diff --git a/lib3270.cbp b/lib3270.cbp
index f995b31..81dc8c6 100644
--- a/lib3270.cbp
+++ b/lib3270.cbp
@@ -126,9 +126,6 @@
-
-
-
diff --git a/src/include/lib3270.h b/src/include/lib3270.h
index 4674d33..38bed3e 100644
--- a/src/include/lib3270.h
+++ b/src/include/lib3270.h
@@ -1176,6 +1176,14 @@
LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr);
LIB3270_EXPORT void * lib3270_strdup(const char *str);
+ #define LIB3270_AUTOPTR_FUNC_NAME(TypeName) lib3270_autoptr_cleanup_##TypeName
+
+ /**
+ * @brief Declare an auto-cleanup pointer.
+ *
+ */
+ #define lib3270_autoptr(TypeName) TypeName * __attribute__ ((__cleanup__(LIB3270_AUTOPTR_FUNC_NAME(TypeName))))
+
/**
* @brief Release allocated memory.
*
@@ -1185,6 +1193,7 @@
*/
LIB3270_EXPORT void * lib3270_free(void *p);
+ LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr);
/**
* Get default session handle.
diff --git a/src/lib3270/private.h b/src/lib3270/private.h
index 50cf0b3..b0057d9 100644
--- a/src/lib3270/private.h
+++ b/src/lib3270/private.h
@@ -234,10 +234,6 @@ struct lib3270_text
unsigned short attr; ///< @brief Converted character attribute (color & etc)
};
-#ifndef HEADER_SSL_H
- #define SSL void
-#endif // !HEADER_SSL_H
-
#ifndef LIB3270_TA
#define LIB3270_TA void
#endif // !LIB3270_TA
@@ -314,7 +310,6 @@ struct _h3270
// flags
LIB3270_OPTION options; ///< @brief Session options.
-// int bgthread : 1; ///< @brief Running on a background thread ?.
int selected : 1; ///< @brief Has selected region?
int rectsel : 1; ///< @brief Selected region is a rectangle ?
int vcontrol : 1; ///< @brief Visible control ?
@@ -334,15 +329,15 @@ struct _h3270
int onlcr : 1;
int bsd_tm : 1;
int syncing : 1;
- int reverse : 1; /**< reverse-input mode */
+ int reverse : 1; /**< @brief reverse-input mode */
int dbcs : 1;
int linemode : 1;
int trace_skipping : 1;
int need_tls_follows : 1;
int cut_xfer_in_progress : 1;
// int auto_keymap : 1;
- int formatted : 1; /**< Formatted screen flag */
- int starting : 1; /**< Is starting (no first screen)? */
+ int formatted : 1; /**< @brief Formatted screen flag */
+ int starting : 1; /**< @brief Is starting (no first screen)? */
char * oversize;
@@ -382,7 +377,7 @@ struct _h3270
unsigned short current_port;
// Misc
- H3270FT * ft; /**< Active file transfer data */
+ H3270FT * ft; /**< @brief Active file transfer data */
// screen info
int ov_rows;
@@ -395,14 +390,14 @@ struct _h3270
int cursor_addr;
int buffer_addr;
char flipped;
- int screen_alt; /**< alternate screen? */
+ int screen_alt; /**< @brief alternate screen? */
int is_altbuffer;
// Screen contents
- void * buffer[2]; /**< Internal buffers */
- struct lib3270_ea * ea_buf; /**< 3270 device buffer. ea_buf[-1] is the dummy default field attribute */
- struct lib3270_ea * aea_buf; /**< alternate 3270 extended attribute buffer */
- struct lib3270_text * text; /**< Converted 3270 chars */
+ void * buffer[2]; /**< @brief Internal buffers */
+ struct lib3270_ea * ea_buf; /**< @brief 3270 device buffer. ea_buf[-1] is the dummy default field attribute */
+ struct lib3270_ea * aea_buf; /**< @brief alternate 3270 extended attribute buffer */
