Download as
Browse Code »

Commit 6021974de50002a61e0ba3487236c39a0b7ba6ff

Authored by Perry Werneck
1 parent 7d1938cc
Exists in master and in 3 other branches develop, macos, network_module

Working on CRL validation.

Showing 9 changed files with 244 additions and 416 deletions   Show diff stats
lib3270.cbp
  Diff comments   View file @6021974
... ... @@ -126,9 +126,6 @@
126 126 <Unit filename="src/lib3270/charset.c">
127 127 <Option compilerVar="CC" />
128 128 </Unit>
129   - <Unit filename="src/lib3270/connect.c">
130   - <Option compilerVar="CC" />
131   - </Unit>
132 129 <Unit filename="src/lib3270/ctlr.c">
133 130 <Option compilerVar="CC" />
134 131 </Unit>
... ...
src/include/lib3270.h
  Diff comments   View file @6021974
... ... @@ -1176,6 +1176,14 @@
1176 1176 LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr);
1177 1177 LIB3270_EXPORT void * lib3270_strdup(const char *str);
1178 1178  
  1179 + #define LIB3270_AUTOPTR_FUNC_NAME(TypeName) lib3270_autoptr_cleanup_##TypeName
  1180 +
  1181 + /**
  1182 + * @brief Declare an auto-cleanup pointer.
  1183 + *
  1184 + */
  1185 + #define lib3270_autoptr(TypeName) TypeName * __attribute__ ((__cleanup__(LIB3270_AUTOPTR_FUNC_NAME(TypeName))))
  1186 +
1179 1187 /**
1180 1188 * @brief Release allocated memory.
1181 1189 *
... ... @@ -1185,6 +1193,7 @@
1185 1193 */
1186 1194 LIB3270_EXPORT void * lib3270_free(void *p);
1187 1195  
  1196 + LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr);
1188 1197  
1189 1198 /**
1190 1199 * Get default session handle.
... ...
src/lib3270/private.h
  Diff comments   View file @6021974
... ... @@ -234,10 +234,6 @@ struct lib3270_text
234 234 unsigned short attr; ///< @brief Converted character attribute (color & etc)
235 235 };
236 236  
237   -#ifndef HEADER_SSL_H
238   - #define SSL void
239   -#endif // !HEADER_SSL_H
240   -
241 237 #ifndef LIB3270_TA
242 238 #define LIB3270_TA void
243 239 #endif // !LIB3270_TA
... ... @@ -314,7 +310,6 @@ struct _h3270
314 310 // flags
315 311 LIB3270_OPTION options; ///< @brief Session options.
316 312  
317   -// int bgthread : 1; ///< @brief Running on a background thread ?.
318 313 int selected : 1; ///< @brief Has selected region?
319 314 int rectsel : 1; ///< @brief Selected region is a rectangle ?
320 315 int vcontrol : 1; ///< @brief Visible control ?
... ... @@ -334,15 +329,15 @@ struct _h3270
334 329 int onlcr : 1;
335 330 int bsd_tm : 1;
336 331 int syncing : 1;
337   - int reverse : 1; /**< reverse-input mode */
  332 + int reverse : 1; /**< @brief reverse-input mode */
338 333 int dbcs : 1;
339 334 int linemode : 1;
340 335 int trace_skipping : 1;
341 336 int need_tls_follows : 1;
342 337 int cut_xfer_in_progress : 1;
343 338 // int auto_keymap : 1;
344   - int formatted : 1; /**< Formatted screen flag */
345   - int starting : 1; /**< Is starting (no first screen)? */
  339 + int formatted : 1; /**< @brief Formatted screen flag */
  340 + int starting : 1; /**< @brief Is starting (no first screen)? */
346 341  
347 342 char * oversize;
348 343  
... ... @@ -382,7 +377,7 @@ struct _h3270
382 377 unsigned short current_port;
383 378  
384 379 // Misc
385   - H3270FT * ft; /**< Active file transfer data */
  380 + H3270FT * ft; /**< @brief Active file transfer data */
386 381  
387 382 // screen info
388 383 int ov_rows;
... ... @@ -395,14 +390,14 @@ struct _h3270
395 390 int cursor_addr;
396 391 int buffer_addr;
