Commit 4915344fe0372ddd427b660cb12c986af8359909
1 parent
5f352dba
Exists in
master
and in
3 other branches
Emiting notification when SSL validation fails.
Showing
1 changed file
with
30 additions
and
8 deletions
Show diff stats
src/ssl/negotiate.c
... | ... | @@ -179,7 +179,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
179 | 179 | ((SSL_ERROR_MESSAGE *) message)->text = _( "Unable to get certificate CRL." ); |
180 | 180 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) of a certificate could not be found." ); |
181 | 181 | |
182 | - return -1; | |
182 | + return EACCES; | |
183 | 183 | |
184 | 184 | case X509_V_ERR_CRL_NOT_YET_VALID: |
185 | 185 | trace_ssl(hSession,"%s","The CRL of a certificate is not yet valid.\n" ); |
... | ... | @@ -187,7 +187,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
187 | 187 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
188 | 188 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." ); |
189 | 189 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." ); |
190 | - return -1; | |
190 | + return EACCES; | |
191 | 191 | |
192 | 192 | case X509_V_ERR_CRL_HAS_EXPIRED: |
193 | 193 | trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); |
... | ... | @@ -196,7 +196,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
196 | 196 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
197 | 197 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); |
198 | 198 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); |
199 | - return -1; | |
199 | + return EACCES; | |
200 | 200 | #else |
201 | 201 | break; |
202 | 202 | #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK |
... | ... | @@ -212,7 +212,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
212 | 212 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
213 | 213 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); |
214 | 214 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); |
215 | - return -1; | |
215 | + return EACCES; | |
216 | 216 | #else |
217 | 217 | break; |
218 | 218 | #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK |
... | ... | @@ -225,7 +225,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
225 | 225 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
226 | 226 | ((SSL_ERROR_MESSAGE *) message)->text = _( "Can't verify." ); |
227 | 227 | ((SSL_ERROR_MESSAGE *) message)->description = _( "Unexpected or invalid TLS/SSL verify result" ); |
228 | - return -1; | |
228 | + return EACCES; | |
229 | 229 | #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK |
230 | 230 | |
231 | 231 | } |
... | ... | @@ -311,7 +311,8 @@ int ssl_negotiate(H3270 *hSession) |
311 | 311 | return rc; |
312 | 312 | } |
313 | 313 | |
314 | -int ssl_init(H3270 *hSession) { | |
314 | +int ssl_init(H3270 *hSession) | |
315 | +{ | |
315 | 316 | |
316 | 317 | int rc; |
317 | 318 | SSL_ERROR_MESSAGE msg; |
... | ... | @@ -321,9 +322,30 @@ int ssl_init(H3270 *hSession) { |
321 | 322 | non_blocking(hSession,False); |
322 | 323 | |
323 | 324 | rc = lib3270_run_task(hSession, background_ssl_init, &msg); |
324 | - if(rc) | |
325 | + if(rc == EACCES) | |
326 | + { | |
327 | + // SSL validation has failed | |
328 | + | |
329 | + int abort = -1; | |
330 | + | |
331 | + if(msg.description) | |
332 | + abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,""); | |
333 | + else | |
334 | + abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,ERR_reason_error_string(msg.error)); | |
335 | + | |
336 | + if(abort) | |
337 | + { | |
338 | + host_disconnect(hSession,1); // Disconnect with "failed" status. | |
339 | + } | |
340 | + else | |
341 | + { | |
342 | + rc = 0; | |
343 | + } | |
344 | + | |
345 | + } | |
346 | + else if(rc) | |
325 | 347 | { |
326 | - // SSL init has failed. | |
348 | + // SSL negotiation has failed. | |
327 | 349 | host_disconnect(hSession,1); // Disconnect with "failed" status. |
328 | 350 | |
329 | 351 | if(msg.description) | ... | ... |