Improving CRL property

Adding options to test program

Improving CRL property
Adding options to test program
Perry Werneck
1 parent bb6f1004
Showing 6 changed files with 95 additions and 66 deletions Show diff stats
configure.ac
src/include/lib3270.h
src/lib3270/properties.c
src/lib3270/ssl/ctx_init.c
src/lib3270/ssl/linux/getcrl.c
src/lib3270/testprogram/testprogram.c
@@ -340,7 +340,7 @@ AC_ARG_ENABLE([ssl-crl-check],
 	app_cv_enable_crl_check="no"
 ])
-if test "$app_cv_self_signed_certs" == "yes"; then
+if test "$app_cv_enable_crl_check" == "yes"; then
 	AC_DEFINE(SSL_ENABLE_CRL_CHECK)
 fi
@@ -474,7 +474,9 @@
 	 * @return 0 on sucess, non zero on error (sets errno).
 	 *
 	 */
-	 LIB3270_EXPORT int lib3270_set_crl(H3270 *hSession, const char *crl);
+	 LIB3270_EXPORT int lib3270_set_crl_url(H3270 *hSession, const char *crl);
+
+	 LIB3270_EXPORT const char * lib3270_get_crl_url(H3270 *hSession);
 	/**
 	 * @brief Get hostname for the connect/reconnect operations.
@@ -285,7 +285,26 @@
 	return lib3270_get_revision();
  }
- int lib3270_set_crl(H3270 *hSession, const char *crl)
+ const char * lib3270_get_crl_url(H3270 *hSession)
+ {
+#ifdef SSL_ENABLE_CRL_CHECK
+	if(hSession->ssl.crl)
+		return hSession->ssl.crl;
+
+#ifdef LIB3270_DEFAULT_CRL
+	return LIB3270_DEFAULT_CRL;
+#else
+	return getenv("LIB3270_DEFAULT_CRL");
+#endif // LIB3270_DEFAULT_CRL
+
+#else
+	errno = ENOTSUP;
+	return "";
+#endif
+ }
+
+
+ int lib3270_set_crl_url(H3270 *hSession, const char *crl)
  {
     FAIL_IF_ONLINE(hSession);
@@ -313,15 +332,6 @@
  }
- static const char * lib3270_get_crl(H3270 *hSession)
- {
-#ifdef SSL_ENABLE_CRL_CHECK
-	if(hSession->ssl.crl)
-		return hSession->ssl.crl;
-#endif
- 	return "";
- }
-
  LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void)
  {
 	 static const LIB3270_STRING_PROPERTY properties[] = {
@@ -383,10 +393,10 @@
 		},
 		{
-			"crl",										//  Property name.
+			"crlpath",									//  Property name.
 			N_( "URL for the CRL file" ),				//  Property description.
-			lib3270_get_crl,							//  Get value.
-			lib3270_set_crl,							//  Set value.
+			lib3270_get_crl_url,						//  Get value.
+			lib3270_set_crl_url,						//  Set value.
 		},
@@ -111,42 +111,38 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 	//
 	// https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
 	//
-	if(hSession->ssl.crl)
-	{
-		lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
-
-		if(!crl)
-			return  -1;
-
-		if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
-		{
-			BIO				* out	= BIO_new(BIO_s_mem());
-			unsigned char	* data;
-			unsigned char	* text;
-			int				  n;
+	lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
-			X509_CRL_print(out,crl);
+	if(!crl)
+		return  -1;
-			n		= BIO_get_mem_data(out, &data);
-			text	= (unsigned char *) malloc (n+1);
-			text[n]	='\0';
-			memcpy(text,data,n);
+	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+	{
+		BIO				* out	= BIO_new(BIO_s_mem());
+		unsigned char	* data;
+		unsigned char	* text;
+		int				  n;
-			trace_ssl(hSession,"\n%s\n",text);
+		X509_CRL_print(out,crl);
-			free(text);
-			BIO_free(out);
+		n		= BIO_get_mem_data(out, &data);
+		text	= (unsigned char *) malloc (n+1);
+		text[n]	='\0';
+		memcpy(text,data,n);
-		}
+		trace_ssl(hSession,"\n%s\n",text);
-		X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-		X509_STORE_add_crl(store, crl);
-		X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-		X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-		X509_STORE_set1_param(store, param);
-		X509_VERIFY_PARAM_free(param);
+		free(text);
+		BIO_free(out);
 	}
+
+	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+	X509_STORE_add_crl(store, crl);
+	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+	X509_STORE_set1_param(store, param);
+	X509_VERIFY_PARAM_free(param);
 #endif // SSL_ENABLE_CRL_CHECK
 	return 0;
@@ -96,29 +96,23 @@ static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
 X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 {
-	X509_CRL * crl = NULL;
+	X509_CRL	* crl = NULL;
+	const char	* consturl = lib3270_get_crl_url(hSession);
-	if(!hSession->ssl.crl)
-	{
-#ifdef LIB3270_DEFAULT_CRL
-		hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL);
-#else
-		char *env = getenv("LIB3270_DEFAULT_CRL");
-		if(env)
-			hSession->ssl.crl = strdup(env);
-#endif // LIB3270_DEFAULT_CRL
-	}
-
-	if(!hSession->ssl.crl)
+	if(!(consturl && *consturl))
 	{
+		message->error = hSession->ssl.error = 0;
+		message->title = N_( "Security error" );
+		message->text = N_( "Can't open CRL File" );
+		message->description = N_("The URL for the CRL is undefined or empty");
