Commit 4915344fe0372ddd427b660cb12c986af8359909
1 parent
5f352dba
Exists in
master
and in
3 other branches
Emiting notification when SSL validation fails.
Showing
1 changed file
with
30 additions
and
8 deletions
Show diff stats
src/ssl/negotiate.c
| @@ -179,7 +179,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -179,7 +179,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 179 | ((SSL_ERROR_MESSAGE *) message)->text = _( "Unable to get certificate CRL." ); | 179 | ((SSL_ERROR_MESSAGE *) message)->text = _( "Unable to get certificate CRL." ); |
| 180 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) of a certificate could not be found." ); | 180 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) of a certificate could not be found." ); |
| 181 | 181 | ||
| 182 | - return -1; | 182 | + return EACCES; |
| 183 | 183 | ||
| 184 | case X509_V_ERR_CRL_NOT_YET_VALID: | 184 | case X509_V_ERR_CRL_NOT_YET_VALID: |
| 185 | trace_ssl(hSession,"%s","The CRL of a certificate is not yet valid.\n" ); | 185 | trace_ssl(hSession,"%s","The CRL of a certificate is not yet valid.\n" ); |
| @@ -187,7 +187,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -187,7 +187,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 187 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); | 187 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
| 188 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." ); | 188 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." ); |
| 189 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." ); | 189 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." ); |
| 190 | - return -1; | 190 | + return EACCES; |
| 191 | 191 | ||
| 192 | case X509_V_ERR_CRL_HAS_EXPIRED: | 192 | case X509_V_ERR_CRL_HAS_EXPIRED: |
| 193 | trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); | 193 | trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" ); |
| @@ -196,7 +196,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -196,7 +196,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 196 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); | 196 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
| 197 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); | 197 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." ); |
| 198 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); | 198 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." ); |
| 199 | - return -1; | 199 | + return EACCES; |
| 200 | #else | 200 | #else |
| 201 | break; | 201 | break; |
| 202 | #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK | 202 | #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK |
| @@ -212,7 +212,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -212,7 +212,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 212 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); | 212 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
| 213 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); | 213 | ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); |
| 214 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); | 214 | ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); |
| 215 | - return -1; | 215 | + return EACCES; |
| 216 | #else | 216 | #else |
| 217 | break; | 217 | break; |
| 218 | #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK | 218 | #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK |
| @@ -225,7 +225,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -225,7 +225,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 225 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); | 225 | ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
| 226 | ((SSL_ERROR_MESSAGE *) message)->text = _( "Can't verify." ); | 226 | ((SSL_ERROR_MESSAGE *) message)->text = _( "Can't verify." ); |
| 227 | ((SSL_ERROR_MESSAGE *) message)->description = _( "Unexpected or invalid TLS/SSL verify result" ); | 227 | ((SSL_ERROR_MESSAGE *) message)->description = _( "Unexpected or invalid TLS/SSL verify result" ); |
| 228 | - return -1; | 228 | + return EACCES; |
| 229 | #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK | 229 | #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK |
| 230 | 230 | ||
| 231 | } | 231 | } |
| @@ -311,7 +311,8 @@ int ssl_negotiate(H3270 *hSession) | @@ -311,7 +311,8 @@ int ssl_negotiate(H3270 *hSession) | ||
| 311 | return rc; | 311 | return rc; |
| 312 | } | 312 | } |
| 313 | 313 | ||
| 314 | -int ssl_init(H3270 *hSession) { | 314 | +int ssl_init(H3270 *hSession) |
| 315 | +{ | ||
| 315 | 316 | ||
| 316 | int rc; | 317 | int rc; |
| 317 | SSL_ERROR_MESSAGE msg; | 318 | SSL_ERROR_MESSAGE msg; |
| @@ -321,9 +322,30 @@ int ssl_init(H3270 *hSession) { | @@ -321,9 +322,30 @@ int ssl_init(H3270 *hSession) { | ||
| 321 | non_blocking(hSession,False); | 322 | non_blocking(hSession,False); |
| 322 | 323 | ||
| 323 | rc = lib3270_run_task(hSession, background_ssl_init, &msg); | 324 | rc = lib3270_run_task(hSession, background_ssl_init, &msg); |
| 324 | - if(rc) | 325 | + if(rc == EACCES) |
| 326 | + { | ||
| 327 | + // SSL validation has failed | ||
| 328 | + | ||
| 329 | + int abort = -1; | ||
| 330 | + | ||
| 331 | + if(msg.description) | ||
| 332 | + abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,""); | ||
| 333 | + else | ||
| 334 | + abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,ERR_reason_error_string(msg.error)); | ||
| 335 | + | ||
| 336 | + if(abort) | ||
| 337 | + { | ||
| 338 | + host_disconnect(hSession,1); // Disconnect with "failed" status. | ||
| 339 | + } | ||
| 340 | + else | ||
| 341 | + { | ||
| 342 | + rc = 0; | ||
| 343 | + } | ||
| 344 | + | ||
| 345 | + } | ||
| 346 | + else if(rc) | ||
| 325 | { | 347 | { |
| 326 | - // SSL init has failed. | 348 | + // SSL negotiation has failed. |
| 327 | host_disconnect(hSession,1); // Disconnect with "failed" status. | 349 | host_disconnect(hSession,1); // Disconnect with "failed" status. |
| 328 | 350 | ||
| 329 | if(msg.description) | 351 | if(msg.description) |