Improving CRL property

Adding options to test program

Improving CRL property
Adding options to test program
Perry Werneck
1 parent bb6f1004
Showing 6 changed files with 95 additions and 66 deletions Show diff stats
configure.ac
src/include/lib3270.h
src/lib3270/properties.c
src/lib3270/ssl/ctx_init.c
src/lib3270/ssl/linux/getcrl.c
src/lib3270/testprogram/testprogram.c
@@ -340,7 +340,7 @@ AC_ARG_ENABLE([ssl-crl-check],
 	app_cv_enable_crl_check="no"
 ])
  
-if test "$app_cv_self_signed_certs" == "yes"; then
+if test "$app_cv_enable_crl_check" == "yes"; then
 	AC_DEFINE(SSL_ENABLE_CRL_CHECK)
 fi
  
@@ -474,7 +474,9 @@
 	 * @return 0 on sucess, non zero on error (sets errno).
 	 *
 	 */
-	 LIB3270_EXPORT int lib3270_set_crl(H3270 *hSession, const char *crl);
+	 LIB3270_EXPORT int lib3270_set_crl_url(H3270 *hSession, const char *crl);
+
+	 LIB3270_EXPORT const char * lib3270_get_crl_url(H3270 *hSession);
  
 	/**
 	 * @brief Get hostname for the connect/reconnect operations.
@@ -285,7 +285,26 @@
 	return lib3270_get_revision();
  }
  
- int lib3270_set_crl(H3270 *hSession, const char *crl)
+ const char * lib3270_get_crl_url(H3270 *hSession)
+ {
+#ifdef SSL_ENABLE_CRL_CHECK
+	if(hSession->ssl.crl)
+		return hSession->ssl.crl;
+
+#ifdef LIB3270_DEFAULT_CRL
+	return LIB3270_DEFAULT_CRL;
+#else
+	return getenv("LIB3270_DEFAULT_CRL");
+#endif // LIB3270_DEFAULT_CRL
+
+#else
+	errno = ENOTSUP;
+	return "";
+#endif
+ }
+
+
+ int lib3270_set_crl_url(H3270 *hSession, const char *crl)
  {
  
     FAIL_IF_ONLINE(hSession);
@@ -313,15 +332,6 @@
  
  }
  
- static const char * lib3270_get_crl(H3270 *hSession)
- {
-#ifdef SSL_ENABLE_CRL_CHECK
-	if(hSession->ssl.crl)
-		return hSession->ssl.crl;
-#endif
- 	return "";
- }
-
  LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void)
  {
 	 static const LIB3270_STRING_PROPERTY properties[] = {
@@ -383,10 +393,10 @@
 		},
  
 		{
-			"crl",										//  Property name.
+			"crlpath",									//  Property name.
 			N_( "URL for the CRL file" ),				//  Property description.
-			lib3270_get_crl,							//  Get value.
-			lib3270_set_crl,							//  Set value.
+			lib3270_get_crl_url,						//  Get value.
+			lib3270_set_crl_url,						//  Set value.
 		},
  
  
@@ -111,42 +111,38 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 	//
 	// https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
 	//
-	if(hSession->ssl.crl)
-	{
-		lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
-
-		if(!crl)
-			return  -1;
-
-		if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
-		{
-			BIO				* out	= BIO_new(BIO_s_mem());
-			unsigned char	* data;
-			unsigned char	* text;
-			int				  n;
+	lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
  
-			X509_CRL_print(out,crl);
+	if(!crl)
+		return  -1;
  
-			n		= BIO_get_mem_data(out, &data);
-			text	= (unsigned char *) malloc (n+1);
-			text[n]	='\0';
-			memcpy(text,data,n);
+	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+	{
+		BIO				* out	= BIO_new(BIO_s_mem());
+		unsigned char	* data;
+		unsigned char	* text;
+		int				  n;
  
-			trace_ssl(hSession,"\n%s\n",text);
+		X509_CRL_print(out,crl);
  
-			free(text);
-			BIO_free(out);
+		n		= BIO_get_mem_data(out, &data);
+		text	= (unsigned char *) malloc (n+1);
+		text[n]	='\0';
+		memcpy(text,data,n);
  
-		}
+		trace_ssl(hSession,"\n%s\n",text);
  
-		X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-		X509_STORE_add_crl(store, crl);
-		X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-		X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-		X509_STORE_set1_param(store, param);
-		X509_VERIFY_PARAM_free(param);
+		free(text);
+		BIO_free(out);
  