+ struct lib3270_text * text; /**< @brief Converted 3270 chars */
// host.c
char std_ds_host;
@@ -424,7 +419,7 @@ struct _h3270
int mticking : 1;
int crm_nattr;
unsigned char crm_attr[16];
- unsigned char * zero_buf; /**< empty buffer, for area clears */
+ unsigned char * zero_buf; /**< @brief Empty buffer, for area clears */
struct timeval t_start;
void * tick_id;
@@ -432,8 +427,8 @@ struct _h3270
// Telnet.c
unsigned char * ibuf;
- int ibuf_size; /**< size of ibuf */
- unsigned char * obuf; /**< 3270 output buffer */
+ int ibuf_size; /**< @brief size of ibuf */
+ unsigned char * obuf; /**< @brief 3270 output buffer */
unsigned char * obptr;
time_t ns_time;
int ns_brcvd;
@@ -441,8 +436,8 @@ struct _h3270
int ns_bsent;
int ns_rsent;
struct timeval ds_ts;
- unsigned long e_funcs; /**< negotiated TN3270E functions */
- unsigned short e_xmit_seq; /**< transmit sequence number */
+ unsigned long e_funcs; /**< @brief negotiated TN3270E functions */
+ unsigned short e_xmit_seq; /**< @brief transmit sequence number */
int response_required;
int tn3270e_bound;
int tn3270e_negotiated;
@@ -468,7 +463,7 @@ struct _h3270
E_SSCP
} tn3270e_submode;
- unsigned char * lbuf; /**< line-mode input buffer */
+ unsigned char * lbuf; /**< @brief line-mode input buffer */
unsigned char * lbptr;
@@ -476,7 +471,6 @@ struct _h3270
unsigned char * ibptr;
unsigned char * obuf_base;
int obuf_size;
-// unsigned char * netrbuf;
// network input buffer
unsigned char * sbbuf;
@@ -484,14 +478,13 @@ struct _h3270
// telnet sub-option buffer
unsigned char * sbptr;
unsigned char telnet_state;
-// char ttype_tmpval[13];
unsigned char myopts[LIB3270_TELNET_N_OPTS];
unsigned char hisopts[LIB3270_TELNET_N_OPTS];
// kybd.c
- unsigned int kybdlock; ///< @brief keyboard lock state
- unsigned char aid; ///< @brief current attention ID
+ unsigned int kybdlock; ///< @brief @brief keyboard lock state.
+ unsigned char aid; ///< @brief @brief current attention ID.
void * unlock_id;
time_t unlock_delay_time;
unsigned long unlock_delay_ms; ///< @brief Delay before actually unlocking the keyboard after the host permits it.
@@ -548,12 +541,12 @@ struct _h3270
int saved_wide_mode : 1;
int saved_altbuffer : 1;
- int ansi_reset : 1; /**< Non zero if the ansi_reset() was called in this session */
+ int ansi_reset : 1; /**< @brief Non zero if the ansi_reset() was called in this session */
int ansi_ch;
int cs_to_change;
- /** ANSI Character sets. */
+ /** @brief ANSI Character sets. */
enum lib3270_ansi_cs
{
LIB3270_ANSI_CS_G0 = 0,
@@ -563,7 +556,7 @@ struct _h3270
} cset;
enum lib3270_ansi_cs saved_cset;
- /** Character set designations. */
+ /** @brief Character set designations. */
enum lib3270_ansi_csd
{
LIB3270_ANSI_CSD_LD = 0,
@@ -605,7 +598,8 @@ struct _h3270
void * except;
} xio;
- // SSL Data (Always defined to maintain the structure size)
+#ifdef HAVE_LIBSSL
+ /// @brief SSL Data.
struct
{
char host;
@@ -613,12 +607,13 @@ struct _h3270
unsigned long error;
SSL * con;
} ssl;
+#endif // HAVE_LIBSSL
timeout_t * timeouts;
input_t * inputs;
int inputs_changed : 1;
- // Trace Window.
