Download as
Browse Code »

Commit 6021974de50002a61e0ba3487236c39a0b7ba6ff

Authored by Perry Werneck
1 parent 7d1938cc
Exists in master and in 3 other branches develop, macos, network_module

Working on CRL validation.

Showing 9 changed files with 244 additions and 416 deletions   Show diff stats
@@ -126,9 +126,6 @@ @@ -126,9 +126,6 @@
126 <Unit filename="src/lib3270/charset.c"> 126 <Unit filename="src/lib3270/charset.c">
127 <Option compilerVar="CC" /> 127 <Option compilerVar="CC" />
128 </Unit> 128 </Unit>
129 - <Unit filename="src/lib3270/connect.c">  
130 - <Option compilerVar="CC" />  
131 - </Unit>  
132 <Unit filename="src/lib3270/ctlr.c"> 129 <Unit filename="src/lib3270/ctlr.c">
133 <Option compilerVar="CC" /> 130 <Option compilerVar="CC" />
134 </Unit> 131 </Unit>
src/include/lib3270.h
  Diff comments   View file @6021974
@@ -1176,6 +1176,14 @@ @@ -1176,6 +1176,14 @@
1176 LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr); 1176 LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr);
1177 LIB3270_EXPORT void * lib3270_strdup(const char *str); 1177 LIB3270_EXPORT void * lib3270_strdup(const char *str);
1178 1178
  1179 + #define LIB3270_AUTOPTR_FUNC_NAME(TypeName) lib3270_autoptr_cleanup_##TypeName
  1180 +
  1181 + /**
  1182 + * @brief Declare an auto-cleanup pointer.
  1183 + *
  1184 + */
  1185 + #define lib3270_autoptr(TypeName) TypeName * __attribute__ ((__cleanup__(LIB3270_AUTOPTR_FUNC_NAME(TypeName))))
  1186 +
1179 /** 1187 /**
1180 * @brief Release allocated memory. 1188 * @brief Release allocated memory.
1181 * 1189 *
@@ -1185,6 +1193,7 @@ @@ -1185,6 +1193,7 @@
1185 */ 1193 */
1186 LIB3270_EXPORT void * lib3270_free(void *p); 1194 LIB3270_EXPORT void * lib3270_free(void *p);
1187 1195
  1196 + LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr);
1188 1197
1189 /** 1198 /**
1190 * Get default session handle. 1199 * Get default session handle.
src/lib3270/private.h
  Diff comments   View file @6021974
@@ -234,10 +234,6 @@ struct lib3270_text @@ -234,10 +234,6 @@ struct lib3270_text
234 unsigned short attr; ///< @brief Converted character attribute (color & etc) 234 unsigned short attr; ///< @brief Converted character attribute (color & etc)
235 }; 235 };
236 236
237 -#ifndef HEADER_SSL_H  
238 - #define SSL void  
239 -#endif // !HEADER_SSL_H  
240 -  
241 #ifndef LIB3270_TA 237 #ifndef LIB3270_TA
242 #define LIB3270_TA void 238 #define LIB3270_TA void
243 #endif // !LIB3270_TA 239 #endif // !LIB3270_TA
@@ -314,7 +310,6 @@ struct _h3270 @@ -314,7 +310,6 @@ struct _h3270
314 // flags 310 // flags
315 LIB3270_OPTION options; ///< @brief Session options. 311 LIB3270_OPTION options; ///< @brief Session options.
316 312
317 -// int bgthread : 1; ///< @brief Running on a background thread ?.  
318 int selected : 1; ///< @brief Has selected region? 313 int selected : 1; ///< @brief Has selected region?
319 int rectsel : 1; ///< @brief Selected region is a rectangle ? 314 int rectsel : 1; ///< @brief Selected region is a rectangle ?
320 int vcontrol : 1; ///< @brief Visible control ? 315 int vcontrol : 1; ///< @brief Visible control ?