 	}
+
+	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+	X509_STORE_add_crl(store, crl);
+	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+	X509_STORE_set1_param(store, param);
+	X509_VERIFY_PARAM_free(param);
 #endif // SSL_ENABLE_CRL_CHECK
  
 	return 0;
@@ -96,29 +96,23 @@ static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
  
 X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 {
-	X509_CRL * crl = NULL;
+	X509_CRL	* crl = NULL;
+	const char	* consturl = lib3270_get_crl_url(hSession);
  
-	if(!hSession->ssl.crl)
-	{
-#ifdef LIB3270_DEFAULT_CRL
-		hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL);
-#else
-		char *env = getenv("LIB3270_DEFAULT_CRL");
-		if(env)
-			hSession->ssl.crl = strdup(env);
-#endif // LIB3270_DEFAULT_CRL
-	}
-
-	if(!hSession->ssl.crl)
+	if(!(consturl && *consturl))
 	{
+		message->error = hSession->ssl.error = 0;
+		message->title = N_( "Security error" );
+		message->text = N_( "Can't open CRL File" );
+		message->description = N_("The URL for the CRL is undefined or empty");
 		return NULL;
 	}
  
-	trace_ssl(hSession, "crl=%s",hSession->ssl.crl);
+	trace_ssl(hSession, "crl=%s",consturl);
  
-	if(strncasecmp(hSession->ssl.crl,"file://",7) == 0)
+	if(strncasecmp(consturl,"file://",7) == 0)
 	{
-		lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r");
+		lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r");
  
 		if(!hCRL)
 		{
@@ -127,20 +121,20 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 			message->title = N_( "Security error" );
 			message->text = N_( "Can't open CRL File" );
 			message->description = strerror(errno);
-			lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description);
+			lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description);
 			return NULL;
  
 		}
  
-		lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7);
+		lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7);
 		d2i_X509_CRL_fp(hCRL, &crl);
  
 	}
 #ifdef HAVE_LDAP
-	else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0)
+	else if(strncasecmp(consturl,"ldap",4) == 0)
 	{
 		int	rc;
-		lib3270_autoptr(char) url = strdup(hSession->ssl.crl);
+		lib3270_autoptr(char) url = strdup(consturl);
  
 		char * attrs[] = { NULL, NULL };
 		char * base = NULL;
@@ -307,7 +301,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 		message->title = N_( "Security error" );
 		message->text = N_( "Unexpected or invalid CRL URL" );
 		message->description = N_("The URL scheme is unknown");
-		lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description);
+		lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
 		return NULL;
 	}
  
@@ -2,20 +2,47 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <getopt.h>
  
 #include <lib3270.h>
  
 #define MAX_ARGS 10
  
-int main(int numpar, char *param[])
+int main(int argc, char *argv[])
 {
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant"
+	static struct option options[] = {
+		{ "crl",		required_argument,	0,	'C' },
+		{ "url",		required_argument,	0,	'U' },
+
+		{ 0, 0, 0, 0}
+
+	};
+	#pragma GCC diagnostic pop
+
 	H3270		* h;
 	int			  rc	= 0;
  
 	h = lib3270_session_new("");
 	printf("3270 session %p created\n]",h);
  
-	// lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com");
+	int long_index =0;
+	int opt;
+	while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) {
+		switch(opt) {
+		case 'U':
+			lib3270_set_url(h,optarg);
+			break;
+
+		case 'C':
+			lib3270_set_crl_url(h,optarg);
+			break;
+		}
+
+	}
+
+	printf("HOST URL: %s\HOST CRL: %s\n",lib3270_get_url(h),lib3270_get_crl_url(h));
  
