diff --git a/src/include/networking.h b/src/include/networking.h index f1f83e3..f2204fe 100644 --- a/src/include/networking.h +++ b/src/include/networking.h @@ -137,7 +137,8 @@ LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state); - LIB3270_INTERNAL void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state); + LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state); + LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession); #endif // LIB3270_NETWORKING_H_INCLUDED diff --git a/src/network_modules/openssl.c b/src/network_modules/openssl.c index c6fcd7d..206b111 100644 --- a/src/network_modules/openssl.c +++ b/src/network_modules/openssl.c @@ -121,7 +121,7 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); - SSL_CTX * ctx_context = (SSL_CTX *) lib3270_get_openssl_context(state,state); + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); if(!ctx_context) return -1; @@ -174,11 +174,73 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state } -static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) { +static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *state) { + + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); + if(!ctx_context) + return -1; LIB3270_NET_CONTEXT * context = hSession->network.context; + debug("%s",__FUNCTION__); + + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); + context->con = SSL_new(ctx_context); + if(context->con == NULL) + { + static const LIB3270_POPUP popup = { + .type = LIB3270_NOTIFY_SECURE, + .summary = N_( "Cant create a new SSL structure for current connection." ) + }; + + state->popup = &popup; + return -1; + } + + SSL_set_ex_data(context->con,lib3270_openssl_get_ex_index(hSession),(char *) hSession); +// SSL_set_verify(context->con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + SSL_set_verify(context->con, 0, NULL); + + if(SSL_set_fd(context->con, context->sock) != 1) + { + trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); + + static const LIB3270_POPUP popup = { + .summary = N_( "SSL negotiation failed" ), + .body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." ) + }; + + state->popup = &popup; + return -1; + + } + + trace_ssl(hSession, "%s","Running SSL_connect\n"); + int rv = SSL_connect(context->con); + trace_ssl(hSession, "SSL_connect exits with rc=%d\n",rv); + + if (rv != 1) + { + int code = SSL_get_error(context->con,rv); + + if(code == SSL_ERROR_SYSCALL && hSession->ssl.error) + code = hSession->ssl.error; + + state->error_message = ERR_lib_error_string(code); + + trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code)); + + static const LIB3270_POPUP popup = { + .type = LIB3270_NOTIFY_ERROR, + .summary = N_( "SSL Connect failed" ), + }; + + state->popup = &popup; + return -1; + + } + return 0; } void lib3270_set_openssl_network_module(H3270 *hSession) { diff --git a/src/ssl/linux/init.c b/src/ssl/linux/init.c index 0f6e5c2..66aa46c 100644 --- a/src/ssl/linux/init.c +++ b/src/ssl/linux/init.c @@ -63,12 +63,12 @@ /*--[ Implement ]------------------------------------------------------------------------------------*/ // @brief Index of h3270 handle in SSL session. -static int ssl_3270_ex_index; +static int ssl_ex_index = 0; /// @brief Callback for tracing protocol negotiation. static void info_callback(INFO_CONST SSL *s, int where, int ret) { - H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index); + H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index); switch(where) { @@ -144,7 +144,7 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret) } } -void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) { +void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) { static SSL_CTX * context = NULL; @@ -174,7 +174,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state SSL_CTX_set_default_verify_paths(context); - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); + ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); #ifdef SSL_ENABLE_CRL_CHECK @@ -192,3 +192,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state return context; } + +int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) { + return ssl_ex_index; +} -- libgit2 0.21.2