@@ -334,15 +329,15 @@ struct _h3270 @@ -334,15 +329,15 @@ struct _h3270
334 int onlcr : 1; 329 int onlcr : 1;
335 int bsd_tm : 1; 330 int bsd_tm : 1;
336 int syncing : 1; 331 int syncing : 1;
337 - int reverse : 1; /**< reverse-input mode */ 332 + int reverse : 1; /**< @brief reverse-input mode */
338 int dbcs : 1; 333 int dbcs : 1;
339 int linemode : 1; 334 int linemode : 1;
340 int trace_skipping : 1; 335 int trace_skipping : 1;
341 int need_tls_follows : 1; 336 int need_tls_follows : 1;
342 int cut_xfer_in_progress : 1; 337 int cut_xfer_in_progress : 1;
343 // int auto_keymap : 1; 338 // int auto_keymap : 1;
344 - int formatted : 1; /**< Formatted screen flag */  
345 - int starting : 1; /**< Is starting (no first screen)? */ 339 + int formatted : 1; /**< @brief Formatted screen flag */
  340 + int starting : 1; /**< @brief Is starting (no first screen)? */
346 341
347 char * oversize; 342 char * oversize;
348 343
@@ -382,7 +377,7 @@ struct _h3270 @@ -382,7 +377,7 @@ struct _h3270
382 unsigned short current_port; 377 unsigned short current_port;
383 378
384 // Misc 379 // Misc
385 - H3270FT * ft; /**< Active file transfer data */ 380 + H3270FT * ft; /**< @brief Active file transfer data */
386 381
387 // screen info 382 // screen info
388 int ov_rows; 383 int ov_rows;
@@ -395,14 +390,14 @@ struct _h3270 @@ -395,14 +390,14 @@ struct _h3270
395 int cursor_addr; 390 int cursor_addr;
396 int buffer_addr; 391 int buffer_addr;
397 char flipped; 392 char flipped;
398 - int screen_alt; /**< alternate screen? */ 393 + int screen_alt; /**< @brief alternate screen? */
399 int is_altbuffer; 394 int is_altbuffer;
400 395
401 // Screen contents 396 // Screen contents
402 - void * buffer[2]; /**< Internal buffers */  
403 - struct lib3270_ea * ea_buf; /**< 3270 device buffer. ea_buf[-1] is the dummy default field attribute */  
404 - struct lib3270_ea * aea_buf; /**< alternate 3270 extended attribute buffer */  
405 - struct lib3270_text * text; /**< Converted 3270 chars */ 397 + void * buffer[2]; /**< @brief Internal buffers */
  398 + struct lib3270_ea * ea_buf; /**< @brief 3270 device buffer. ea_buf[-1] is the dummy default field attribute */
  399 + struct lib3270_ea * aea_buf; /**< @brief alternate 3270 extended attribute buffer */
  400 + struct lib3270_text * text; /**< @brief Converted 3270 chars */
406 401
407 // host.c 402 // host.c
408 char std_ds_host; 403 char std_ds_host;
@@ -424,7 +419,7 @@ struct _h3270 @@ -424,7 +419,7 @@ struct _h3270
424 int mticking : 1; 419 int mticking : 1;
425 int crm_nattr; 420 int crm_nattr;
426 unsigned char crm_attr[16]; 421 unsigned char crm_attr[16];
427 - unsigned char * zero_buf; /**< empty buffer, for area clears */ 422 + unsigned char * zero_buf; /**< @brief Empty buffer, for area clears */
428 423
429 struct timeval t_start; 424 struct timeval t_start;
430 void * tick_id; 425 void * tick_id;
@@ -432,8 +427,8 @@ struct _h3270 @@ -432,8 +427,8 @@ struct _h3270
432 427
433 // Telnet.c 428 // Telnet.c
434 unsigned char * ibuf; 429 unsigned char * ibuf;
435 - int ibuf_size; /**< size of ibuf */  
436 - unsigned char * obuf; /**< 3270 output buffer */ 430 + int ibuf_size; /**< @brief size of ibuf */
  431 + unsigned char * obuf; /**< @brief 3270 output buffer */
437 unsigned char * obptr; 432 unsigned char * obptr;
438 time_t ns_time; 433 time_t ns_time;
439 int ns_brcvd; 434 int ns_brcvd;
@@ -441,8 +436,8 @@ struct _h3270 @@ -441,8 +436,8 @@ struct _h3270
441 int ns_bsent; 436 int ns_bsent;
442 int ns_rsent; 437 int ns_rsent;
443 struct timeval ds_ts; 438 struct timeval ds_ts;
444 - unsigned long e_funcs; /**< negotiated TN3270E functions */  
445 - unsigned short e_xmit_seq; /**< transmit sequence number */ 439 + unsigned long e_funcs; /**< @brief negotiated TN3270E functions */
  440 + unsigned short e_xmit_seq; /**< @brief transmit sequence number */