 	if(lib3270_set_url(h,NULL))
 		lib3270_set_url(h,"tn3270://fandezhi.efglobe.com");
...	...	@@ -340,7 +340,7 @@ AC_ARG_ENABLE([ssl-crl-check],
340	340	app_cv_enable_crl_check="no"
341	341	])
342	342
343		-if test "$app_cv_self_signed_certs" == "yes"; then
	343	+if test "$app_cv_enable_crl_check" == "yes"; then
344	344	AC_DEFINE(SSL_ENABLE_CRL_CHECK)
345	345	fi
346	346
...	...
...	...	@@ -474,7 +474,9 @@
474	474	* @return 0 on sucess, non zero on error (sets errno).
475	475	*
476	476	*/
477		- LIB3270_EXPORT int lib3270_set_crl(H3270 hSession, const char crl);
	477	+ LIB3270_EXPORT int lib3270_set_crl_url(H3270 hSession, const char crl);
	478	+
	479	+ LIB3270_EXPORT const char * lib3270_get_crl_url(H3270 *hSession);
478	480
479	481	/**
480	482	* @brief Get hostname for the connect/reconnect operations.
...	...
...	...	@@ -285,7 +285,26 @@
285	285	return lib3270_get_revision();
286	286	}
287	287
288		- int lib3270_set_crl(H3270 hSession, const char crl)
	288	+ const char * lib3270_get_crl_url(H3270 *hSession)
	289	+ {
	290	+#ifdef SSL_ENABLE_CRL_CHECK
	291	+ if(hSession->ssl.crl)
	292	+ return hSession->ssl.crl;
	293	+
	294	+#ifdef LIB3270_DEFAULT_CRL
	295	+ return LIB3270_DEFAULT_CRL;
	296	+#else
	297	+ return getenv("LIB3270_DEFAULT_CRL");
	298	+#endif // LIB3270_DEFAULT_CRL
	299	+
	300	+#else
	301	+ errno = ENOTSUP;
	302	+ return "";
	303	+#endif
	304	+ }
	305	+
	306	+
	307	+ int lib3270_set_crl_url(H3270 hSession, const char crl)
289	308	{
290	309
291	310	FAIL_IF_ONLINE(hSession);
...	...	@@ -313,15 +332,6 @@
313	332
314	333	}
315	334
316		- static const char * lib3270_get_crl(H3270 *hSession)
317		- {
318		-#ifdef SSL_ENABLE_CRL_CHECK
319		- if(hSession->ssl.crl)
320		- return hSession->ssl.crl;
321		-#endif
322		- return "";
323		- }
324		-
325	335	LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void)
326	336	{
327	337	static const LIB3270_STRING_PROPERTY properties[] = {
...	...	@@ -383,10 +393,10 @@
383	393	},
384	394
385	395	{
386		- "crl", // Property name.
	396	+ "crlpath", // Property name.
387	397	N_( "URL for the CRL file" ), // Property description.
388		- lib3270_get_crl, // Get value.
389		- lib3270_set_crl, // Set value.
	398	+ lib3270_get_crl_url, // Get value.
	399	+ lib3270_set_crl_url, // Set value.
390	400	},
391	401
392	402
...	...
...	...	@@ -111,42 +111,38 @@ int ssl_ctx_init(H3270 hSession, SSL_ERROR_MESSAGE message)
111	111	//
112	112	// https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
113	113	//
114		- if(hSession->ssl.crl)
115		- {
116		- lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
117		-
118		- if(!crl)
119		- return -1;
120		-
121		- if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
122		- {
123		- BIO * out = BIO_new(BIO_s_mem());
124		- unsigned char * data;
125		- unsigned char * text;
126		- int n;
	114	+ lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
127	115
128		- X509_CRL_print(out,crl);
	116	+ if(!crl)
	117	+ return -1;
129	118
130		- n = BIO_get_mem_data(out, &data);
131		- text = (unsigned char *) malloc (n+1);
132		- text[n] ='\0';
133		- memcpy(text,data,n);
	119	+ if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
	120	+ {
	121	+ BIO * out = BIO_new(BIO_s_mem());
	122	+ unsigned char * data;
	123	+ unsigned char * text;
	124	+ int n;
134	125
135		- trace_ssl(hSession,"\n%s\n",text);
	126	+ X509_CRL_print(out,crl);
136	127
137		- free(text);
138		- BIO_free(out);
	128	+ n = BIO_get_mem_data(out, &data);
	129	+ text = (unsigned char *) malloc (n+1);
	130	+ text[n] ='\0';
	131	+ memcpy(text,data,n);
139	132
140		- }
	133	+ trace_ssl(hSession,"\n%s\n",text);
141	134
142		- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
143		- X509_STORE_add_crl(store, crl);
144		- X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
145		- X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
146		- X509_STORE_set1_param(store, param);
147		- X509_VERIFY_PARAM_free(param);
	135	+ free(text);
	136	+ BIO_free(out);
148	137
149	138	}
	139	+
	140	+ X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
	141	+ X509_STORE_add_crl(store, crl);
	142	+ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
	143	+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
