Download as
Browse Code »

Commit 6cc9e2d476eff1657289fcf2b3d96f800116ec0a

Authored by Perry Werneck
1 parent 2fa61268
Exists in master and in 3 other branches develop, macos, network_module

Implementing openssl network module.

Showing 3 changed files with 74 additions and 7 deletions   Show diff stats
src/include/networking.h
  Diff comments   View file @6cc9e2d
... ... @@ -137,7 +137,8 @@
137 137 LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state);
138 138  
139 139  
140   - LIB3270_INTERNAL void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
  140 + LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
  141 + LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession);
141 142  
142 143 #endif // LIB3270_NETWORKING_H_INCLUDED
143 144  
... ...
src/network_modules/openssl.c
  Diff comments   View file @6cc9e2d
... ... @@ -121,7 +121,7 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
121 121  
122 122 set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
123 123  
124   - SSL_CTX * ctx_context = (SSL_CTX *) lib3270_get_openssl_context(state,state);
  124 + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state);
125 125 if(!ctx_context)
126 126 return -1;
127 127  
... ... @@ -174,11 +174,73 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
174 174  
175 175 }
176 176  
177   -static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) {
  177 +static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  178 +
  179 + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state);
  180 + if(!ctx_context)
  181 + return -1;
178 182  
179 183 LIB3270_NET_CONTEXT * context = hSession->network.context;
180 184  
  185 + debug("%s",__FUNCTION__);
  186 +
  187 + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);
  188 + context->con = SSL_new(ctx_context);
  189 + if(context->con == NULL)
  190 + {
  191 + static const LIB3270_POPUP popup = {
  192 + .type = LIB3270_NOTIFY_SECURE,
  193 + .summary = N_( "Cant create a new SSL structure for current connection." )
  194 + };
  195 +
  196 + state->popup = &popup;
  197 + return -1;
  198 + }
  199 +
  200 + SSL_set_ex_data(context->con,lib3270_openssl_get_ex_index(hSession),(char *) hSession);
  201 +// SSL_set_verify(context->con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
  202 + SSL_set_verify(context->con, 0, NULL);
  203 +
  204 + if(SSL_set_fd(context->con, context->sock) != 1)
  205 + {
  206 + trace_ssl(hSession,"%s","SSL_set_fd failed!\n");
  207 +
  208 + static const LIB3270_POPUP popup = {
  209 + .summary = N_( "SSL negotiation failed" ),
  210 + .body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." )
  211 + };
  212 +
  213 + state->popup = &popup;
  214 + return -1;
  215 +
  216 + }
  217 +
  218 + trace_ssl(hSession, "%s","Running SSL_connect\n");
  219 + int rv = SSL_connect(context->con);
  220 + trace_ssl(hSession, "SSL_connect exits with rc=%d\n",rv);
  221 +
  222 + if (rv != 1)
  223 + {
  224 + int code = SSL_get_error(context->con,rv);
  225 +
  226 + if(code == SSL_ERROR_SYSCALL && hSession->ssl.error)
  227 + code = hSession->ssl.error;
  228 +
  229 + state->error_message = ERR_lib_error_string(code);
  230 +
  231 + trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code));
  232 +
  233 + static const LIB3270_POPUP popup = {
  234 + .type = LIB3270_NOTIFY_ERROR,
  235 + .summary = N_( "SSL Connect failed" ),
  236 + };
  237 +
  238 + state->popup = &popup;
  239 + return -1;
  240 +
  241 + }
181 242  
  243 + return 0;
182 244 }
183 245  
184 246 void lib3270_set_openssl_network_module(H3270 *hSession) {
... ...
src/ssl/linux/init.c
  Diff comments   View file @6cc9e2d
... ... @@ -63,12 +63,12 @@
63 63 /*--[ Implement ]------------------------------------------------------------------------------------*/
64 64  
65 65 // @brief Index of h3270 handle in SSL session.
66   -static int ssl_3270_ex_index;
  66 +static int ssl_ex_index = 0;
67 67  
68 68 /// @brief Callback for tracing protocol negotiation.
69 69 static void info_callback(INFO_CONST SSL *s, int where, int ret)
70 70 {
71   - H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index);
  71 + H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index);
72 72  
73 73 switch(where)
74 74 {
... ... @@ -144,7 +144,7 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret)
144 144 }
145 145 }
146 146  
147   -void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  147 +void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
148 148  
149 149 static SSL_CTX * context = NULL;
150 150  
... ... @@ -174,7 +174,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state
174 174  
175 175 SSL_CTX_set_default_verify_paths(context);
176 176  
177   - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
  177 + ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
178 178  
179 179 #ifdef SSL_ENABLE_CRL_CHECK
180 180  
... ... @@ -192,3 +192,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state
192 192 return context;
193 193  
194 194 }
  195 +
  196 +int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
  197 + return ssl_ex_index;
  198 +}
... ...