397 392 char flipped;
398   - int screen_alt; /**< alternate screen? */
  393 + int screen_alt; /**< @brief alternate screen? */
399 394 int is_altbuffer;
400 395  
401 396 // Screen contents
402   - void * buffer[2]; /**< Internal buffers */
403   - struct lib3270_ea * ea_buf; /**< 3270 device buffer. ea_buf[-1] is the dummy default field attribute */
404   - struct lib3270_ea * aea_buf; /**< alternate 3270 extended attribute buffer */
405   - struct lib3270_text * text; /**< Converted 3270 chars */
  397 + void * buffer[2]; /**< @brief Internal buffers */
  398 + struct lib3270_ea * ea_buf; /**< @brief 3270 device buffer. ea_buf[-1] is the dummy default field attribute */
  399 + struct lib3270_ea * aea_buf; /**< @brief alternate 3270 extended attribute buffer */
  400 + struct lib3270_text * text; /**< @brief Converted 3270 chars */
406 401  
407 402 // host.c
408 403 char std_ds_host;
... ... @@ -424,7 +419,7 @@ struct _h3270
424 419 int mticking : 1;
425 420 int crm_nattr;
426 421 unsigned char crm_attr[16];
427   - unsigned char * zero_buf; /**< empty buffer, for area clears */
  422 + unsigned char * zero_buf; /**< @brief Empty buffer, for area clears */
428 423  
429 424 struct timeval t_start;
430 425 void * tick_id;
... ... @@ -432,8 +427,8 @@ struct _h3270
432 427  
433 428 // Telnet.c
434 429 unsigned char * ibuf;
435   - int ibuf_size; /**< size of ibuf */
436   - unsigned char * obuf; /**< 3270 output buffer */
  430 + int ibuf_size; /**< @brief size of ibuf */
  431 + unsigned char * obuf; /**< @brief 3270 output buffer */
437 432 unsigned char * obptr;
438 433 time_t ns_time;
439 434 int ns_brcvd;
... ... @@ -441,8 +436,8 @@ struct _h3270
441 436 int ns_bsent;
442 437 int ns_rsent;
443 438 struct timeval ds_ts;
444   - unsigned long e_funcs; /**< negotiated TN3270E functions */
445   - unsigned short e_xmit_seq; /**< transmit sequence number */
  439 + unsigned long e_funcs; /**< @brief negotiated TN3270E functions */
  440 + unsigned short e_xmit_seq; /**< @brief transmit sequence number */
446 441 int response_required;
447 442 int tn3270e_bound;
448 443 int tn3270e_negotiated;
... ... @@ -468,7 +463,7 @@ struct _h3270
468 463 E_SSCP
469 464 } tn3270e_submode;
470 465  
471   - unsigned char * lbuf; /**< line-mode input buffer */
  466 + unsigned char * lbuf; /**< @brief line-mode input buffer */
472 467 unsigned char * lbptr;
473 468  
474 469  
... ... @@ -476,7 +471,6 @@ struct _h3270
476 471 unsigned char * ibptr;
477 472 unsigned char * obuf_base;
478 473 int obuf_size;
479   -// unsigned char * netrbuf;
480 474  
481 475 // network input buffer
482 476 unsigned char * sbbuf;
... ... @@ -484,14 +478,13 @@ struct _h3270
484 478 // telnet sub-option buffer
485 479 unsigned char * sbptr;
486 480 unsigned char telnet_state;
487   -// char ttype_tmpval[13];
488 481  
489 482 unsigned char myopts[LIB3270_TELNET_N_OPTS];
490 483 unsigned char hisopts[LIB3270_TELNET_N_OPTS];
491 484  
492 485 // kybd.c
493   - unsigned int kybdlock; ///< @brief keyboard lock state
494   - unsigned char aid; ///< @brief current attention ID
  486 + unsigned int kybdlock; ///< @brief @brief keyboard lock state.
  487 + unsigned char aid; ///< @brief @brief current attention ID.
495 488 void * unlock_id;
496 489 time_t unlock_delay_time;
497 490 unsigned long unlock_delay_ms; ///< @brief Delay before actually unlocking the keyboard after the host permits it.
