Commit 3289390cd742635e6c2c3286db99c73e7b548e51
1 parent
a5300584
Exists in
master
and in
3 other branches
Updating configure options.
Showing
5 changed files
with
30 additions
and
24 deletions
Show diff stats
configure.ac
@@ -341,20 +341,20 @@ dnl --------------------------------------------------------------------------- | @@ -341,20 +341,20 @@ dnl --------------------------------------------------------------------------- | ||
341 | dnl SSL Security options | 341 | dnl SSL Security options |
342 | dnl --------------------------------------------------------------------------- | 342 | dnl --------------------------------------------------------------------------- |
343 | 343 | ||
344 | -AC_ARG_ENABLE([self-signed-certs], | ||
345 | - [AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])], | 344 | +AC_ARG_ENABLE([self-signed-cert-check], |
345 | + [AS_HELP_STRING([--enable-self-signed-cert-check], [Reject SSL connection when host presents a self signed certificate])], | ||
346 | [ | 346 | [ |
347 | app_cv_self_signed_certs="$enableval" | 347 | app_cv_self_signed_certs="$enableval" |
348 | ],[ | 348 | ],[ |
349 | - app_cv_self_signed_certs="yes" | 349 | + app_cv_self_signed_certs="no" |
350 | ]) | 350 | ]) |
351 | 351 | ||
352 | if test "$app_cv_self_signed_certs" == "yes"; then | 352 | if test "$app_cv_self_signed_certs" == "yes"; then |
353 | - AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT) | 353 | + AC_DEFINE(SSL_ENABLE_SELF_SIGNED_CERT_CHECK) |
354 | fi | 354 | fi |
355 | 355 | ||
356 | -AC_ARG_ENABLE([expired-crl], | ||
357 | - [AS_HELP_STRING([--disable-expired-crl], [disable SSL connection when host presents an expired certificate revocation list])], | 356 | +AC_ARG_ENABLE([crl-expiration-check], |
357 | + [AS_HELP_STRING([--enable-crl-expiration-check], [Reject SSL connection when host presents an expired certificate revocation list])], | ||
358 | [ | 358 | [ |
359 | app_cv_expired_crl="$enableval" | 359 | app_cv_expired_crl="$enableval" |
360 | ],[ | 360 | ],[ |
@@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl], | @@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl], | ||
362 | ]) | 362 | ]) |
363 | 363 | ||
364 | if test "$app_cv_expired_crl" == "yes"; then | 364 | if test "$app_cv_expired_crl" == "yes"; then |
365 | - AC_DEFINE(SSL_ALLOW_EXPIRED_CRL) | 365 | + AC_DEFINE(SSL_ENABLE_CRL_EXPIRATION_CHECK) |
366 | fi | 366 | fi |
367 | 367 | ||
368 | 368 | ||
@@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then | @@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then | ||
378 | AC_DEFINE(SSL_ENABLE_CRL_CHECK) | 378 | AC_DEFINE(SSL_ENABLE_CRL_CHECK) |
379 | fi | 379 | fi |
380 | 380 | ||
381 | -AC_ARG_WITH([default-crl], [AS_HELP_STRING([--with-default-crl], [Set lib3270 default crl url])], [ AC_DEFINE_UNQUOTED(LIB3270_DEFAULT_CRL,"$withval") ],[ AC_MSG_NOTICE(No default crl)]) | 381 | +AC_ARG_WITH([default-crl-url], |
382 | + [AS_HELP_STRING([--with-default-crl-url], [Set lib3270 default crl url])], | ||
383 | +[ | ||
384 | + AC_DEFINE_UNQUOTED(SSL_DEFAULT_CRL_URL,"$withval") | ||
385 | +],[ | ||
386 | + AC_MSG_NOTICE(No default crl url) | ||
387 | +]) | ||
382 | 388 | ||
383 | dnl --------------------------------------------------------------------------- | 389 | dnl --------------------------------------------------------------------------- |
384 | dnl Check for pic | 390 | dnl Check for pic |
lib3270.cbp
@@ -39,7 +39,6 @@ | @@ -39,7 +39,6 @@ | ||
39 | <Unit filename="LICENCA" /> | 39 | <Unit filename="LICENCA" /> |
40 | <Unit filename="LICENSE" /> | 40 | <Unit filename="LICENSE" /> |
41 | <Unit filename="README.md" /> | 41 | <Unit filename="README.md" /> |
42 | - <Unit filename="configure.ac" /> | ||
43 | <Unit filename="gitsync.sh" /> | 42 | <Unit filename="gitsync.sh" /> |
44 | <Unit filename="src/include/3270ds.h" /> | 43 | <Unit filename="src/include/3270ds.h" /> |
45 | <Unit filename="src/include/actionsc.h" /> | 44 | <Unit filename="src/include/actionsc.h" /> |
