From 5b8675fe37c7e80c83ed0b38cafda3c1ee8d3bd1 Mon Sep 17 00:00:00 2001
From: Perry Werneck <perry.werneck@gmail.com>
Date: Wed, 16 Jan 2019 09:01:36 -0200
Subject: [PATCH] Improving CRL property Adding options to test program

---
 configure.ac                          |  2 +-
 src/include/lib3270.h                 |  4 +++-
 src/lib3270/properties.c              | 36 +++++++++++++++++++++++-------------
 src/lib3270/ssl/ctx_init.c            | 52 ++++++++++++++++++++++++----------------------------
 src/lib3270/ssl/linux/getcrl.c        | 36 +++++++++++++++---------------------
 src/lib3270/testprogram/testprogram.c | 31 +++++++++++++++++++++++++++++--
 6 files changed, 95 insertions(+), 66 deletions(-)

diff --git a/configure.ac b/configure.ac
index 5832eda..20c95e3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -340,7 +340,7 @@ AC_ARG_ENABLE([ssl-crl-check],
 	app_cv_enable_crl_check="no"
 ])
 
-if test "$app_cv_self_signed_certs" == "yes"; then
+if test "$app_cv_enable_crl_check" == "yes"; then
 	AC_DEFINE(SSL_ENABLE_CRL_CHECK)
 fi
 
diff --git a/src/include/lib3270.h b/src/include/lib3270.h
index 577ae29..ce851ae 100644
--- a/src/include/lib3270.h
+++ b/src/include/lib3270.h
@@ -474,7 +474,9 @@
 	 * @return 0 on sucess, non zero on error (sets errno).
 	 *
 	 */
-	 LIB3270_EXPORT int lib3270_set_crl(H3270 *hSession, const char *crl);
+	 LIB3270_EXPORT int lib3270_set_crl_url(H3270 *hSession, const char *crl);
+
+	 LIB3270_EXPORT const char * lib3270_get_crl_url(H3270 *hSession);
 
 	/**
 	 * @brief Get hostname for the connect/reconnect operations.
diff --git a/src/lib3270/properties.c b/src/lib3270/properties.c
index 3622ee6..0e2931b 100644
--- a/src/lib3270/properties.c
+++ b/src/lib3270/properties.c
@@ -285,7 +285,26 @@
 	return lib3270_get_revision();
  }
 
- int lib3270_set_crl(H3270 *hSession, const char *crl)
+ const char * lib3270_get_crl_url(H3270 *hSession)
+ {
+#ifdef SSL_ENABLE_CRL_CHECK
+	if(hSession->ssl.crl)
+		return hSession->ssl.crl;
+
+#ifdef LIB3270_DEFAULT_CRL
+	return LIB3270_DEFAULT_CRL;
+#else
+	return getenv("LIB3270_DEFAULT_CRL");
+#endif // LIB3270_DEFAULT_CRL
+
+#else
+	errno = ENOTSUP;
+	return "";
+#endif
+ }
+
+
+ int lib3270_set_crl_url(H3270 *hSession, const char *crl)
  {
 
     FAIL_IF_ONLINE(hSession);
@@ -313,15 +332,6 @@
 
  }
 
- static const char * lib3270_get_crl(H3270 *hSession)
- {
-#ifdef SSL_ENABLE_CRL_CHECK
-	if(hSession->ssl.crl)
-		return hSession->ssl.crl;
-#endif
- 	return "";
- }
-
  LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void)
  {
 	 static const LIB3270_STRING_PROPERTY properties[] = {
@@ -383,10 +393,10 @@
 		},
 
 		{
-			"crl",										//  Property name.
+			"crlpath",									//  Property name.
 			N_( "URL for the CRL file" ),				//  Property description.
-			lib3270_get_crl,							//  Get value.
-			lib3270_set_crl,							//  Set value.
+			lib3270_get_crl_url,						//  Get value.
+			lib3270_set_crl_url,						//  Set value.
 		},
 
 
diff --git a/src/lib3270/ssl/ctx_init.c b/src/lib3270/ssl/ctx_init.c
index d8e6942..b0646ca 100644
--- a/src/lib3270/ssl/ctx_init.c
+++ b/src/lib3270/ssl/ctx_init.c
@@ -111,42 +111,38 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 	//
 	// https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
 	//
-	if(hSession->ssl.crl)
-	{
-		lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
-
-		if(!crl)
-			return  -1;
-
-		if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
-		{
-			BIO				* out	= BIO_new(BIO_s_mem());
-			unsigned char	* data;
-			unsigned char	* text;
-			int				  n;
+	lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
 
-			X509_CRL_print(out,crl);
+	if(!crl)
+		return  -1;
 
-			n		= BIO_get_mem_data(out, &data);
-			text	= (unsigned char *) malloc (n+1);
-			text[n]	='\0';
-			memcpy(text,data,n);
+	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+	{
+		BIO				* out	= BIO_new(BIO_s_mem());
+		unsigned char	* data;
+		unsigned char	* text;
+		int				  n;
 