... ... @@ -548,12 +541,12 @@ struct _h3270
548 541 int saved_wide_mode : 1;
549 542  
550 543 int saved_altbuffer : 1;
551   - int ansi_reset : 1; /**< Non zero if the ansi_reset() was called in this session */
  544 + int ansi_reset : 1; /**< @brief Non zero if the ansi_reset() was called in this session */
552 545  
553 546 int ansi_ch;
554 547 int cs_to_change;
555 548  
556   - /** ANSI Character sets. */
  549 + /** @brief ANSI Character sets. */
557 550 enum lib3270_ansi_cs
558 551 {
559 552 LIB3270_ANSI_CS_G0 = 0,
... ... @@ -563,7 +556,7 @@ struct _h3270
563 556 } cset;
564 557 enum lib3270_ansi_cs saved_cset;
565 558  
566   - /** Character set designations. */
  559 + /** @brief Character set designations. */
567 560 enum lib3270_ansi_csd
568 561 {
569 562 LIB3270_ANSI_CSD_LD = 0,
... ... @@ -605,7 +598,8 @@ struct _h3270
605 598 void * except;
606 599 } xio;
607 600  
608   - // SSL Data (Always defined to maintain the structure size)
  601 +#ifdef HAVE_LIBSSL
  602 + /// @brief SSL Data.
609 603 struct
610 604 {
611 605 char host;
... ... @@ -613,12 +607,13 @@ struct _h3270
613 607 unsigned long error;
614 608 SSL * con;
615 609 } ssl;
  610 +#endif // HAVE_LIBSSL
616 611  
617 612 timeout_t * timeouts;
618 613 input_t * inputs;
619 614 int inputs_changed : 1;
620 615  
621   - // Trace Window.
  616 + // Trace methods.
622 617 struct {
623 618 void (*handler)(H3270 *session, void *userdata, const char *fmt, va_list args);
624 619 void *userdata;
... ... @@ -662,7 +657,7 @@ LIB3270_INTERNAL int check_offline_session(H3270 *hSession);
662 657  
663 658 LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
664 659  
665   -#if defined(HAVE_LIBSSL) /*[*/
  660 +#if defined(HAVE_LIBSSL)
666 661  
667 662 typedef struct _ssl_error_message
668 663 {
... ... @@ -672,17 +667,16 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
672 667 const char * description;
673 668 } SSL_ERROR_MESSAGE;
674 669  
675   -
676 670 LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message);
677 671 LIB3270_INTERNAL int ssl_init(H3270 *session);
678 672 LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession);
679 673 LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
680 674  
681   - #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/
  675 + #if OPENSSL_VERSION_NUMBER >= 0x00907000L
682 676 #define INFO_CONST const
683   - #else /*][*/
  677 + #else
684 678 #define INFO_CONST
685   - #endif /*]*/
  679 + #endif
686 680  
687 681 LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
688 682  
... ... @@ -698,5 +692,9 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
698 692 */
699 693 LIB3270_INTERNAL int ssl_3270_ex_index;
700 694  
701   -#endif /*]*/
  695 + #ifdef SSL_ENABLE_CRL_CHECK
  696 + X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message);
  697 + #endif // SSL_ENABLE_CRL_CHECK
  698 +
  699 +#endif
702 700  
... ...
src/lib3270/properties.c
  Diff comments   View file @6021974
... ... @@ -48,6 +48,16 @@
48 48 return (int) lib3270_get_program_message(hSession);
49 49 }
50 50  
  51 + int lib3270_is_starting(H3270 *hSession)
  52 + {
  53 + return hSession->starting != 0;
  54 + }
  55 +
  56 + int lib3270_get_formatted(H3270 *hSession)
  57 + {
  58 + return hSession->formatted != 0;
  59 + }
  60 +
51 61 const LIB3270_INT_PROPERTY * lib3270_get_boolean_properties_list(void) {
52 62  
53 63 static const LIB3270_INT_PROPERTY properties[] = {
... ... @@ -142,6 +152,20 @@
142 152 NULL // Set value.
143 153 },
144 154  
  155 + {
  156 + "starting", // Property name.
  157 + N_( "Is starting (no first screen)?" ), // Property description.
  158 + lib3270_is_starting, // Get value.
  159 + NULL // Set value.
  160 + },
  161 +
  162 + {
  163 + "formatted", // Property name.
  164 + N_( "Formatted screen" ), // Property description.