446 int response_required; 441 int response_required;
447 int tn3270e_bound; 442 int tn3270e_bound;
448 int tn3270e_negotiated; 443 int tn3270e_negotiated;
@@ -468,7 +463,7 @@ struct _h3270 @@ -468,7 +463,7 @@ struct _h3270
468 E_SSCP 463 E_SSCP
469 } tn3270e_submode; 464 } tn3270e_submode;
470 465
471 - unsigned char * lbuf; /**< line-mode input buffer */ 466 + unsigned char * lbuf; /**< @brief line-mode input buffer */
472 unsigned char * lbptr; 467 unsigned char * lbptr;
473 468
474 469
@@ -476,7 +471,6 @@ struct _h3270 @@ -476,7 +471,6 @@ struct _h3270
476 unsigned char * ibptr; 471 unsigned char * ibptr;
477 unsigned char * obuf_base; 472 unsigned char * obuf_base;
478 int obuf_size; 473 int obuf_size;
479 -// unsigned char * netrbuf;  
480 474
481 // network input buffer 475 // network input buffer
482 unsigned char * sbbuf; 476 unsigned char * sbbuf;
@@ -484,14 +478,13 @@ struct _h3270 @@ -484,14 +478,13 @@ struct _h3270
484 // telnet sub-option buffer 478 // telnet sub-option buffer
485 unsigned char * sbptr; 479 unsigned char * sbptr;
486 unsigned char telnet_state; 480 unsigned char telnet_state;
487 -// char ttype_tmpval[13];  
488 481
489 unsigned char myopts[LIB3270_TELNET_N_OPTS]; 482 unsigned char myopts[LIB3270_TELNET_N_OPTS];
490 unsigned char hisopts[LIB3270_TELNET_N_OPTS]; 483 unsigned char hisopts[LIB3270_TELNET_N_OPTS];
491 484
492 // kybd.c 485 // kybd.c
493 - unsigned int kybdlock; ///< @brief keyboard lock state  
494 - unsigned char aid; ///< @brief current attention ID 486 + unsigned int kybdlock; ///< @brief @brief keyboard lock state.
  487 + unsigned char aid; ///< @brief @brief current attention ID.
495 void * unlock_id; 488 void * unlock_id;
496 time_t unlock_delay_time; 489 time_t unlock_delay_time;
497 unsigned long unlock_delay_ms; ///< @brief Delay before actually unlocking the keyboard after the host permits it. 490 unsigned long unlock_delay_ms; ///< @brief Delay before actually unlocking the keyboard after the host permits it.
@@ -548,12 +541,12 @@ struct _h3270 @@ -548,12 +541,12 @@ struct _h3270
548 int saved_wide_mode : 1; 541 int saved_wide_mode : 1;
549 542
550 int saved_altbuffer : 1; 543 int saved_altbuffer : 1;
551 - int ansi_reset : 1; /**< Non zero if the ansi_reset() was called in this session */ 544 + int ansi_reset : 1; /**< @brief Non zero if the ansi_reset() was called in this session */
552 545
553 int ansi_ch; 546 int ansi_ch;
554 int cs_to_change; 547 int cs_to_change;
555 548
556 - /** ANSI Character sets. */ 549 + /** @brief ANSI Character sets. */
557 enum lib3270_ansi_cs 550 enum lib3270_ansi_cs
558 { 551 {
559 LIB3270_ANSI_CS_G0 = 0, 552 LIB3270_ANSI_CS_G0 = 0,
@@ -563,7 +556,7 @@ struct _h3270 @@ -563,7 +556,7 @@ struct _h3270
563 } cset; 556 } cset;
564 enum lib3270_ansi_cs saved_cset; 557 enum lib3270_ansi_cs saved_cset;
565 558
566 - /** Character set designations. */ 559 + /** @brief Character set designations. */
567 enum lib3270_ansi_csd 560 enum lib3270_ansi_csd
568 { 561 {
569 LIB3270_ANSI_CSD_LD = 0, 562 LIB3270_ANSI_CSD_LD = 0,
@@ -605,7 +598,8 @@ struct _h3270 @@ -605,7 +598,8 @@ struct _h3270
605 void * except; 598 void * except;
606 } xio; 599 } xio;
607 600
608 - // SSL Data (Always defined to maintain the structure size) 601 +#ifdef HAVE_LIBSSL
  602 + /// @brief SSL Data.
609 struct 603 struct
610 { 604 {
611 char host; 605 char host;
@@ -613,12 +607,13 @@ struct _h3270 @@ -613,12 +607,13 @@ struct _h3270
613 unsigned long error; 607 unsigned long error;
614 SSL * con; 608 SSL * con;
615 } ssl; 609 } ssl;
  610 +#endif // HAVE_LIBSSL
616 611
617 timeout_t * timeouts; 612 timeout_t * timeouts;
618 input_t * inputs; 613 input_t * inputs;
619 int inputs_changed : 1; 614 int inputs_changed : 1;
620 615
621 - // Trace Window. 616 + // Trace methods.