 		return NULL;
 	}
-	trace_ssl(hSession, "crl=%s",hSession->ssl.crl);
+	trace_ssl(hSession, "crl=%s",consturl);
-	if(strncasecmp(hSession->ssl.crl,"file://",7) == 0)
+	if(strncasecmp(consturl,"file://",7) == 0)
 	{
-		lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r");
+		lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r");
 		if(!hCRL)
 		{
@@ -127,20 +121,20 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 			message->title = N_( "Security error" );
 			message->text = N_( "Can't open CRL File" );
 			message->description = strerror(errno);
-			lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description);
+			lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description);
 			return NULL;
 		}
-		lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7);
+		lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7);
 		d2i_X509_CRL_fp(hCRL, &crl);
 	}
 #ifdef HAVE_LDAP
-	else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0)
+	else if(strncasecmp(consturl,"ldap",4) == 0)
 	{
 		int	rc;
-		lib3270_autoptr(char) url = strdup(hSession->ssl.crl);
+		lib3270_autoptr(char) url = strdup(consturl);
 		char * attrs[] = { NULL, NULL };
 		char * base = NULL;
@@ -307,7 +301,7 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 		message->title = N_( "Security error" );
 		message->text = N_( "Unexpected or invalid CRL URL" );
 		message->description = N_("The URL scheme is unknown");
-		lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description);
+		lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
 		return NULL;
 	}
@@ -2,20 +2,47 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <getopt.h>
 #include <lib3270.h>
 #define MAX_ARGS 10
-int main(int numpar, char *param[])
+int main(int argc, char *argv[])
 {
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant"
+	static struct option options[] = {
+		{ "crl",		required_argument,	0,	'C' },
+		{ "url",		required_argument,	0,	'U' },
+
+		{ 0, 0, 0, 0}
+
+	};
+	#pragma GCC diagnostic pop
+
 	H3270		* h;
 	int			  rc	= 0;
 	h = lib3270_session_new("");
 	printf("3270 session %p created\n]",h);
-	// lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com");
+	int long_index =0;
+	int opt;
+	while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) {
+		switch(opt) {
+		case 'U':
+			lib3270_set_url(h,optarg);
+			break;
+
+		case 'C':
+			lib3270_set_crl_url(h,optarg);
+			break;
+		}
+
+	}
+
+	printf("HOST URL: %s\HOST CRL: %s\n",lib3270_get_url(h),lib3270_get_crl_url(h));
 	if(lib3270_set_url(h,NULL))
 		lib3270_set_url(h,"tn3270://fandezhi.efglobe.com");
	@@ -340,7 +340,7 @@ AC_ARG_ENABLE([ssl-crl-check],		@@ -340,7 +340,7 @@ AC_ARG_ENABLE([ssl-crl-check],
340	app_cv_enable_crl_check="no"	340	app_cv_enable_crl_check="no"
341	])	341	])
342		342
343	-if test "$app_cv_self_signed_certs" == "yes"; then	343	+if test "$app_cv_enable_crl_check" == "yes"; then
344	AC_DEFINE(SSL_ENABLE_CRL_CHECK)	344	AC_DEFINE(SSL_ENABLE_CRL_CHECK)
345	fi	345	fi
346		346
	@@ -2,20 +2,47 @@		@@ -2,20 +2,47 @@
2	#include <stdio.h>	2	#include <stdio.h>
3	#include <string.h>	3	#include <string.h>
4	#include <stdlib.h>	4	#include <stdlib.h>
		5	+#include <getopt.h>
5		6
6	#include <lib3270.h>	7	#include <lib3270.h>
7		8
8	#define MAX_ARGS 10	9	#define MAX_ARGS 10
9		10
10	-int main(int numpar, char *param[])	11	+int main(int argc, char *argv[])
11	{	12	{
		13	+ #pragma GCC diagnostic push
		14	+ #pragma GCC diagnostic ignored "-Wzero-as-null-pointer-constant"
		15	+ static struct option options[] = {
		16	+ { "crl", required_argument, 0, 'C' },
		17	+ { "url", required_argument, 0, 'U' },
		18	+
		19	+ { 0, 0, 0, 0}
		20	+
		21	+ };
		22	+ #pragma GCC diagnostic pop
		23	+
12	H3270 * h;	24	H3270 * h;
13	int rc = 0;	25	int rc = 0;
14		26
15	h = lib3270_session_new("");	27	h = lib3270_session_new("");
16	printf("3270 session %p created\n]",h);	28	printf("3270 session %p created\n]",h);
17		29
18	- // lib3270_set_url(h,url ? url : "tn3270://fandezhi.efglobe.com");	30	+ int long_index =0;
		31	+ int opt;
		32	+ while((opt = getopt_long(argc, argv, "C:U:", options, &long_index )) != -1) {
		33	+ switch(opt) {
		34	+ case 'U':
		35	+ lib3270_set_url(h,optarg);
		36	+ break;
		37	+
		38	+ case 'C':
		39	+ lib3270_set_crl_url(h,optarg);
		40	+ break;
		41	+ }
		42	+
		43	+ }
		44	+
		45	+ printf("HOST URL: %s\HOST CRL: %s\n",lib3270_get_url(h),lib3270_get_crl_url(h));
19		46
20	if(lib3270_set_url(h,NULL))	47	if(lib3270_set_url(h,NULL))
21	lib3270_set_url(h,"tn3270://fandezhi.efglobe.com");	48	lib3270_set_url(h,"tn3270://fandezhi.efglobe.com");