  165 + lib3270_get_formatted, // Get value.
  166 + NULL // Set value.
  167 + },
  168 +
145 169 /*
146 170 {
147 171 "", // Property name.
... ...
src/lib3270/ssl/ctx_init.c 0 → 100644
  Diff comments   View file @6021974
... ... @@ -0,0 +1,155 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +/**
  37 + * @brief OpenSSL initialization for linux.
  38 + *
  39 + */
  40 +
  41 +#include <config.h>
  42 +#if defined(HAVE_LIBSSL)
  43 +
  44 +#include <openssl/ssl.h>
  45 +#include <openssl/err.h>
  46 +#include <openssl/x509_vfy.h>
  47 +
  48 +#ifndef SSL_ST_OK
  49 + #define SSL_ST_OK 3
  50 +#endif // !SSL_ST_OK
  51 +
  52 +#include "../private.h"
  53 +#include <errno.h>
  54 +#include <lib3270.h>
  55 +#include <lib3270/internals.h>
  56 +#include <lib3270/trace.h>
  57 +#include <lib3270/log.h>
  58 +#include "trace_dsc.h"
  59 +
  60 +#ifdef SSL_ENABLE_CRL_CHECK
  61 + #include <openssl/x509.h>
  62 +#endif // SSL_ENABLE_CRL_CHECK
  63 +
  64 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  65 +
  66 +#ifdef SSL_ENABLE_CRL_CHECK
  67 +static inline void lib3270_autoptr_cleanup_X509_CRL(X509_CRL **crl)
  68 +{
  69 + if(*crl)
  70 + X509_CRL_free(*crl);
  71 +}
  72 +#endif // SSL_ENABLE_CRL_CHECK
  73 +
  74 +/**
  75 + * @brief Initialize openssl library.
  76 + *
  77 + * @return 0 if ok, non zero if fails.
  78 + *
  79 + */
  80 +int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
  81 +{
  82 + debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
  83 +
  84 + if(ssl_ctx)
  85 + return 0;
  86 +
  87 + trace_dsn(hSession,"Initializing SSL context.\n");
  88 +
  89 + SSL_load_error_strings();
  90 + SSL_library_init();
  91 +
  92 + ssl_ctx = SSL_CTX_new(SSLv23_method());
  93 + if(ssl_ctx == NULL)
  94 + {
  95 + message->error = hSession->ssl.error = ERR_get_error();
  96 + message->title = N_( "Security error" );
  97 + message->text = N_( "Cant initialize the SSL context." );
  98 + return -1;
  99 + }
  100 +
  101 + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
  102 + SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
  103 +
  104 + SSL_CTX_set_default_verify_paths(ssl_ctx);
  105 +
  106 + ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
  107 +
  108 +#ifdef SSL_ENABLE_CRL_CHECK
  109 + //
  110 + // Set up CRL validation
  111 + //
  112 + // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
  113 + //
  114 + lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
  115 +
  116 + if(!crl)
  117 + return -1;
  118 +
  119 +// const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
  120 +// X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
  121 +
  122 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_DS_TRACE))
  123 + {
  124 + BIO * out = BIO_new(BIO_s_mem());
  125 + unsigned char * data;
  126 + unsigned char * text;
  127 + int n;
  128 +
  129 + X509_CRL_print(out,crl);
  130 +
  131 + n = BIO_get_mem_data(out, &data);
  132 + text = (unsigned char *) malloc (n+1);
  133 + text[n] ='\0';
  134 + memcpy(text,data,n);
  135 +
  136 + trace_dsn(hSession,"\n%s\n",text);
  137 +
  138 + free(text);
  139 + BIO_free(out);
  140 +
  141 + }
  142 +
  143 + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
  144 + X509_STORE_add_crl(store, crl);
  145 + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
  146 + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
  147 + X509_STORE_set1_param(store, param);
  148 + X509_VERIFY_PARAM_free(param);
  149 +
  150 +#endif // SSL_ENABLE_CRL_CHECK
  151 +
  152 + return 0;
  153 +}
  154 +
  155 +#endif // HAVE_LIBSSL
... ...
src/lib3270/ssl/linux/ctx_init.c
View file @7d1938c
... ... @@ -1,202 +0,0 @@
1   -/*
2   - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
3   - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
4   - * aplicativos mainframe. Registro no INPI sob o nome G3270.
