diff --git a/configure.ac b/configure.ac
index ffe4c1c..b57949a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -341,20 +341,20 @@ dnl ---------------------------------------------------------------------------
dnl SSL Security options
dnl ---------------------------------------------------------------------------
-AC_ARG_ENABLE([self-signed-certs],
- [AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])],
+AC_ARG_ENABLE([self-signed-cert-check],
+ [AS_HELP_STRING([--enable-self-signed-cert-check], [Reject SSL connection when host presents a self signed certificate])],
[
app_cv_self_signed_certs="$enableval"
],[
- app_cv_self_signed_certs="yes"
+ app_cv_self_signed_certs="no"
])
if test "$app_cv_self_signed_certs" == "yes"; then
- AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT)
+ AC_DEFINE(SSL_ENABLE_SELF_SIGNED_CERT_CHECK)
fi
-AC_ARG_ENABLE([expired-crl],
- [AS_HELP_STRING([--disable-expired-crl], [disable SSL connection when host presents an expired certificate revocation list])],
+AC_ARG_ENABLE([crl-expiration-check],
+ [AS_HELP_STRING([--enable-crl-expiration-check], [Reject SSL connection when host presents an expired certificate revocation list])],
[
app_cv_expired_crl="$enableval"
],[
@@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl],
])
if test "$app_cv_expired_crl" == "yes"; then
- AC_DEFINE(SSL_ALLOW_EXPIRED_CRL)
+ AC_DEFINE(SSL_ENABLE_CRL_EXPIRATION_CHECK)
fi
@@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then
AC_DEFINE(SSL_ENABLE_CRL_CHECK)
fi
-AC_ARG_WITH([default-crl], [AS_HELP_STRING([--with-default-crl], [Set lib3270 default crl url])], [ AC_DEFINE_UNQUOTED(LIB3270_DEFAULT_CRL,"$withval") ],[ AC_MSG_NOTICE(No default crl)])
+AC_ARG_WITH([default-crl-url],
+ [AS_HELP_STRING([--with-default-crl-url], [Set lib3270 default crl url])],
+[
+ AC_DEFINE_UNQUOTED(SSL_DEFAULT_CRL_URL,"$withval")
+],[
+ AC_MSG_NOTICE(No default crl url)
+])
dnl ---------------------------------------------------------------------------
dnl Check for pic
diff --git a/lib3270.cbp b/lib3270.cbp
index e405eb9..0d78c40 100644
--- a/lib3270.cbp
+++ b/lib3270.cbp
@@ -39,7 +39,6 @@
-
diff --git a/src/include/config.h.in b/src/include/config.h.in
index 7ae17a0..b0a13fa 100644
--- a/src/include/config.h.in
+++ b/src/include/config.h.in
@@ -53,10 +53,12 @@
/* Security options */
#undef HAVE_LDAP
#undef HAVE_LIBSSL
- #undef SSL_ALLOW_SELF_SIGNED_CERT
- #undef SSL_ALLOW_EXPIRED_CRL
+
+ #undef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
+
#undef SSL_ENABLE_CRL_CHECK
- #undef LIB3270_DEFAULT_CRL
+ #undef SSL_ENABLE_CRL_EXPIRATION_CHECK
+ #undef SSL_DEFAULT_CRL_URL
/* Windows Options */
#ifdef WIN32
diff --git a/src/lib3270/properties.c b/src/lib3270/properties.c
index 0840c25..b9c4a2b 100644
--- a/src/lib3270/properties.c
+++ b/src/lib3270/properties.c
@@ -298,11 +298,11 @@
if(hSession->ssl.crl)
return hSession->ssl.crl;
-#ifdef LIB3270_DEFAULT_CRL
- return LIB3270_DEFAULT_CRL;
+#ifdef SSL_DEFAULT_CRL_URL
+ return SSL_DEFAULT_CRL_URL;
#else
return getenv("LIB3270_DEFAULT_CRL");
-#endif // LIB3270_DEFAULT_CRL
+#endif // SSL_DEFAULT_CRL_URL
#else
errno = ENOTSUP;
@@ -310,7 +310,6 @@
#endif
}
-
int lib3270_set_crl_url(H3270 *hSession, const char *crl)
{
diff --git a/src/lib3270/ssl/negotiate.c b/src/lib3270/ssl/negotiate.c
index 94f365f..a01beca 100644
--- a/src/lib3270/ssl/negotiate.c
+++ b/src/lib3270/ssl/negotiate.c
@@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
case X509_V_ERR_CRL_HAS_EXPIRED:
trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" );
-#ifdef SSL_ALLOW_EXPIRED_CRL
- break;
-#else
+#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK
((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
return -1;
-#endif // SSL_ALLOW_EXPIRED_CRL
+#else
+ break;
+#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
@@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" );
trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
-#ifdef SSL_ALLOW_SELF_SIGNED_CERT
- break;
-#else
+#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." );
((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." );
return -1;
-#endif // SSL_ALLOW_SELF_SIGNED_CERT
+#else
+ break;
+#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
default:
--
libgit2 0.21.2