Commit 6cc9e2d476eff1657289fcf2b3d96f800116ec0a
1 parent
2fa61268
Exists in
master
and in
3 other branches
Implementing openssl network module.
Showing
3 changed files
with
74 additions
and
7 deletions
Show diff stats
src/include/networking.h
| @@ -137,7 +137,8 @@ | @@ -137,7 +137,8 @@ | ||
| 137 | LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state); | 137 | LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state); |
| 138 | 138 | ||
| 139 | 139 | ||
| 140 | - LIB3270_INTERNAL void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state); | 140 | + LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state); |
| 141 | + LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession); | ||
| 141 | 142 | ||
| 142 | #endif // LIB3270_NETWORKING_H_INCLUDED | 143 | #endif // LIB3270_NETWORKING_H_INCLUDED |
| 143 | 144 |
src/network_modules/openssl.c
| @@ -121,7 +121,7 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state | @@ -121,7 +121,7 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state | ||
| 121 | 121 | ||
| 122 | set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); | 122 | set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); |
| 123 | 123 | ||
| 124 | - SSL_CTX * ctx_context = (SSL_CTX *) lib3270_get_openssl_context(state,state); | 124 | + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); |
| 125 | if(!ctx_context) | 125 | if(!ctx_context) |
| 126 | return -1; | 126 | return -1; |
| 127 | 127 | ||
| @@ -174,11 +174,73 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state | @@ -174,11 +174,73 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state | ||
| 174 | 174 | ||
| 175 | } | 175 | } |
| 176 | 176 | ||
| 177 | -static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) { | 177 | +static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *state) { |
| 178 | + | ||
| 179 | + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); | ||
| 180 | + if(!ctx_context) | ||
| 181 | + return -1; | ||
| 178 | 182 | ||
| 179 | LIB3270_NET_CONTEXT * context = hSession->network.context; | 183 | LIB3270_NET_CONTEXT * context = hSession->network.context; |
| 180 | 184 | ||
| 185 | + debug("%s",__FUNCTION__); | ||
| 186 | + | ||
| 187 | + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | ||
| 188 | + context->con = SSL_new(ctx_context); | ||
| 189 | + if(context->con == NULL) | ||
| 190 | + { | ||
| 191 | + static const LIB3270_POPUP popup = { | ||
| 192 | + .type = LIB3270_NOTIFY_SECURE, | ||
| 193 | + .summary = N_( "Cant create a new SSL structure for current connection." ) | ||
| 194 | + }; | ||
| 195 | + | ||
| 196 | + state->popup = &popup; | ||
| 197 | + return -1; | ||
| 198 | + } | ||
| 199 | + | ||
| 200 | + SSL_set_ex_data(context->con,lib3270_openssl_get_ex_index(hSession),(char *) hSession); | ||
| 201 | +// SSL_set_verify(context->con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); | ||
| 202 | + SSL_set_verify(context->con, 0, NULL); | ||
| 203 | + | ||
| 204 | + if(SSL_set_fd(context->con, context->sock) != 1) | ||
| 205 | + { | ||
| 206 | + trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | ||
| 207 | + | ||
| 208 | + static const LIB3270_POPUP popup = { | ||
| 209 | + .summary = N_( "SSL negotiation failed" ), | ||
| 210 | + .body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." ) | ||
| 211 | + }; | ||
| 212 | + | ||
| 213 | + state->popup = &popup; | ||
| 214 | + return -1; | ||
| 215 | + | ||
| 216 | + } | ||
| 217 | + | ||
| 218 | + trace_ssl(hSession, "%s","Running SSL_connect\n"); | ||
| 219 | + int rv = SSL_connect(context->con); | ||
| 220 | + trace_ssl(hSession, "SSL_connect exits with rc=%d\n",rv); | ||
| 221 | + | ||
| 222 | + if (rv != 1) | ||
| 223 | + { | ||
| 224 | + int code = SSL_get_error(context->con,rv); | ||
| 225 | + | ||
| 226 | + if(code == SSL_ERROR_SYSCALL && hSession->ssl.error) | ||
| 227 | + code = hSession->ssl.error; | ||
| 228 | + | ||
| 229 | + state->error_message = ERR_lib_error_string(code); | ||
| 230 | + | ||
| 231 | + trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code)); | ||
| 232 | + | ||
| 233 | + static const LIB3270_POPUP popup = { | ||
| 234 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 235 | + .summary = N_( "SSL Connect failed" ), | ||
| 236 | + }; | ||
| 237 | + | ||
| 238 | + state->popup = &popup; | ||
| 239 | + return -1; | ||
| 240 | + | ||
| 241 | + } | ||
| 181 | 242 | ||
| 243 | + return 0; | ||
| 182 | } | 244 | } |
| 183 | 245 | ||
| 184 | void lib3270_set_openssl_network_module(H3270 *hSession) { | 246 | void lib3270_set_openssl_network_module(H3270 *hSession) { |
src/ssl/linux/init.c
| @@ -63,12 +63,12 @@ | @@ -63,12 +63,12 @@ | ||
| 63 | /*--[ Implement ]------------------------------------------------------------------------------------*/ | 63 | /*--[ Implement ]------------------------------------------------------------------------------------*/ |
| 64 | 64 | ||
| 65 | // @brief Index of h3270 handle in SSL session. | 65 | // @brief Index of h3270 handle in SSL session. |
| 66 | -static int ssl_3270_ex_index; | 66 | +static int ssl_ex_index = 0; |
| 67 | 67 | ||
| 68 | /// @brief Callback for tracing protocol negotiation. | 68 | /// @brief Callback for tracing protocol negotiation. |
| 69 | static void info_callback(INFO_CONST SSL *s, int where, int ret) | 69 | static void info_callback(INFO_CONST SSL *s, int where, int ret) |
| 70 | { | 70 | { |
| 71 | - H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index); | 71 | + H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index); |
| 72 | 72 | ||
| 73 | switch(where) | 73 | switch(where) |
| 74 | { | 74 | { |
| @@ -144,7 +144,7 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret) | @@ -144,7 +144,7 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret) | ||
| 144 | } | 144 | } |
| 145 | } | 145 | } |
| 146 | 146 | ||
| 147 | -void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | 147 | +void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) { |
| 148 | 148 | ||
| 149 | static SSL_CTX * context = NULL; | 149 | static SSL_CTX * context = NULL; |
| 150 | 150 | ||
| @@ -174,7 +174,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state | @@ -174,7 +174,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state | ||
| 174 | 174 | ||
| 175 | SSL_CTX_set_default_verify_paths(context); | 175 | SSL_CTX_set_default_verify_paths(context); |
| 176 | 176 | ||
| 177 | - ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); | 177 | + ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); |
| 178 | 178 | ||
| 179 | #ifdef SSL_ENABLE_CRL_CHECK | 179 | #ifdef SSL_ENABLE_CRL_CHECK |
| 180 | 180 | ||
| @@ -192,3 +192,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state | @@ -192,3 +192,7 @@ void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state | ||
| 192 | return context; | 192 | return context; |
| 193 | 193 | ||
| 194 | } | 194 | } |
| 195 | + | ||
| 196 | +int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) { | ||
| 197 | + return ssl_ex_index; | ||
| 198 | +} |