	144	+ X509_STORE_set1_param(store, param);
	145	+ X509_VERIFY_PARAM_free(param);
150	146	#endif // SSL_ENABLE_CRL_CHECK
151	147
152	148	return 0;
...	...
...	...	@@ -96,29 +96,23 @@ static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
96	96
97	97	X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)
98	98	{
99		- X509_CRL * crl = NULL;
	99	+ X509_CRL * crl = NULL;
	100	+ const char * consturl = lib3270_get_crl_url(hSession);
100	101
101		- if(!hSession->ssl.crl)
102		- {
103		-#ifdef LIB3270_DEFAULT_CRL
104		- hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL);
105		-#else
106		- char *env = getenv("LIB3270_DEFAULT_CRL");
107		- if(env)
108		- hSession->ssl.crl = strdup(env);
109		-#endif // LIB3270_DEFAULT_CRL
110		- }
111		-
112		- if(!hSession->ssl.crl)
	102	+ if(!(consturl && *consturl))
113	103	{
	104	+ message->error = hSession->ssl.error = 0;
	105	+ message->title = N_( "Security error" );
	106	+ message->text = N_( "Can't open CRL File" );
	107	+ message->description = N_("The URL for the CRL is undefined or empty");
114	108	return NULL;
115	109	}
116	110
117		- trace_ssl(hSession, "crl=%s",hSession->ssl.crl);
	111	+ trace_ssl(hSession, "crl=%s",consturl);
118	112
119		- if(strncasecmp(hSession->ssl.crl,"file://",7) == 0)
	113	+ if(strncasecmp(consturl,"file://",7) == 0)
120	114	{
121		- lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r");
	115	+ lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r");
122	116
123	117	if(!hCRL)
124	118	{
...	...	@@ -127,20 +121,20 @@ X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)
127	121	message->title = N_( "Security error" );
128	122	message->text = N_( "Can't open CRL File" );
129	123	message->description = strerror(errno);
130		- lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description);
	124	+ lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description);
131	125	return NULL;
132	126
133	127	}
134	128
135		- lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7);
	129	+ lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7);
136	130	d2i_X509_CRL_fp(hCRL, &crl);
137	131
138	132	}
139	133	#ifdef HAVE_LDAP
140		- else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0)
	134	+ else if(strncasecmp(consturl,"ldap",4) == 0)
141	135	{
142	136	int rc;
143		- lib3270_autoptr(char) url = strdup(hSession->ssl.crl);
	137	+ lib3270_autoptr(char) url = strdup(consturl);
144	138
145	139	char * attrs[] = { NULL, NULL };
146	140	char * base = NULL;
...	...	@@ -307,7 +301,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 hSession, SSL_ERROR_MESSAGE message)
307	301	message->title = N_( "Security error" );
308	302	message->text = N_( "Unexpected or invalid CRL URL" );
309	303	message->description = N_("The URL scheme is unknown");
310		- lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description);
	304	+ lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
311	305	return NULL;
312	306	}
313	307
...	...
...	...	@@ -2,20 +2,47 @@
2	2	#include <stdio.h>
3	3	#include <string.h>
4	4	#include <stdlib.h>
	5	+#include <getopt.h>
5	6
6	7	#include <lib3270.h>
7	8
8	9	#define MAX_ARGS 10
9	10
10		-int main(int numpar, char *param[])
	11	+int main(int argc, char *argv[])
11	12	{
	13	+ #pragma GCC diagnostic push
	14	+ #pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant"
	15	+ static struct option options[] = {
	16	+ { "crl", required_argument, 0, 'C' },
	17	+ { "url", required_argument, 0, 'U' },
	18	+
	19	+ { 0, 0, 0, 0}
	20	+
	21	+ };
	22	+ #pragma GCC diagnostic pop
	23	+
12	24	H3270 * h;
13	25	int rc = 0;
14	26
15	27	h = lib3270_session_new("");
16	28	printf("3270 session %p created\n]",h);
17	29
18		- // lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com");
	30	+ int long_index =0;
	31	+ int opt;
	32	+ while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) {
	33	+ switch(opt) {
	34	+ case 'U':
	35	+ lib3270_set_url(h,optarg);
	36	+ break;
	37	+
	38	+ case 'C':
	39	+ lib3270_set_crl_url(h,optarg);
	40	+ break;
	41	+ }
	42	+
	43	+ }
	44	+
	45	+ printf("HOST URL: %s\HOST CRL: %s\n",lib3270_get_url(h),lib3270_get_crl_url(h));
19	46
20	47	if(lib3270_set_url(h,NULL))
21	48	lib3270_set_url(h,"tn3270://fandezhi.efglobe.com");
...	...