Commit 3289390cd742635e6c2c3286db99c73e7b548e51

Authored by Perry Werneck
1 parent a5300584

Updating configure options.

@@ -341,20 +341,20 @@ dnl --------------------------------------------------------------------------- @@ -341,20 +341,20 @@ dnl ---------------------------------------------------------------------------
341 dnl SSL Security options 341 dnl SSL Security options
342 dnl --------------------------------------------------------------------------- 342 dnl ---------------------------------------------------------------------------
343 343
344 -AC_ARG_ENABLE([self-signed-certs],  
345 - [AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])], 344 +AC_ARG_ENABLE([self-signed-cert-check],
  345 + [AS_HELP_STRING([--enable-self-signed-cert-check], [Reject SSL connection when host presents a self signed certificate])],
346 [ 346 [
347 app_cv_self_signed_certs="$enableval" 347 app_cv_self_signed_certs="$enableval"
348 ],[ 348 ],[
349 - app_cv_self_signed_certs="yes" 349 + app_cv_self_signed_certs="no"
350 ]) 350 ])
351 351
352 if test "$app_cv_self_signed_certs" == "yes"; then 352 if test "$app_cv_self_signed_certs" == "yes"; then
353 - AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT) 353 + AC_DEFINE(SSL_ENABLE_SELF_SIGNED_CERT_CHECK)
354 fi 354 fi
355 355
356 -AC_ARG_ENABLE([expired-crl],  
357 - [AS_HELP_STRING([--disable-expired-crl], [disable SSL connection when host presents an expired certificate revocation list])], 356 +AC_ARG_ENABLE([crl-expiration-check],
  357 + [AS_HELP_STRING([--enable-crl-expiration-check], [Reject SSL connection when host presents an expired certificate revocation list])],
358 [ 358 [
359 app_cv_expired_crl="$enableval" 359 app_cv_expired_crl="$enableval"
360 ],[ 360 ],[
@@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl], @@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl],
362 ]) 362 ])
363 363
364 if test "$app_cv_expired_crl" == "yes"; then 364 if test "$app_cv_expired_crl" == "yes"; then
365 - AC_DEFINE(SSL_ALLOW_EXPIRED_CRL) 365 + AC_DEFINE(SSL_ENABLE_CRL_EXPIRATION_CHECK)
366 fi 366 fi
367 367
368 368
@@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then @@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then
378 AC_DEFINE(SSL_ENABLE_CRL_CHECK) 378 AC_DEFINE(SSL_ENABLE_CRL_CHECK)
379 fi 379 fi
380 380
381 -AC_ARG_WITH([default-crl], [AS_HELP_STRING([--with-default-crl], [Set lib3270 default crl url])], [ AC_DEFINE_UNQUOTED(LIB3270_DEFAULT_CRL,"$withval") ],[ AC_MSG_NOTICE(No default crl)]) 381 +AC_ARG_WITH([default-crl-url],
  382 + [AS_HELP_STRING([--with-default-crl-url], [Set lib3270 default crl url])],
  383 +[
  384 + AC_DEFINE_UNQUOTED(SSL_DEFAULT_CRL_URL,"$withval")
  385 +],[
  386 + AC_MSG_NOTICE(No default crl url)
  387 +])
382 388
383 dnl --------------------------------------------------------------------------- 389 dnl ---------------------------------------------------------------------------
384 dnl Check for pic 390 dnl Check for pic
@@ -39,7 +39,6 @@ @@ -39,7 +39,6 @@
39 <Unit filename="LICENCA" /> 39 <Unit filename="LICENCA" />
40 <Unit filename="LICENSE" /> 40 <Unit filename="LICENSE" />
41 <Unit filename="README.md" /> 41 <Unit filename="README.md" />
42 - <Unit filename="configure.ac" />  
43 <Unit filename="gitsync.sh" /> 42 <Unit filename="gitsync.sh" />
44 <Unit filename="src/include/3270ds.h" /> 43 <Unit filename="src/include/3270ds.h" />
45 <Unit filename="src/include/actionsc.h" /> 44 <Unit filename="src/include/actionsc.h" />
src/include/config.h.in
@@ -53,10 +53,12 @@ @@ -53,10 +53,12 @@
53 /* Security options */ 53 /* Security options */
54 #undef HAVE_LDAP 54 #undef HAVE_LDAP
55 #undef HAVE_LIBSSL 55 #undef HAVE_LIBSSL
56 - #undef SSL_ALLOW_SELF_SIGNED_CERT  
57 - #undef SSL_ALLOW_EXPIRED_CRL 56 +
  57 + #undef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
  58 +
58 #undef SSL_ENABLE_CRL_CHECK 59 #undef SSL_ENABLE_CRL_CHECK
59 - #undef LIB3270_DEFAULT_CRL 60 + #undef SSL_ENABLE_CRL_EXPIRATION_CHECK
  61 + #undef SSL_DEFAULT_CRL_URL
60 62
61 /* Windows Options */ 63 /* Windows Options */
62 #ifdef WIN32 64 #ifdef WIN32
src/lib3270/properties.c
@@ -298,11 +298,11 @@ @@ -298,11 +298,11 @@
298 if(hSession->ssl.crl) 298 if(hSession->ssl.crl)
299 return hSession->ssl.crl; 299 return hSession->ssl.crl;
300 300
301 -#ifdef LIB3270_DEFAULT_CRL  
302 - return LIB3270_DEFAULT_CRL; 301 +#ifdef SSL_DEFAULT_CRL_URL
  302 + return SSL_DEFAULT_CRL_URL;
303 #else 303 #else
304 return getenv("LIB3270_DEFAULT_CRL"); 304 return getenv("LIB3270_DEFAULT_CRL");
305 -#endif // LIB3270_DEFAULT_CRL 305 +#endif // SSL_DEFAULT_CRL_URL
306 306
307 #else 307 #else
308 errno = ENOTSUP; 308 errno = ENOTSUP;
@@ -310,7 +310,6 @@ @@ -310,7 +310,6 @@
310 #endif 310 #endif
311 } 311 }
312 312
313 -  
314 int lib3270_set_crl_url(H3270 *hSession, const char *crl) 313 int lib3270_set_crl_url(H3270 *hSession, const char *crl)
315 { 314 {
316 315
src/lib3270/ssl/negotiate.c
@@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) @@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
195 case X509_V_ERR_CRL_HAS_EXPIRED: 195 case X509_V_ERR_CRL_HAS_EXPIRED:
196 trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); 196 trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" );
197 197
198 -#ifdef SSL_ALLOW_EXPIRED_CRL  
199 - break;  
200 -#else 198 +#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK
201 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); 199 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
202 ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); 200 ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
203 ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); 201 ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
204 return -1; 202 return -1;
205 -#endif // SSL_ALLOW_EXPIRED_CRL 203 +#else
  204 + break;
  205 +#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
206 206
207 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 207 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
208 208
@@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) @@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
211 debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" ); 211 debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" );
212 trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); 212 trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
213 213
214 -#ifdef SSL_ALLOW_SELF_SIGNED_CERT  
215 - break;  
216 -#else 214 +#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
217 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); 215 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
218 ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); 216 ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." );
219 ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); 217 ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." );
220 return -1; 218 return -1;
221 -#endif // SSL_ALLOW_SELF_SIGNED_CERT 219 +#else
  220 + break;
  221 +#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
222 222
223 default: 223 default:
224 224