622 struct { 617 struct {
623 void (*handler)(H3270 *session, void *userdata, const char *fmt, va_list args); 618 void (*handler)(H3270 *session, void *userdata, const char *fmt, va_list args);
624 void *userdata; 619 void *userdata;
@@ -662,7 +657,7 @@ LIB3270_INTERNAL int check_offline_session(H3270 *hSession); @@ -662,7 +657,7 @@ LIB3270_INTERNAL int check_offline_session(H3270 *hSession);
662 657
663 LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); 658 LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
664 659
665 -#if defined(HAVE_LIBSSL) /*[*/ 660 +#if defined(HAVE_LIBSSL)
666 661
667 typedef struct _ssl_error_message 662 typedef struct _ssl_error_message
668 { 663 {
@@ -672,17 +667,16 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); @@ -672,17 +667,16 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
672 const char * description; 667 const char * description;
673 } SSL_ERROR_MESSAGE; 668 } SSL_ERROR_MESSAGE;
674 669
675 -  
676 LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message); 670 LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message);
677 LIB3270_INTERNAL int ssl_init(H3270 *session); 671 LIB3270_INTERNAL int ssl_init(H3270 *session);
678 LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession); 672 LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession);
679 LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state); 673 LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
680 674
681 - #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/ 675 + #if OPENSSL_VERSION_NUMBER >= 0x00907000L
682 #define INFO_CONST const 676 #define INFO_CONST const
683 - #else /*][*/ 677 + #else
684 #define INFO_CONST 678 #define INFO_CONST
685 - #endif /*]*/ 679 + #endif
686 680
687 LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret); 681 LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
688 682
@@ -698,5 +692,9 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); @@ -698,5 +692,9 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
698 */ 692 */
699 LIB3270_INTERNAL int ssl_3270_ex_index; 693 LIB3270_INTERNAL int ssl_3270_ex_index;
700 694
701 -#endif /*]*/ 695 + #ifdef SSL_ENABLE_CRL_CHECK
  696 + X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message);
  697 + #endif // SSL_ENABLE_CRL_CHECK
  698 +
  699 +#endif
702 700
src/lib3270/properties.c
  Diff comments   View file @6021974
@@ -48,6 +48,16 @@ @@ -48,6 +48,16 @@
48 return (int) lib3270_get_program_message(hSession); 48 return (int) lib3270_get_program_message(hSession);
49 } 49 }
50 50
  51 + int lib3270_is_starting(H3270 *hSession)
  52 + {
  53 + return hSession->starting != 0;
  54 + }
  55 +
  56 + int lib3270_get_formatted(H3270 *hSession)
  57 + {
  58 + return hSession->formatted != 0;
  59 + }
  60 +
51 const LIB3270_INT_PROPERTY * lib3270_get_boolean_properties_list(void) { 61 const LIB3270_INT_PROPERTY * lib3270_get_boolean_properties_list(void) {
52 62
53 static const LIB3270_INT_PROPERTY properties[] = { 63 static const LIB3270_INT_PROPERTY properties[] = {
@@ -142,6 +152,20 @@ @@ -142,6 +152,20 @@
142 NULL // Set value. 152 NULL // Set value.
143 }, 153 },
144 154
  155 + {
  156 + "starting", // Property name.
  157 + N_( "Is starting (no first screen)?" ), // Property description.
  158 + lib3270_is_starting, // Get value.
  159 + NULL // Set value.
  160 + },
  161 +
  162 + {
  163 + "formatted", // Property name.
  164 + N_( "Formatted screen" ), // Property description.
  165 + lib3270_get_formatted, // Get value.
  166 + NULL // Set value.
  167 + },
  168 +
145 /* 169 /*
146 { 170 {
147 "", // Property name. 171 "", // Property name.
src/lib3270/ssl/ctx_init.c 0 → 100644
  Diff comments   View file @6021974
@@ -0,0 +1,155 @@ @@ -0,0 +1,155 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +/**
  37 + * @brief OpenSSL initialization for linux.