+ // Trace methods.
struct {
void (*handler)(H3270 *session, void *userdata, const char *fmt, va_list args);
void *userdata;
@@ -662,7 +657,7 @@ LIB3270_INTERNAL int check_offline_session(H3270 *hSession);
LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
-#if defined(HAVE_LIBSSL) /*[*/
+#if defined(HAVE_LIBSSL)
typedef struct _ssl_error_message
{
@@ -672,17 +667,16 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
const char * description;
} SSL_ERROR_MESSAGE;
-
LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message);
LIB3270_INTERNAL int ssl_init(H3270 *session);
LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession);
LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
#define INFO_CONST const
- #else /*][*/
+ #else
#define INFO_CONST
- #endif /*]*/
+ #endif
LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
@@ -698,5 +692,9 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
*/
LIB3270_INTERNAL int ssl_3270_ex_index;
-#endif /*]*/
+ #ifdef SSL_ENABLE_CRL_CHECK
+ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message);
+ #endif // SSL_ENABLE_CRL_CHECK
+
+#endif
diff --git a/src/lib3270/properties.c b/src/lib3270/properties.c
index 1b2e6db..9b18ba4 100644
--- a/src/lib3270/properties.c
+++ b/src/lib3270/properties.c
@@ -48,6 +48,16 @@
return (int) lib3270_get_program_message(hSession);
}
+ int lib3270_is_starting(H3270 *hSession)
+ {
+ return hSession->starting != 0;
+ }
+
+ int lib3270_get_formatted(H3270 *hSession)
+ {
+ return hSession->formatted != 0;
+ }
+
const LIB3270_INT_PROPERTY * lib3270_get_boolean_properties_list(void) {
static const LIB3270_INT_PROPERTY properties[] = {
@@ -142,6 +152,20 @@
NULL // Set value.
},
+ {
+ "starting", // Property name.
+ N_( "Is starting (no first screen)?" ), // Property description.
+ lib3270_is_starting, // Get value.
+ NULL // Set value.
+ },
+
+ {
+ "formatted", // Property name.
+ N_( "Formatted screen" ), // Property description.
+ lib3270_get_formatted, // Get value.
+ NULL // Set value.
+ },
+
/*
{
"", // Property name.
diff --git a/src/lib3270/ssl/ctx_init.c b/src/lib3270/ssl/ctx_init.c
new file mode 100644
index 0000000..3b6d290
--- /dev/null
+++ b/src/lib3270/ssl/ctx_init.c
@@ -0,0 +1,155 @@
+/*
+ * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
+ * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
+ * aplicativos mainframe. Registro no INPI sob o nome G3270.
+ *
+ * Copyright (C) <2008>
+ *
+ * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
+ * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
+ * Free Software Foundation.
+ *
+ * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
+ * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
+ * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
+ * obter mais detalhes.
+ *
+ * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
+ * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
+ * St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Este programa está nomeado como - e possui - linhas de código.
+ *
+ * Contatos:
+ *
+ * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
+ * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
+ *
+ *
+ * References:
+ *
+ * http://www.openssl.org/docs/ssl/
+ * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
+ *
+ */
+
+/**
+ * @brief OpenSSL initialization for linux.
+ *
+ */
+
+#include
+#if defined(HAVE_LIBSSL)
+
+#include
+#include
+#include
+
+#ifndef SSL_ST_OK
+ #define SSL_ST_OK 3
+#endif // !SSL_ST_OK
+
+#include "../private.h"
+#include
+#include
+#include
+#include
+#include
+#include "trace_dsc.h"
+
+#ifdef SSL_ENABLE_CRL_CHECK
+ #include
+#endif // SSL_ENABLE_CRL_CHECK
+
+/*--[ Implement ]------------------------------------------------------------------------------------*/
+
+#ifdef SSL_ENABLE_CRL_CHECK
+static inline void lib3270_autoptr_cleanup_X509_CRL(X509_CRL **crl)
+{
+ if(*crl)
+ X509_CRL_free(*crl);
+}
+#endif // SSL_ENABLE_CRL_CHECK
+
+/**
+ * @brief Initialize openssl library.
+ *
+ * @return 0 if ok, non zero if fails.