5   - *
6   - * Copyright (C) <2008> <Banco do Brasil S.A.>
7   - *
8   - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
9   - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
10   - * Free Software Foundation.
11   - *
12   - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
13   - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
14   - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
15   - * obter mais detalhes.
16   - *
17   - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
18   - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
19   - * St, Fifth Floor, Boston, MA 02110-1301 USA
20   - *
21   - * Este programa está nomeado como - e possui - linhas de código.
22   - *
23   - * Contatos:
24   - *
25   - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
26   - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
27   - *
28   - *
29   - * References:
30   - *
31   - * http://www.openssl.org/docs/ssl/
32   - * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
33   - *
34   - */
35   -
36   -/**
37   - * @brief OpenSSL initialization for linux.
38   - *
39   - */
40   -
41   -#include <config.h>
42   -#if defined(HAVE_LIBSSL)
43   -
44   -#include <openssl/ssl.h>
45   -#include <openssl/err.h>
46   -#include <openssl/x509_vfy.h>
47   -
48   -#ifndef SSL_ST_OK
49   - #define SSL_ST_OK 3
50   -#endif // !SSL_ST_OK
51   -
52   -#include "../../private.h"
53   -#include <errno.h>
54   -#include <lib3270.h>
55   -#include <lib3270/internals.h>
56   -#include <lib3270/trace.h>
57   -#include <lib3270/log.h>
58   -#include "trace_dsc.h"
59   -
60   -#ifdef SSL_ENABLE_CRL_CHECK
61   - #include <openssl/x509.h>
62   -#endif // SSL_ENABLE_CRL_CHECK
63   -
64   -/*--[ Implement ]------------------------------------------------------------------------------------*/
65   -
66   -#ifdef SSL_ENABLE_CRL_CHECK
67   -static inline void auto_close_file(FILE **file)
68   -{
69   - if(*file)
70   - fclose(*file);
71   -}
72   -
73   -static inline void auto_close_crl(X509_CRL **crl)
74   -{
75   - if(*crl)
76   - X509_CRL_free(*crl);
77   -}
78   -
79   -static inline void auto_free_text(char **text)
80   -{
81   - if(*text)
82   - lib3270_free(*text);
83   -}
84   -
85   -#endif // SSL_ENABLE_CRL_CHECK
86   -
87   -/**
88   - * @brief Initialize openssl library.
89   - *
90   - * @return 0 if ok, non zero if fails.
91   - *
92   - */
93   -int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
94   -{
95   - debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
96   -
97   - if(ssl_ctx)
98   - return 0;
99   -
100   - trace_dsn(hSession,"Initializing SSL context.\n");
101   -
102   - SSL_load_error_strings();
103   - SSL_library_init();
104   -
105   - ssl_ctx = SSL_CTX_new(SSLv23_method());
106   - if(ssl_ctx == NULL)
107   - {
108   - message->error = hSession->ssl.error = ERR_get_error();
109   - message->title = N_( "Security error" );
110   - message->text = N_( "Cant initialize the SSL context." );
111   - return -1;
112   - }
113   -
114   - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
115   - SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
116   -
117   - SSL_CTX_set_default_verify_paths(ssl_ctx);
118   -
119   - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
120   -
121   -#ifdef SSL_ENABLE_CRL_CHECK
122   - //
123   - // Set up CRL validation
124   - //
125   - // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
126   - //
127   - char __attribute__ ((__cleanup__(auto_free_text))) * crl_file = lib3270_strdup_printf("%s/.cache/" PACKAGE_NAME ".crl",getenv("HOME"));
128   - X509_CRL * __attribute__ ((__cleanup__(auto_close_crl))) crl = NULL;
129   - FILE * __attribute__ ((__cleanup__(auto_close_file))) hCRL = fopen(crl_file,"r");
130   -
131   - if(!hCRL)
132   - {
133   - // Can't open CRL File.