  38 + *
  39 + */
  40 +
  41 +#include <config.h>
  42 +#if defined(HAVE_LIBSSL)
  43 +
  44 +#include <openssl/ssl.h>
  45 +#include <openssl/err.h>
  46 +#include <openssl/x509_vfy.h>
  47 +
  48 +#ifndef SSL_ST_OK
  49 + #define SSL_ST_OK 3
  50 +#endif // !SSL_ST_OK
  51 +
  52 +#include "../private.h"
  53 +#include <errno.h>
  54 +#include <lib3270.h>
  55 +#include <lib3270/internals.h>
  56 +#include <lib3270/trace.h>
  57 +#include <lib3270/log.h>
  58 +#include "trace_dsc.h"
  59 +
  60 +#ifdef SSL_ENABLE_CRL_CHECK
  61 + #include <openssl/x509.h>
  62 +#endif // SSL_ENABLE_CRL_CHECK
  63 +
  64 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  65 +
  66 +#ifdef SSL_ENABLE_CRL_CHECK
  67 +static inline void lib3270_autoptr_cleanup_X509_CRL(X509_CRL **crl)
  68 +{
  69 + if(*crl)
  70 + X509_CRL_free(*crl);
  71 +}
  72 +#endif // SSL_ENABLE_CRL_CHECK
  73 +
  74 +/**
  75 + * @brief Initialize openssl library.
  76 + *
  77 + * @return 0 if ok, non zero if fails.
  78 + *
  79 + */
  80 +int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
  81 +{
  82 + debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
  83 +
  84 + if(ssl_ctx)
  85 + return 0;
  86 +
  87 + trace_dsn(hSession,"Initializing SSL context.\n");
  88 +
  89 + SSL_load_error_strings();
  90 + SSL_library_init();
  91 +
  92 + ssl_ctx = SSL_CTX_new(SSLv23_method());
  93 + if(ssl_ctx == NULL)
  94 + {
  95 + message->error = hSession->ssl.error = ERR_get_error();
  96 + message->title = N_( "Security error" );
  97 + message->text = N_( "Cant initialize the SSL context." );
  98 + return -1;
  99 + }
  100 +
  101 + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
  102 + SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
  103 +
  104 + SSL_CTX_set_default_verify_paths(ssl_ctx);
  105 +
  106 + ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
  107 +
  108 +#ifdef SSL_ENABLE_CRL_CHECK
  109 + //
  110 + // Set up CRL validation
  111 + //
  112 + // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
  113 + //
  114 + lib3270_autoptr(X509_CRL) crl = lib3270_get_X509_CRL(hSession,message);
  115 +
  116 + if(!crl)
  117 + return -1;
  118 +
  119 +// const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
  120 +// X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
  121 +
  122 + if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_DS_TRACE))
  123 + {
  124 + BIO * out = BIO_new(BIO_s_mem());
  125 + unsigned char * data;
  126 + unsigned char * text;
  127 + int n;
  128 +
  129 + X509_CRL_print(out,crl);
  130 +
  131 + n = BIO_get_mem_data(out, &data);
  132 + text = (unsigned char *) malloc (n+1);
  133 + text[n] ='\0';
  134 + memcpy(text,data,n);
  135 +
  136 + trace_dsn(hSession,"\n%s\n",text);
  137 +
  138 + free(text);
  139 + BIO_free(out);
  140 +
  141 + }
  142 +
  143 + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
  144 + X509_STORE_add_crl(store, crl);
  145 + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
  146 + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
  147 + X509_STORE_set1_param(store, param);
  148 + X509_VERIFY_PARAM_free(param);
  149 +
  150 +#endif // SSL_ENABLE_CRL_CHECK
  151 +
  152 + return 0;
  153 +}
  154 +
  155 +#endif // HAVE_LIBSSL
src/lib3270/ssl/linux/ctx_init.c
View file @7d1938c
@@ -1,202 +0,0 @@ @@ -1,202 +0,0 @@
1 -/*  
2 - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270  
3 - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a  
4 - * aplicativos mainframe. Registro no INPI sob o nome G3270.  
5 - *  
6 - * Copyright (C) <2008> <Banco do Brasil S.A.>  
7 - *  
8 - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob  
9 - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela  
10 - * Free Software Foundation.  
11 - *  
12 - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER  
13 - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO  
14 - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para  
15 - * obter mais detalhes.  
16 - *  
17 - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este  
18 - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin  
19 - * St, Fifth Floor, Boston, MA 02110-1301 USA  
20 - *  
21 - * Este programa está nomeado como - e possui - linhas de código.  
22 - *  
23 - * Contatos:  
24 - *  
25 - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)  
26 - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)  
27 - *  
28 - *  
29 - * References:  
30 - *  
31 - * http://www.openssl.org/docs/ssl/  
32 - * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now  
33 - *  
34 - */  
35 -  
36 -/**  
37 - * @brief OpenSSL initialization for linux.  