+ *
+ */
+int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
+{
+ debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
+
+ if(ssl_ctx)
+ return 0;
+
+ trace_dsn(hSession,"Initializing SSL context.\n");
+
+ SSL_load_error_strings();
+ SSL_library_init();
+
+ ssl_ctx = SSL_CTX_new(SSLv23_method());
+ if(ssl_ctx == NULL)
+ {
+ message->error = hSession->ssl.error = ERR_get_error();
+ message->title = N_( "Security error" );
+ message->text = N_( "Cant initialize the SSL context." );
+ return -1;
+ }
+
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+ SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
+
+ SSL_CTX_set_default_verify_paths(ssl_ctx);
+
+ ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
+
+#ifdef SSL_ENABLE_CRL_CHECK
+ //
+ // Set up CRL validation
+ //
+ // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
+ //
+ lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
+
+ if(!crl)
+ return -1;
+
+// const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+// X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+
+ if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_DS_TRACE))
+ {
+ BIO * out = BIO_new(BIO_s_mem());
+ unsigned char * data;
+ unsigned char * text;
+ int n;
+
+ X509_CRL_print(out,crl);
+
+ n = BIO_get_mem_data(out, &data);
+ text = (unsigned char *) malloc (n+1);
+ text[n] ='\0';
+ memcpy(text,data,n);
+
+ trace_dsn(hSession,"\n%s\n",text);
+
+ free(text);
+ BIO_free(out);
+
+ }
+
+ X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+ X509_STORE_add_crl(store, crl);
+ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+ X509_STORE_set1_param(store, param);
+ X509_VERIFY_PARAM_free(param);
+
+#endif // SSL_ENABLE_CRL_CHECK
+
+ return 0;
+}
+
+#endif // HAVE_LIBSSL
diff --git a/src/lib3270/ssl/linux/ctx_init.c b/src/lib3270/ssl/linux/ctx_init.c
deleted file mode 100644
index 9aa7f4a..0000000
--- a/src/lib3270/ssl/linux/ctx_init.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
- * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
- * aplicativos mainframe. Registro no INPI sob o nome G3270.
- *
- * Copyright (C) <2008>
- *
- * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
- * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
- * Free Software Foundation.
- *
- * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
- * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
- * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
- * obter mais detalhes.
- *
- * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
- * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
- * St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Este programa está nomeado como - e possui - linhas de código.
- *
- * Contatos:
- *
- * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
- * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
- *
- *
- * References:
- *
- * http://www.openssl.org/docs/ssl/
- * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
- *
- */
-
-/**
- * @brief OpenSSL initialization for linux.
- *
- */
-
-#include
-#if defined(HAVE_LIBSSL)
-
-#include
-#include
-#include
-
-#ifndef SSL_ST_OK
- #define SSL_ST_OK 3
-#endif // !SSL_ST_OK
-
-#include "../../private.h"
-#include
-#include
-#include
-#include
-#include
-#include "trace_dsc.h"
-
-#ifdef SSL_ENABLE_CRL_CHECK
- #include
-#endif // SSL_ENABLE_CRL_CHECK
-
-/*--[ Implement ]------------------------------------------------------------------------------------*/
-
-#ifdef SSL_ENABLE_CRL_CHECK
-static inline void auto_close_file(FILE **file)
-{
- if(*file)
- fclose(*file);
-}
-
-static inline void auto_close_crl(X509_CRL **crl)
-{
- if(*crl)
- X509_CRL_free(*crl);
-}
-
-static inline void auto_free_text(char **text)
-{
- if(*text)
- lib3270_free(*text);
-}
-
-#endif // SSL_ENABLE_CRL_CHECK
-
-/**
- * @brief Initialize openssl library.
- *
- * @return 0 if ok, non zero if fails.