src/include/config.h.in
@@ -53,10 +53,12 @@ | @@ -53,10 +53,12 @@ | ||
53 | /* Security options */ | 53 | /* Security options */ |
54 | #undef HAVE_LDAP | 54 | #undef HAVE_LDAP |
55 | #undef HAVE_LIBSSL | 55 | #undef HAVE_LIBSSL |
56 | - #undef SSL_ALLOW_SELF_SIGNED_CERT | ||
57 | - #undef SSL_ALLOW_EXPIRED_CRL | 56 | + |
57 | + #undef SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
58 | + | ||
58 | #undef SSL_ENABLE_CRL_CHECK | 59 | #undef SSL_ENABLE_CRL_CHECK |
59 | - #undef LIB3270_DEFAULT_CRL | 60 | + #undef SSL_ENABLE_CRL_EXPIRATION_CHECK |
61 | + #undef SSL_DEFAULT_CRL_URL | ||
60 | 62 | ||
61 | /* Windows Options */ | 63 | /* Windows Options */ |
62 | #ifdef WIN32 | 64 | #ifdef WIN32 |
src/lib3270/properties.c
@@ -298,11 +298,11 @@ | @@ -298,11 +298,11 @@ | ||
298 | if(hSession->ssl.crl) | 298 | if(hSession->ssl.crl) |
299 | return hSession->ssl.crl; | 299 | return hSession->ssl.crl; |
300 | 300 | ||
301 | -#ifdef LIB3270_DEFAULT_CRL | ||
302 | - return LIB3270_DEFAULT_CRL; | 301 | +#ifdef SSL_DEFAULT_CRL_URL |
302 | + return SSL_DEFAULT_CRL_URL; | ||
303 | #else | 303 | #else |
304 | return getenv("LIB3270_DEFAULT_CRL"); | 304 | return getenv("LIB3270_DEFAULT_CRL"); |
305 | -#endif // LIB3270_DEFAULT_CRL | 305 | +#endif // SSL_DEFAULT_CRL_URL |
306 | 306 | ||
307 | #else | 307 | #else |
308 | errno = ENOTSUP; | 308 | errno = ENOTSUP; |
@@ -310,7 +310,6 @@ | @@ -310,7 +310,6 @@ | ||
310 | #endif | 310 | #endif |
311 | } | 311 | } |
312 | 312 | ||
313 | - | ||
314 | int lib3270_set_crl_url(H3270 *hSession, const char *crl) | 313 | int lib3270_set_crl_url(H3270 *hSession, const char *crl) |
315 | { | 314 | { |
316 | 315 |
src/lib3270/ssl/negotiate.c
@@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
195 | case X509_V_ERR_CRL_HAS_EXPIRED: | 195 | case X509_V_ERR_CRL_HAS_EXPIRED: |
196 | trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); | 196 | trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); |
197 | 197 | ||
198 | -#ifdef SSL_ALLOW_EXPIRED_CRL | ||
199 | - break; | ||
200 | -#else | 198 | +#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK |
201 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); | 199 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
202 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); | 200 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); |
203 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); | 201 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); |
204 | return -1; | 202 | return -1; |
205 | -#endif // SSL_ALLOW_EXPIRED_CRL | 203 | +#else |
204 | + break; | ||
205 | +#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK | ||
206 | 206 | ||
207 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | 207 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
208 | 208 | ||
@@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
211 | debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" ); | 211 | debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" ); |
212 | trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); | 212 | trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); |
213 | 213 | ||
214 | -#ifdef SSL_ALLOW_SELF_SIGNED_CERT | ||
215 | - break; | ||
216 | -#else | 214 | +#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK |
217 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); | 215 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
218 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); | 216 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); |
219 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); | 217 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); |
220 | return -1; | 218 | return -1; |
221 | -#endif // SSL_ALLOW_SELF_SIGNED_CERT | 219 | +#else |
220 | + break; | ||
221 | +#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
222 | 222 | ||
223 | default: | 223 | default: |
224 | 224 |