38 - *  
39 - */  
40 -  
41 -#include <config.h>  
42 -#if defined(HAVE_LIBSSL)  
43 -  
44 -#include <openssl/ssl.h>  
45 -#include <openssl/err.h>  
46 -#include <openssl/x509_vfy.h>  
47 -  
48 -#ifndef SSL_ST_OK  
49 - #define SSL_ST_OK 3  
50 -#endif // !SSL_ST_OK  
51 -  
52 -#include "../../private.h"  
53 -#include <errno.h>  
54 -#include <lib3270.h>  
55 -#include <lib3270/internals.h>  
56 -#include <lib3270/trace.h>  
57 -#include <lib3270/log.h>  
58 -#include "trace_dsc.h"  
59 -  
60 -#ifdef SSL_ENABLE_CRL_CHECK  
61 - #include <openssl/x509.h>  
62 -#endif // SSL_ENABLE_CRL_CHECK  
63 -  
64 -/*--[ Implement ]------------------------------------------------------------------------------------*/  
65 -  
66 -#ifdef SSL_ENABLE_CRL_CHECK  
67 -static inline void auto_close_file(FILE **file)  
68 -{  
69 - if(*file)  
70 - fclose(*file);  
71 -}  
72 -  
73 -static inline void auto_close_crl(X509_CRL **crl)  
74 -{  
75 - if(*crl)  
76 - X509_CRL_free(*crl);  
77 -}  
78 -  
79 -static inline void auto_free_text(char **text)  
80 -{  
81 - if(*text)  
82 - lib3270_free(*text);  
83 -}  
84 -  
85 -#endif // SSL_ENABLE_CRL_CHECK  
86 -  
87 -/**  
88 - * @brief Initialize openssl library.  
89 - *  
90 - * @return 0 if ok, non zero if fails.  
91 - *  
92 - */  
93 -int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)  
94 -{  
95 - debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);  
96 -  
97 - if(ssl_ctx)  
98 - return 0;  
99 -  
100 - trace_dsn(hSession,"Initializing SSL context.\n");  
101 -  
102 - SSL_load_error_strings();  
103 - SSL_library_init();  
104 -  
105 - ssl_ctx = SSL_CTX_new(SSLv23_method());  
106 - if(ssl_ctx == NULL)  
107 - {  
108 - message->error = hSession->ssl.error = ERR_get_error();  
109 - message->title = N_( "Security error" );  
110 - message->text = N_( "Cant initialize the SSL context." );  
111 - return -1;  
112 - }  
113 -  
114 - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);  
115 - SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);  
116 -  
117 - SSL_CTX_set_default_verify_paths(ssl_ctx);  
118 -  
119 - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);  
120 -  
121 -#ifdef SSL_ENABLE_CRL_CHECK  
122 - //  
123 - // Set up CRL validation  
124 - //  
125 - // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session  
126 - //  
127 - char __attribute__ ((__cleanup__(auto_free_text))) * crl_file = lib3270_strdup_printf("%s/.cache/" PACKAGE_NAME ".crl",getenv("HOME"));  
128 - X509_CRL * __attribute__ ((__cleanup__(auto_close_crl))) crl = NULL;  
129 - FILE * __attribute__ ((__cleanup__(auto_close_file))) hCRL = fopen(crl_file,"r");  
130 -  
131 - if(!hCRL)  
132 - {  
133 - // Can't open CRL File.  
