Commit 5b8675fe37c7e80c83ed0b38cafda3c1ee8d3bd1
1 parent
bb6f1004
Exists in
master
and in
3 other branches
Improving CRL property
Adding options to test program
Showing
6 changed files
with
95 additions
and
66 deletions
Show diff stats
configure.ac
src/include/lib3270.h
... | ... | @@ -474,7 +474,9 @@ |
474 | 474 | * @return 0 on sucess, non zero on error (sets errno). |
475 | 475 | * |
476 | 476 | */ |
477 | - LIB3270_EXPORT int lib3270_set_crl(H3270 *hSession, const char *crl); | |
477 | + LIB3270_EXPORT int lib3270_set_crl_url(H3270 *hSession, const char *crl); | |
478 | + | |
479 | + LIB3270_EXPORT const char * lib3270_get_crl_url(H3270 *hSession); | |
478 | 480 | |
479 | 481 | /** |
480 | 482 | * @brief Get hostname for the connect/reconnect operations. | ... | ... |
src/lib3270/properties.c
... | ... | @@ -285,7 +285,26 @@ |
285 | 285 | return lib3270_get_revision(); |
286 | 286 | } |
287 | 287 | |
288 | - int lib3270_set_crl(H3270 *hSession, const char *crl) | |
288 | + const char * lib3270_get_crl_url(H3270 *hSession) | |
289 | + { | |
290 | +#ifdef SSL_ENABLE_CRL_CHECK | |
291 | + if(hSession->ssl.crl) | |
292 | + return hSession->ssl.crl; | |
293 | + | |
294 | +#ifdef LIB3270_DEFAULT_CRL | |
295 | + return LIB3270_DEFAULT_CRL; | |
296 | +#else | |
297 | + return getenv("LIB3270_DEFAULT_CRL"); | |
298 | +#endif // LIB3270_DEFAULT_CRL | |
299 | + | |
300 | +#else | |
301 | + errno = ENOTSUP; | |
302 | + return ""; | |
303 | +#endif | |
304 | + } | |
305 | + | |
306 | + | |
307 | + int lib3270_set_crl_url(H3270 *hSession, const char *crl) | |
289 | 308 | { |
290 | 309 | |
291 | 310 | FAIL_IF_ONLINE(hSession); |
... | ... | @@ -313,15 +332,6 @@ |
313 | 332 | |
314 | 333 | } |
315 | 334 | |
316 | - static const char * lib3270_get_crl(H3270 *hSession) | |
317 | - { | |
318 | -#ifdef SSL_ENABLE_CRL_CHECK | |
319 | - if(hSession->ssl.crl) | |
320 | - return hSession->ssl.crl; | |
321 | -#endif | |
322 | - return ""; | |
323 | - } | |
324 | - | |
325 | 335 | LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void) |
326 | 336 | { |
327 | 337 | static const LIB3270_STRING_PROPERTY properties[] = { |
... | ... | @@ -383,10 +393,10 @@ |
383 | 393 | }, |
384 | 394 | |
385 | 395 | { |
386 | - "crl", // Property name. | |
396 | + "crlpath", // Property name. | |
387 | 397 | N_( "URL for the CRL file" ), // Property description. |
388 | - lib3270_get_crl, // Get value. | |
389 | - lib3270_set_crl, // Set value. | |
398 | + lib3270_get_crl_url, // Get value. | |
399 | + lib3270_set_crl_url, // Set value. | |
390 | 400 | }, |
391 | 401 | |
392 | 402 | ... | ... |
src/lib3270/ssl/ctx_init.c
... | ... | @@ -111,42 +111,38 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
111 | 111 | // |
112 | 112 | // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session |
113 | 113 | // |
114 | - if(hSession->ssl.crl) | |
115 | - { | |
116 | - lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message); | |
117 | - | |
118 | - if(!crl) | |
119 | - return -1; | |
120 | - | |
121 | - if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
122 | - { | |
123 | - BIO * out = BIO_new(BIO_s_mem()); | |
124 | - unsigned char * data; | |
125 | - unsigned char * text; | |
126 | - int n; | |
114 | + lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message); | |
127 | 115 | |
128 | - X509_CRL_print(out,crl); | |
116 | + if(!crl) | |
117 | + return -1; | |
129 | 118 | |
130 | - n = BIO_get_mem_data(out, &data); | |
131 | - text = (unsigned char *) malloc (n+1); | |
132 | - text[n] ='\0'; | |
133 | - memcpy(text,data,n); | |
119 | + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) | |
120 | + { | |
121 | + BIO * out = BIO_new(BIO_s_mem()); | |
122 | + unsigned char * data; | |
123 | + unsigned char * text; | |
124 | + int n; | |
134 | 125 | |
135 | - trace_ssl(hSession,"\n%s\n",text); | |
126 | + X509_CRL_print(out,crl); | |
136 | 127 | |
137 | - free(text); | |
138 | - BIO_free(out); | |
128 | + n = BIO_get_mem_data(out, &data); | |
129 | + text = (unsigned char *) malloc (n+1); | |
130 | + text[n] ='\0'; | |
131 | + memcpy(text,data,n); | |
139 | 132 | |
140 | - } | |
133 | + trace_ssl(hSession,"\n%s\n",text); | |
141 | 134 | |
142 | - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | |
143 | - X509_STORE_add_crl(store, crl); | |
144 | - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); | |
145 | - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | |
146 | - X509_STORE_set1_param(store, param); | |
147 | - X509_VERIFY_PARAM_free(param); | |
135 | + free(text); | |
136 | + BIO_free(out); | |
148 | 137 | |
149 | 138 | } |
139 | + | |
140 | + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | |
141 | + X509_STORE_add_crl(store, crl); | |
142 | + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); | |
143 | + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | |
144 | + X509_STORE_set1_param(store, param); | |