134   - message->error = hSession->ssl.error = 0;
135   - message->title = N_( "Security error" );
136   - message->text = N_( "Can't open CRL File" );
137   - message->description = strerror(errno);
138   - lib3270_write_log(hSession,"ssl","Can't open %s: %s",crl_file,message->description);
139   - return -1;
140   -
141   - }
142   -
143   - lib3270_write_log(hSession,"ssl","Loading CRL from %s",crl_file);
144   -
145   - d2i_X509_CRL_fp(hCRL, &crl);
146   -
147   - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
148   - X509_STORE_add_crl(store, crl);
149   - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
150   - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
151   - X509_STORE_set1_param(store, param);
152   - X509_VERIFY_PARAM_free(param);
153   -
154   -#endif // SSL_ENABLE_CRL_CHECK
155   -
156   - return 0;
157   -}
158   -
159   -#endif // HAVE_LIBSSL
160   -
161   -/*
162   -// Load CRLs into the `X509_STORE`
163   -
164   -X509_STORE *x509_store = SSL_CTX_get_cert_store(ctx);
165   -X509_STORE_add_crl(x509_store, crl);
166   -
167   -// Enable CRL checking
168   -X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
169   -X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
170   -SSL_CTX_set1_param(ctx, param);
171   -X509_VERIFY_PARAM_free(param);
172   -
173   -
174   -
175   - }
176   -
177   -
178   -
179   -
180   -#if defined(SSL_ENABLE_CRL_CHECK)
181   - // Set up CRL validation
182   - // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
183   - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
184   -
185   - // Enable CRL checking
186   - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
187   - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
188   - X509_STORE_set1_param(store, param);
189   - X509_VERIFY_PARAM_free(param);
190   -
191   - // X509_STORE_free(store);
192   -
193   - trace_dsn(hSession,"CRL CHECK is enabled.\n");
194   -
195   -#else
196   -
197   - trace_dsn(hSession,"CRL CHECK is disabled.\n");
198   -
199   -#endif // SSL_ENABLE_CRL_CHECK
200   -
201   -*/
202   -
src/lib3270/ssl/negotiate.c
  Diff comments   View file @6021974
... ... @@ -163,6 +163,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
163 163  
164 164 switch(rv)
165 165 {
  166 + // https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_set_error.html
166 167 case X509_V_OK:
167 168 peer = SSL_get_peer_certificate(hSession->ssl.con);
168 169  
... ... @@ -182,6 +183,21 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
182 183  
183 184 return -1;
184 185  
  186 + case X509_V_ERR_CRL_NOT_YET_VALID:
  187 + trace_dsn(hSession,"%s","The CRL of a certificate is not yet valid.\n" );
  188 +
  189 + ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
  190 + ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." );
  191 + ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." );
  192 + return -1;
  193 +
  194 + case X509_V_ERR_CRL_HAS_EXPIRED:
  195 + trace_dsn(hSession,"%s","The CRL of a certificate has expired.\n" );
  196 + ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
  197 + ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
  198 + ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
  199 + return -1;
  200 +
185 201 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
186 202  
187 203 peer = SSL_get_peer_certificate(hSession->ssl.con);
... ...
src/lib3270/ssl/windows/ctx_init.c
View file @7d1938c
... ... @@ -1,176 +0,0 @@
1   -/*
2   - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
3   - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
4   - * aplicativos mainframe. Registro no INPI sob o nome G3270.
5   - *
6   - * Copyright (C) <2008> <Banco do Brasil S.A.>
7   - *
8   - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
9   - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
10   - * Free Software Foundation.
11   - *
12   - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
13   - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
14   - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
15   - * obter mais detalhes.
16   - *
17   - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
18   - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
19   - * St, Fifth Floor, Boston, MA 02110-1301 USA
20   - *
21   - * Este programa está nomeado como - e possui - linhas de código.
22   - *
23   - * Contatos:
24   - *
25   - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
26   - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
27   - *
28   - *
29   - * References:
30   - *
31   - * http://www.openssl.org/docs/ssl/
32   - * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
33   - *
34   - */
35   -
36   -/**
37   - * @brief OpenSSL initialization for windows.
38   - *
39   - */
40   -
41   -#include <config.h>
42   -#if defined(HAVE_LIBSSL)
43   -#include <openssl/ssl.h>
44   -#include <openssl/err.h>
45   -#include <openssl/x509_vfy.h>
46   -
47   -#ifndef SSL_ST_OK
48   - #define SSL_ST_OK 3
49   -#endif // !SSL_ST_OK
50   -
51   -#include "../../private.h"
52   -#include <errno.h>
53   -#include <lib3270.h>
54   -#include <lib3270/internals.h>
55   -#include <lib3270/trace.h>
56   -#include "trace_dsc.h"
57   -
58   -/*--[ Implement ]------------------------------------------------------------------------------------*/
59   -
60   -/**
61   - * @brief Initialize openssl library.