-			trace_ssl(hSession,"\n%s\n",text);
+		X509_CRL_print(out,crl);
 
-			free(text);
-			BIO_free(out);
+		n		= BIO_get_mem_data(out, &data);
+		text	= (unsigned char *) malloc (n+1);
+		text[n]	='\0';
+		memcpy(text,data,n);
 
-		}
+		trace_ssl(hSession,"\n%s\n",text);
 
-		X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-		X509_STORE_add_crl(store, crl);
-		X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-		X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-		X509_STORE_set1_param(store, param);
-		X509_VERIFY_PARAM_free(param);
+		free(text);
+		BIO_free(out);
 
 	}
+
+	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+	X509_STORE_add_crl(store, crl);
+	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+	X509_STORE_set1_param(store, param);
+	X509_VERIFY_PARAM_free(param);
 #endif // SSL_ENABLE_CRL_CHECK
 
 	return 0;
diff --git a/src/lib3270/ssl/linux/getcrl.c b/src/lib3270/ssl/linux/getcrl.c
index e9d4e16..19e9667 100644
--- a/src/lib3270/ssl/linux/getcrl.c
+++ b/src/lib3270/ssl/linux/getcrl.c
@@ -96,29 +96,23 @@ static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
 
 X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 {
-	X509_CRL * crl = NULL;
+	X509_CRL	* crl = NULL;
+	const char	* consturl = lib3270_get_crl_url(hSession);
 
-	if(!hSession->ssl.crl)
-	{
-#ifdef LIB3270_DEFAULT_CRL
-		hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL);
-#else
-		char *env = getenv("LIB3270_DEFAULT_CRL");
-		if(env)
-			hSession->ssl.crl = strdup(env);
-#endif // LIB3270_DEFAULT_CRL
-	}
-
-	if(!hSession->ssl.crl)
+	if(!(consturl && *consturl))
 	{
+		message->error = hSession->ssl.error = 0;
+		message->title = N_( "Security error" );
+		message->text = N_( "Can't open CRL File" );
+		message->description = N_("The URL for the CRL is undefined or empty");
 		return NULL;
 	}
 
-	trace_ssl(hSession, "crl=%s",hSession->ssl.crl);
+	trace_ssl(hSession, "crl=%s",consturl);
 
-	if(strncasecmp(hSession->ssl.crl,"file://",7) == 0)
+	if(strncasecmp(consturl,"file://",7) == 0)
 	{
-		lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r");
+		lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r");
 
 		if(!hCRL)
 		{
@@ -127,20 +121,20 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 			message->title = N_( "Security error" );
 			message->text = N_( "Can't open CRL File" );
 			message->description = strerror(errno);
-			lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description);
+			lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description);
 			return NULL;
 
 		}
 
-		lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7);
+		lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7);
 		d2i_X509_CRL_fp(hCRL, &crl);
 
 	}
 #ifdef HAVE_LDAP
-	else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0)
+	else if(strncasecmp(consturl,"ldap",4) == 0)
 	{
 		int	rc;
-		lib3270_autoptr(char) url = strdup(hSession->ssl.crl);
+		lib3270_autoptr(char) url = strdup(consturl);
 
 		char * attrs[] = { NULL, NULL };
 		char * base = NULL;
@@ -307,7 +301,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 		message->title = N_( "Security error" );
 		message->text = N_( "Unexpected or invalid CRL URL" );
 		message->description = N_("The URL scheme is unknown");
-		lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description);
+		lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
 		return NULL;
 	}
 
diff --git a/src/lib3270/testprogram/testprogram.c b/src/lib3270/testprogram/testprogram.c
index ee9970a..8bc4f96 100644
--- a/src/lib3270/testprogram/testprogram.c
+++ b/src/lib3270/testprogram/testprogram.c
@@ -2,20 +2,47 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <getopt.h>
 
 #include <lib3270.h>
 
 #define MAX_ARGS 10
 
-int main(int numpar, char *param[])
+int main(int argc, char *argv[])
 {
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant"
+	static struct option options[] = {
+		{ "crl",		required_argument,	0,	'C' },
+		{ "url",		required_argument,	0,	'U' },
+
+		{ 0, 0, 0, 0}
+
+	};
+	#pragma GCC diagnostic pop
+
 	H3270		* h;
 	int			  rc	= 0;
 
 	h = lib3270_session_new("");
 	printf("3270 session %p created\n]",h);
 
-	// lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com");
+	int long_index =0;
+	int opt;
+	while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) {
+		switch(opt) {
+		case 'U':
+			lib3270_set_url(h,optarg);
+			break;
+
+		case 'C':
+			lib3270_set_crl_url(h,optarg);
+			break;
+		}
+
+	}
+
+	printf("HOST URL: %s\HOST CRL: %s\n",lib3270_get_url(h),lib3270_get_crl_url(h));
 
 	if(lib3270_set_url(h,NULL))
 		lib3270_set_url(h,"tn3270://fandezhi.efglobe.com");
--
libgit2 0.21.2