- *
- */
-int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
-{
- debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
-
- if(ssl_ctx)
- return 0;
-
- trace_dsn(hSession,"Initializing SSL context.\n");
-
- SSL_load_error_strings();
- SSL_library_init();
-
- ssl_ctx = SSL_CTX_new(SSLv23_method());
- if(ssl_ctx == NULL)
- {
- message->error = hSession->ssl.error = ERR_get_error();
- message->title = N_( "Security error" );
- message->text = N_( "Cant initialize the SSL context." );
- return -1;
- }
-
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
- SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
-
- SSL_CTX_set_default_verify_paths(ssl_ctx);
-
- ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
-
-#ifdef SSL_ENABLE_CRL_CHECK
- //
- // Set up CRL validation
- //
- // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
- //
- char __attribute__ ((__cleanup__(auto_free_text))) * crl_file = lib3270_strdup_printf("%s/.cache/" PACKAGE_NAME ".crl",getenv("HOME"));
- X509_CRL * __attribute__ ((__cleanup__(auto_close_crl))) crl = NULL;
- FILE * __attribute__ ((__cleanup__(auto_close_file))) hCRL = fopen(crl_file,"r");
-
- if(!hCRL)
- {
- // Can't open CRL File.
- message->error = hSession->ssl.error = 0;
- message->title = N_( "Security error" );
- message->text = N_( "Can't open CRL File" );
- message->description = strerror(errno);
- lib3270_write_log(hSession,"ssl","Can't open %s: %s",crl_file,message->description);
- return -1;
-
- }
-
- lib3270_write_log(hSession,"ssl","Loading CRL from %s",crl_file);
-
- d2i_X509_CRL_fp(hCRL, &crl);
-
- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
- X509_STORE_add_crl(store, crl);
- X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
- X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
- X509_STORE_set1_param(store, param);
- X509_VERIFY_PARAM_free(param);
-
-#endif // SSL_ENABLE_CRL_CHECK
-
- return 0;
-}
-
-#endif // HAVE_LIBSSL
-
-/*
-// Load CRLs into the `X509_STORE`
-
-X509_STORE *x509_store = SSL_CTX_get_cert_store(ctx);
-X509_STORE_add_crl(x509_store, crl);
-
-// Enable CRL checking
-X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-SSL_CTX_set1_param(ctx, param);
-X509_VERIFY_PARAM_free(param);
-
-
-
- }
-
-
-
-
-#if defined(SSL_ENABLE_CRL_CHECK)
- // Set up CRL validation
- // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-
- // Enable CRL checking
- X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
- X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
- X509_STORE_set1_param(store, param);
- X509_VERIFY_PARAM_free(param);
-
- // X509_STORE_free(store);
-
- trace_dsn(hSession,"CRL CHECK is enabled.\n");
-
-#else
-
- trace_dsn(hSession,"CRL CHECK is disabled.\n");
-
-#endif // SSL_ENABLE_CRL_CHECK
-
-*/
-
diff --git a/src/lib3270/ssl/negotiate.c b/src/lib3270/ssl/negotiate.c
index c8b86d3..e5cdb5b 100644
--- a/src/lib3270/ssl/negotiate.c
+++ b/src/lib3270/ssl/negotiate.c
@@ -163,6 +163,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
switch(rv)
{
+ // https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_set_error.html
case X509_V_OK:
peer = SSL_get_peer_certificate(hSession->ssl.con);
@@ -182,6 +183,21 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
return -1;
+ case X509_V_ERR_CRL_NOT_YET_VALID:
+ trace_dsn(hSession,"%s","The CRL of a certificate is not yet valid.\n" );
+
+ ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
+ ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." );
+ ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." );
+ return -1;
+
+ case X509_V_ERR_CRL_HAS_EXPIRED:
+ trace_dsn(hSession,"%s","The CRL of a certificate has expired.\n" );
+ ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
+ ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
+ ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
+ return -1;
+
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
peer = SSL_get_peer_certificate(hSession->ssl.con);
diff --git a/src/lib3270/ssl/windows/ctx_init.c b/src/lib3270/ssl/windows/ctx_init.c
deleted file mode 100644
index 7cc644e..0000000
--- a/src/lib3270/ssl/windows/ctx_init.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
- * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
- * aplicativos mainframe. Registro no INPI sob o nome G3270.
- *
- * Copyright (C) <2008>
- *
- * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
- * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
- * Free Software Foundation.
- *
- * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
- * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
- * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
- * obter mais detalhes.
- *
- * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
- * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
- * St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Este programa está nomeado como - e possui - linhas de código.