134 - message->error = hSession->ssl.error = 0;  
135 - message->title = N_( "Security error" );  
136 - message->text = N_( "Can't open CRL File" );  
137 - message->description = strerror(errno);  
138 - lib3270_write_log(hSession,"ssl","Can't open %s: %s",crl_file,message->description);  
139 - return -1;  
140 -  
141 - }  
142 -  
143 - lib3270_write_log(hSession,"ssl","Loading CRL from %s",crl_file);  
144 -  
145 - d2i_X509_CRL_fp(hCRL, &crl);  
146 -  
147 - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);  
148 - X509_STORE_add_crl(store, crl);  
149 - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();  
150 - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);  
151 - X509_STORE_set1_param(store, param);  
152 - X509_VERIFY_PARAM_free(param);  
153 -  
154 -#endif // SSL_ENABLE_CRL_CHECK  
155 -  
156 - return 0;  
157 -}  
158 -  
159 -#endif // HAVE_LIBSSL  
160 -  
161 -/*  
162 -// Load CRLs into the `X509_STORE`  
163 -  
164 -X509_STORE *x509_store = SSL_CTX_get_cert_store(ctx);  
165 -X509_STORE_add_crl(x509_store, crl);  
166 -  
167 -// Enable CRL checking  
168 -X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();  
169 -X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);  
170 -SSL_CTX_set1_param(ctx, param);  
171 -X509_VERIFY_PARAM_free(param);  
172 -  
173 -  
174 -  
175 - }  
176 -  
177 -  
178 -  
179 -  
180 -#if defined(SSL_ENABLE_CRL_CHECK)  
181 - // Set up CRL validation  
182 - // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now  
183 - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);  
184 -  
185 - // Enable CRL checking  
186 - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();  
187 - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);  
188 - X509_STORE_set1_param(store, param);  
189 - X509_VERIFY_PARAM_free(param);  
190 -  
191 - // X509_STORE_free(store);  
192 -  
193 - trace_dsn(hSession,"CRL CHECK is enabled.\n");  
194 -  
195 -#else  
196 -  
197 - trace_dsn(hSession,"CRL CHECK is disabled.\n");  
198 -  
199 -#endif // SSL_ENABLE_CRL_CHECK  
200 -  
201 -*/  
202 -  
src/lib3270/ssl/negotiate.c
  Diff comments   View file @6021974
@@ -163,6 +163,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) @@ -163,6 +163,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
163 163
164 switch(rv) 164 switch(rv)
165 { 165 {
  166 + // https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_set_error.html
166 case X509_V_OK: 167 case X509_V_OK:
167 peer = SSL_get_peer_certificate(hSession->ssl.con); 168 peer = SSL_get_peer_certificate(hSession->ssl.con);
168 169
@@ -182,6 +183,21 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) @@ -182,6 +183,21 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
182 183
183 return -1; 184 return -1;
184 185
  186 + case X509_V_ERR_CRL_NOT_YET_VALID:
  187 + trace_dsn(hSession,"%s","The CRL of a certificate is not yet valid.\n" );
  188 +
  189 + ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
  190 + ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL is not yet valid." );
  191 + ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) is not yet valid." );
  192 + return -1;
  193 +
  194 + case X509_V_ERR_CRL_HAS_EXPIRED:
  195 + trace_dsn(hSession,"%s","The CRL of a certificate has expired.\n" );
  196 + ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
  197 + ((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
  198 + ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
  199 + return -1;
  200 +
185 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 201 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
186 202
187 peer = SSL_get_peer_certificate(hSession->ssl.con); 203 peer = SSL_get_peer_certificate(hSession->ssl.con);
src/lib3270/ssl/windows/ctx_init.c
View file @7d1938c
@@ -1,176 +0,0 @@ @@ -1,176 +0,0 @@
1 -/*  
2 - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270  
3 - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a  
4 - * aplicativos mainframe. Registro no INPI sob o nome G3270.  
5 - *  
6 - * Copyright (C) <2008> <Banco do Brasil S.A.>  
7 - *  
8 - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob  
9 - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela  
10 - * Free Software Foundation.  
11 - *  
12 - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER  
13 - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO  
14 - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para  
15 - * obter mais detalhes.  
16 - *  
17 - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este  
18 - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin  
19 - * St, Fifth Floor, Boston, MA 02110-1301 USA  
20 - *  
21 - * Este programa está nomeado como - e possui - linhas de código.  
22 - *  
23 - * Contatos:  
24 - *  
25 - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)  
26 - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)  
27 - *  
28 - *  
29 - * References:  
30 - *  
31 - * http://www.openssl.org/docs/ssl/  
32 - * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now  
33 - *  
34 - */  
35 -  
36 -/**  
37 - * @brief OpenSSL initialization for windows.  
38 - *  
39 - */  
40 -  
41 -#include <config.h>  
42 -#if defined(HAVE_LIBSSL)  
43 -#include <openssl/ssl.h>  
44 -#include <openssl/err.h>  
45 -#include <openssl/x509_vfy.h>  
46 -  
47 -#ifndef SSL_ST_OK  
48 - #define SSL_ST_OK 3  
49 -#endif // !SSL_ST_OK  
50 -  
51 -#include "../../private.h"  
52 -#include <errno.h>  
53 -#include <lib3270.h>  
54 -#include <lib3270/internals.h>  
55 -#include <lib3270/trace.h>  
56 -#include "trace_dsc.h"  
57 -  
58 -/*--[ Implement ]------------------------------------------------------------------------------------*/  
59 -  
60 -/**  
61 - * @brief Initialize openssl library.  