62   - *
63   - * @return 0 if ok, non zero if fails.
64   - *
65   - */
66   -int ssl_ctx_init(H3270 *hSession)
67   -{
68   - debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
69   -
70   - if(ssl_ctx)
71   - return 0;
72   -
73   - trace_dsn(hSession,"Initializing SSL context.\n");
74   -
75   - SSL_load_error_strings();
76   - SSL_library_init();
77   -
78   - ssl_ctx = SSL_CTX_new(SSLv23_method());
79   - if(ssl_ctx == NULL)
80   - return -1;
81   -
82   - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
83   - SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
84   - SSL_CTX_set_default_verify_paths(ssl_ctx);
85   -
86   - //
87   - // Get path from windows registry.
88   - //
89   - HKEY hKey = 0;
90   -
91   - if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\" PACKAGE_NAME,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS)
92   - {
93   - char data[4096];
94   - unsigned long datalen = sizeof(data); // data field length(in), data returned length(out)
95   - unsigned long datatype; // #defined in winnt.h (predefined types 0-11)
96   -
97   - if(RegQueryValueExA(hKey,"datadir",NULL,&datatype,(LPBYTE) data,&datalen) == ERROR_SUCCESS)
98   - {
99   - strncat(data,"\\certs",4095);
100   -
101   - if(!SSL_CTX_load_verify_locations(ssl_ctx,NULL,data))
102   - {
103   - hSession->ssl.error = ERR_get_error();
104   -
105   - trace_dsn(
106   - hSession,
107   - "Cant set default locations for trusted CA certificates to %s\n%s\m"
108   - data,
109   - ERR_lib_error_string(hSession->ssl.error)
110   - );
111   -
112   - lib3270_write_log(
113   - hSession,
114   - "ssl",
115   - "Cant set default locations for trusted CA certificates to %s\n%s",
116   - data,
117   - ERR_lib_error_string(hSession->ssl.error)
118   - );
119   -
120   - }
121   - }
122   - RegCloseKey(hKey);
123   - }
124   -
125   - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
126   -
127   - //
128   - // Initialize CUSTOM CRL CHECK
129   - //
130   -
131   - return 0;
132   -}
133   -
134   -#endif // HAVE_LIBSSL
135   -
136   -/*
137   -// Load CRLs into the `X509_STORE`
138   -
139   -X509_STORE *x509_store = SSL_CTX_get_cert_store(ctx);
140   -X509_STORE_add_crl(x509_store, crl);
141   -
142   -// Enable CRL checking
143   -X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
144   -X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
145   -SSL_CTX_set1_param(ctx, param);
146   -X509_VERIFY_PARAM_free(param);
147   -
148   -
149   -
150   - }
151   -
152   -
153   -
154   -/*
155   -#if defined(SSL_ENABLE_CRL_CHECK)
156   - // Set up CRL validation
157   - // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
158   - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
159   -
160   - // Enable CRL checking
161   - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
162   - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
163   - X509_STORE_set1_param(store, param);
164   - X509_VERIFY_PARAM_free(param);
165   -
166   - // X509_STORE_free(store);
167   -
168   - trace_dsn(hSession,"CRL CHECK is enabled.\n");
169   -
170   -#else
171   -
172   - trace_dsn(hSession,"CRL CHECK is disabled.\n");
173   -
174   -#endif // SSL_ENABLE_CRL_CHECK
175   -*/
176   -
src/lib3270/util.c
  Diff comments   View file @6021974
... ... @@ -504,6 +504,13 @@ LIB3270_EXPORT void * lib3270_free(void *p)
504 504 return NULL;
505 505 }
506 506  
  507 +LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr)
  508 +{
  509 + if(*ptr)
  510 + free(*ptr);
  511 + *ptr = NULL;
  512 +}
  513 +
507 514 LIB3270_EXPORT void * lib3270_realloc(void *p, int len)
508 515 {
509 516 p = realloc(p, len);
... ...