRL
  305 +#endif // SSL_DEFAULT_CRL_URL
306 306  
307 307 #else
308 308 errno = ENOTSUP;
... ... @@ -310,7 +310,6 @@
310 310 #endif
311 311 }
312 312  
313   -
314 313 int lib3270_set_crl_url(H3270 *hSession, const char *crl)
315 314 {
316 315  
... ...
src/lib3270/ssl/negotiate.c
  Diff comments   View file @3289390
... ... @@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
195 195 case X509_V_ERR_CRL_HAS_EXPIRED:
196 196 trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" );
197 197  
198   -#ifdef SSL_ALLOW_EXPIRED_CRL
199   - break;
200   -#else
  198 +#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK
201 199 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
202 200 ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
203 201 ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
204 202 return -1;
205   -#endif // SSL_ALLOW_EXPIRED_CRL
  203 +#else
  204 + break;
  205 +#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
206 206  
207 207 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
208 208  
... ... @@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
211 211 debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" );
212 212 trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
213 213  
214   -#ifdef SSL_ALLOW_SELF_SIGNED_CERT
215   - break;
216   -#else
  214 +#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
217 215 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
218 216 ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." );
219 217 ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." );
220 218 return -1;
221   -#endif // SSL_ALLOW_SELF_SIGNED_CERT
  219 +#else
  220 + break;
  221 +#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
222 222  
223 223 default:
224 224  
... ...