62 - *  
63 - * @return 0 if ok, non zero if fails.  
64 - *  
65 - */  
66 -int ssl_ctx_init(H3270 *hSession)  
67 -{  
68 - debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);  
69 -  
70 - if(ssl_ctx)  
71 - return 0;  
72 -  
73 - trace_dsn(hSession,"Initializing SSL context.\n");  
74 -  
75 - SSL_load_error_strings();  
76 - SSL_library_init();  
77 -  
78 - ssl_ctx = SSL_CTX_new(SSLv23_method());  
79 - if(ssl_ctx == NULL)  
80 - return -1;  
81 -  
82 - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);  
83 - SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);  
84 - SSL_CTX_set_default_verify_paths(ssl_ctx);  
85 -  
86 - //  
87 - // Get path from windows registry.  
88 - //  
89 - HKEY hKey = 0;  
90 -  
91 - if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\" PACKAGE_NAME,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS)  
92 - {  
93 - char data[4096];  
94 - unsigned long datalen = sizeof(data); // data field length(in), data returned length(out)  
95 - unsigned long datatype; // #defined in winnt.h (predefined types 0-11)  
96 -  
97 - if(RegQueryValueExA(hKey,"datadir",NULL,&datatype,(LPBYTE) data,&datalen) == ERROR_SUCCESS)  
98 - {  
99 - strncat(data,"\\certs",4095);  
100 -  
101 - if(!SSL_CTX_load_verify_locations(ssl_ctx,NULL,data))  
102 - {  
103 - hSession->ssl.error = ERR_get_error();  
104 -  
105 - trace_dsn(  
106 - hSession,  
107 - "Cant set default locations for trusted CA certificates to %s\n%s\m"  
108 - data,  
109 - ERR_lib_error_string(hSession->ssl.error)  
110 - );  
111 -  
112 - lib3270_write_log(  
113 - hSession,  
114 - "ssl",  
115 - "Cant set default locations for trusted CA certificates to %s\n%s",  
116 - data,  
117 - ERR_lib_error_string(hSession->ssl.error)  
118 - );  
119 -  
120 - }  
121 - }  
122 - RegCloseKey(hKey);  
123 - }  
124 -  
125 - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);  
126 -  
127 - //  
128 - // Initialize CUSTOM CRL CHECK  
129 - //  
130 -  
131 - return 0;  
132 -}  
133 -  
134 -#endif // HAVE_LIBSSL  
135 -  
136 -/*  
137 -// Load CRLs into the `X509_STORE`  
138 -  
139 -X509_STORE *x509_store = SSL_CTX_get_cert_store(ctx);  
140 -X509_STORE_add_crl(x509_store, crl);  
141 -  
142 -// Enable CRL checking  
143 -X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();  
144 -X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);  
145 -SSL_CTX_set1_param(ctx, param);  
146 -X509_VERIFY_PARAM_free(param);  
147 -  
148 -  
149 -  
150 - }  
151 -  
152 -  
153 -  
154 -/*  
155 -#if defined(SSL_ENABLE_CRL_CHECK)  
156 - // Set up CRL validation  
157 - // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now  
158 - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);  
159 -  
160 - // Enable CRL checking  
161 - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();  
162 - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);  
163 - X509_STORE_set1_param(store, param);  
164 - X509_VERIFY_PARAM_free(param);  
165 -  
166 - // X509_STORE_free(store);  
167 -  
168 - trace_dsn(hSession,"CRL CHECK is enabled.\n");  
169 -  
170 -#else  
171 -  
172 - trace_dsn(hSession,"CRL CHECK is disabled.\n");  
173 -  
174 -#endif // SSL_ENABLE_CRL_CHECK  
175 -*/  
176 -  
src/lib3270/util.c
  Diff comments   View file @6021974
@@ -504,6 +504,13 @@ LIB3270_EXPORT void * lib3270_free(void *p) @@ -504,6 +504,13 @@ LIB3270_EXPORT void * lib3270_free(void *p)
504 return NULL; 504 return NULL;
505 } 505 }
506 506
  507 +LIB3270_EXPORT void lib3270_autoptr_cleanup_char(char **ptr)
  508 +{
  509 + if(*ptr)
  510 + free(*ptr);
  511 + *ptr = NULL;
  512 +}
  513 +
507 LIB3270_EXPORT void * lib3270_realloc(void *p, int len) 514 LIB3270_EXPORT void * lib3270_realloc(void *p, int len)
508 { 515 {
509 p = realloc(p, len); 516 p = realloc(p, len);