- *
- * Contatos:
- *
- * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
- * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
- *
- *
- * References:
- *
- * http://www.openssl.org/docs/ssl/
- * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
- *
- */
-
-/**
- * @brief OpenSSL initialization for windows.
- *
- */
-
-#include
-#if defined(HAVE_LIBSSL)
-#include
-#include
-#include
-
-#ifndef SSL_ST_OK
- #define SSL_ST_OK 3
-#endif // !SSL_ST_OK
-
-#include "../../private.h"
-#include
-#include
-#include
-#include
-#include "trace_dsc.h"
-
-/*--[ Implement ]------------------------------------------------------------------------------------*/
-
-/**
- * @brief Initialize openssl library.
- *
- * @return 0 if ok, non zero if fails.
- *
- */
-int ssl_ctx_init(H3270 *hSession)
-{
- debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
-
- if(ssl_ctx)
- return 0;
-
- trace_dsn(hSession,"Initializing SSL context.\n");
-
- SSL_load_error_strings();
- SSL_library_init();
-
- ssl_ctx = SSL_CTX_new(SSLv23_method());
- if(ssl_ctx == NULL)
- return -1;
-
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
- SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
- SSL_CTX_set_default_verify_paths(ssl_ctx);
-
- //
- // Get path from windows registry.
- //
- HKEY hKey = 0;
-
- if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\" PACKAGE_NAME,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS)
- {
- char data[4096];
- unsigned long datalen = sizeof(data); // data field length(in), data returned length(out)
- unsigned long datatype; // #defined in winnt.h (predefined types 0-11)
-
- if(RegQueryValueExA(hKey,"datadir",NULL,&datatype,(LPBYTE) data,&datalen) == ERROR_SUCCESS)
- {
- strncat(data,"\\certs",4095);
-
- if(!SSL_CTX_load_verify_locations(ssl_ctx,NULL,data))
- {
- hSession->ssl.error = ERR_get_error();
-
- trace_dsn(
- hSession,
- "Cant set default locations for trusted CA certificates to %s\n%s\m"
- data,
- ERR_lib_error_string(hSession->ssl.error)
- );
-
- lib3270_write_log(
- hSession,
- "ssl",
- "Cant set default locations for trusted CA certificates to %s\n%s",
- data,
- ERR_lib_error_string(hSession->ssl.error)
- );
-
- }
- }
- RegCloseKey(hKey);
- }
-
- ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
-
- //
- // Initialize CUSTOM CRL CHECK
- //
-
- return 0;
-}
-
-#endif // HAVE_LIBSSL
-
-/*
-// Load CRLs into the `X509_STORE`
-
-X509_STORE *x509_store = SSL_CTX_get_cert_store(ctx);
-X509_STORE_add_crl(x509_store, crl);
-
-// Enable CRL checking
-X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-SSL_CTX_set1_param(ctx, param);
-X509_VERIFY_PARAM_free(param);
-
-
-
- }
-
-
-
-/*
-#if defined(SSL_ENABLE_CRL_CHECK)
- // Set up CRL validation
- // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-
- // Enable CRL checking
- X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
- X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
- X509_STORE_set1_param(store, param);
- X509_VERIFY_PARAM_free(param);
-
- // X509_STORE_free(store);
-
- trace_dsn(hSession,"CRL CHECK is enabled.\n");
-
-#else
-
- trace_dsn(hSession,"CRL CHECK is disabled.\n");
-
-#endif // SSL_ENABLE_CRL_CHECK
-*/
-
diff --git a/src/lib3270/util.c b/src/lib3270/util.c
index e0ec00b..eaed157 100644
--- a/src/lib3270/util.c
+++ b/src/lib3270/util.c
@@ -504,6 +504,13 @@ LIB3270_EXPORT void * lib3270_free(void *p)
return NULL;
}
+LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr)
+{
+ if(*ptr)
+ free(*ptr);
+ *ptr = NULL;
+}
+
LIB3270_EXPORT void * lib3270_realloc(void *p, int len)
{
p = realloc(p, len);
--
libgit2 0.21.2