Commit 4915344fe0372ddd427b660cb12c986af8359909

Authored by Perry Werneck
1 parent 5f352dba

Emiting notification when SSL validation fails.

Showing 1 changed file with 30 additions and 8 deletions   Show diff stats
src/ssl/negotiate.c
... ... @@ -179,7 +179,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
179 179 ((SSL_ERROR_MESSAGE *) message)->text = _( "Unable to get certificate CRL." );
180 180 ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) of a certificate could not be found." );
181 181  
182   - return -1;
  182 + return EACCES;
183 183  
184 184 case X509_V_ERR_CRL_NOT_YET_VALID:
185 185 trace_ssl(hSession,"%s","The CRL of a certificate is not yet valid.\n" );
... ... @@ -187,7 +187,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
187 187 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
188 188 ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." );
189 189 ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." );
190   - return -1;
  190 + return EACCES;
191 191  
192 192 case X509_V_ERR_CRL_HAS_EXPIRED:
193 193 trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" );
... ... @@ -196,7 +196,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
196 196 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
197 197 ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
198 198 ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
199   - return -1;
  199 + return EACCES;
200 200 #else
201 201 break;
202 202 #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
... ... @@ -212,7 +212,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
212 212 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
213 213 ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." );
214 214 ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." );
215   - return -1;
  215 + return EACCES;
216 216 #else
217 217 break;
218 218 #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
... ... @@ -225,7 +225,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
225 225 ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
226 226 ((SSL_ERROR_MESSAGE *) message)->text = _( "Can't verify." );
227 227 ((SSL_ERROR_MESSAGE *) message)->description = _( "Unexpected or invalid TLS/SSL verify result" );
228   - return -1;
  228 + return EACCES;
229 229 #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
230 230  
231 231 }
... ... @@ -311,7 +311,8 @@ int ssl_negotiate(H3270 *hSession)
311 311 return rc;
312 312 }
313 313  
314   -int ssl_init(H3270 *hSession) {
  314 +int ssl_init(H3270 *hSession)
  315 +{
315 316  
316 317 int rc;
317 318 SSL_ERROR_MESSAGE msg;
... ... @@ -321,9 +322,30 @@ int ssl_init(H3270 *hSession) {
321 322 non_blocking(hSession,False);
322 323  
323 324 rc = lib3270_run_task(hSession, background_ssl_init, &msg);
324   - if(rc)
  325 + if(rc == EACCES)
  326 + {
  327 + // SSL validation has failed
  328 +
  329 + int abort = -1;
  330 +
  331 + if(msg.description)
  332 + abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,"");
  333 + else
  334 + abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,ERR_reason_error_string(msg.error));
  335 +
  336 + if(abort)
  337 + {
  338 + host_disconnect(hSession,1); // Disconnect with "failed" status.
  339 + }
  340 + else
  341 + {
  342 + rc = 0;
  343 + }
  344 +
  345 + }
  346 + else if(rc)
325 347 {
326   - // SSL init has failed.
  348 + // SSL negotiation has failed.
327 349 host_disconnect(hSession,1); // Disconnect with "failed" status.
328 350  
329 351 if(msg.description)
... ...