145 | + X509_VERIFY_PARAM_free(param); | |
150 | 146 | #endif // SSL_ENABLE_CRL_CHECK |
151 | 147 | |
152 | 148 | return 0; | ... | ... |
src/lib3270/ssl/linux/getcrl.c
... | ... | @@ -96,29 +96,23 @@ static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr) |
96 | 96 | |
97 | 97 | X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
98 | 98 | { |
99 | - X509_CRL * crl = NULL; | |
99 | + X509_CRL * crl = NULL; | |
100 | + const char * consturl = lib3270_get_crl_url(hSession); | |
100 | 101 | |
101 | - if(!hSession->ssl.crl) | |
102 | - { | |
103 | -#ifdef LIB3270_DEFAULT_CRL | |
104 | - hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL); | |
105 | -#else | |
106 | - char *env = getenv("LIB3270_DEFAULT_CRL"); | |
107 | - if(env) | |
108 | - hSession->ssl.crl = strdup(env); | |
109 | -#endif // LIB3270_DEFAULT_CRL | |
110 | - } | |
111 | - | |
112 | - if(!hSession->ssl.crl) | |
102 | + if(!(consturl && *consturl)) | |
113 | 103 | { |
104 | + message->error = hSession->ssl.error = 0; | |
105 | + message->title = N_( "Security error" ); | |
106 | + message->text = N_( "Can't open CRL File" ); | |
107 | + message->description = N_("The URL for the CRL is undefined or empty"); | |
114 | 108 | return NULL; |
115 | 109 | } |
116 | 110 | |
117 | - trace_ssl(hSession, "crl=%s",hSession->ssl.crl); | |
111 | + trace_ssl(hSession, "crl=%s",consturl); | |
118 | 112 | |
119 | - if(strncasecmp(hSession->ssl.crl,"file://",7) == 0) | |
113 | + if(strncasecmp(consturl,"file://",7) == 0) | |
120 | 114 | { |
121 | - lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r"); | |
115 | + lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r"); | |
122 | 116 | |
123 | 117 | if(!hCRL) |
124 | 118 | { |
... | ... | @@ -127,20 +121,20 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
127 | 121 | message->title = N_( "Security error" ); |
128 | 122 | message->text = N_( "Can't open CRL File" ); |
129 | 123 | message->description = strerror(errno); |
130 | - lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description); | |
124 | + lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description); | |
131 | 125 | return NULL; |
132 | 126 | |
133 | 127 | } |
134 | 128 | |
135 | - lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7); | |
129 | + lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7); | |
136 | 130 | d2i_X509_CRL_fp(hCRL, &crl); |
137 | 131 | |
138 | 132 | } |
139 | 133 | #ifdef HAVE_LDAP |
140 | - else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0) | |
134 | + else if(strncasecmp(consturl,"ldap",4) == 0) | |
141 | 135 | { |
142 | 136 | int rc; |
143 | - lib3270_autoptr(char) url = strdup(hSession->ssl.crl); | |
137 | + lib3270_autoptr(char) url = strdup(consturl); | |
144 | 138 | |
145 | 139 | char * attrs[] = { NULL, NULL }; |
146 | 140 | char * base = NULL; |
... | ... | @@ -307,7 +301,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
307 | 301 | message->title = N_( "Security error" ); |
308 | 302 | message->text = N_( "Unexpected or invalid CRL URL" ); |
309 | 303 | message->description = N_("The URL scheme is unknown"); |
310 | - lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description); | |
304 | + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description); | |
311 | 305 | return NULL; |
312 | 306 | } |
313 | 307 | ... | ... |
src/lib3270/testprogram/testprogram.c
... | ... | @@ -2,20 +2,47 @@ |
2 | 2 | #include <stdio.h> |
3 | 3 | #include <string.h> |
4 | 4 | #include <stdlib.h> |
5 | +#include <getopt.h> | |
5 | 6 | |
6 | 7 | #include <lib3270.h> |
7 | 8 | |
8 | 9 | #define MAX_ARGS 10 |
9 | 10 | |
10 | -int main(int numpar, char *param[]) | |
11 | +int main(int argc, char *argv[]) | |
11 | 12 | { |
13 | + #pragma GCC diagnostic push | |
14 | + #pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant" | |
15 | + static struct option options[] = { | |
16 | + { "crl", required_argument, 0, 'C' }, | |
17 | + { "url", required_argument, 0, 'U' }, | |
18 | + | |
19 | + { 0, 0, 0, 0} | |
20 | + | |
21 | + }; | |
22 | + #pragma GCC diagnostic pop | |
23 | + | |
12 | 24 | H3270 * h; |
13 | 25 | int rc = 0; |
14 | 26 | |
15 | 27 | h = lib3270_session_new(""); |
16 | 28 | printf("3270 session %p created\n]",h); |
17 | 29 | |
18 | - // lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com"); | |
30 | + int long_index =0; | |
31 | + int opt; | |
32 | + while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) { | |
33 | + switch(opt) { | |
34 | + case 'U': | |
35 | + lib3270_set_url(h,optarg); | |
36 | + break; | |
37 | + | |
38 | + case 'C': | |
39 | + lib3270_set_crl_url(h,optarg); | |
40 | + break; | |
41 | + } | |
42 | + | |
43 | + } | |
44 | + | |
45 | + printf("HOST URL: %s\HOST CRL: %s\n",lib3270_get_url(h),lib3270_get_crl_url(h)); | |
19 | 46 | |
20 | 47 | if(lib3270_set_url(h,NULL)) |
21 | 48 | lib3270_set_url(h,"tn3270://fandezhi.efglobe.com"); | ... | ... |