Commit 7d1938cc9f4f90345014d53999db035f0b522ca4
1 parent
b8383bb6
Exists in
master
and in
3 other branches
Implementing SSL CRL Check.
Showing
7 changed files
with
116 additions
and
67 deletions
Show diff stats
.gitignore
Makefile.in
| @@ -154,22 +154,24 @@ install: \ | @@ -154,22 +154,24 @@ install: \ | ||
| 154 | install-dev | 154 | install-dev |
| 155 | 155 | ||
| 156 | install-shared: | 156 | install-shared: |
| 157 | - $(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270 $@ | ||
| 158 | - $(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270++ $@ | 157 | + @$(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270 $@ |
| 158 | + @$(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270++ $@ | ||
| 159 | 159 | ||
| 160 | install-static: | 160 | install-static: |
| 161 | - $(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270 $@ | ||
| 162 | - $(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270++ $@ | 161 | + @$(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270 $@ |
| 162 | + @$(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270++ $@ | ||
| 163 | 163 | ||
| 164 | install-dev: | 164 | install-dev: |
| 165 | - $(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270 $@ | ||
| 166 | - $(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270++ $@ | 165 | + @$(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270 $@ |
| 166 | + @$(MAKE) DESTDIR=$(DESTDIR) -C src/lib3270++ $@ | ||
| 167 | 167 | ||
| 168 | #---[ Debug Targets ]-------------------------------------------------------------------- | 168 | #---[ Debug Targets ]-------------------------------------------------------------------- |
| 169 | 169 | ||
| 170 | Debug: \ | 170 | Debug: \ |
| 171 | $(BINDBG)/lib@LIB3270_NAME@@DLLEXT@ | 171 | $(BINDBG)/lib@LIB3270_NAME@@DLLEXT@ |
| 172 | 172 | ||
| 173 | +run: | ||
| 174 | + @$(MAKE) -C src/lib3270 $@ | ||
| 173 | 175 | ||
| 174 | #---[ Clean Targets ]-------------------------------------------------------------------- | 176 | #---[ Clean Targets ]-------------------------------------------------------------------- |
| 175 | 177 |
configure.ac
| @@ -332,6 +332,18 @@ if test "$app_cv_self_signed_certs" == "yes"; then | @@ -332,6 +332,18 @@ if test "$app_cv_self_signed_certs" == "yes"; then | ||
| 332 | AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT) | 332 | AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT) |
| 333 | fi | 333 | fi |
| 334 | 334 | ||
| 335 | +AC_ARG_ENABLE([ssl-crl-check], | ||
| 336 | + [AS_HELP_STRING([--enable-ssl-crl-check], [Enable use of SSL Certificate Revocation List])], | ||
| 337 | +[ | ||
| 338 | + app_cv_enable_crl_check="$enableval" | ||
| 339 | +],[ | ||
| 340 | + app_cv_enable_crl_check="no" | ||
| 341 | +]) | ||
| 342 | + | ||
| 343 | +if test "$app_cv_self_signed_certs" == "yes"; then | ||
| 344 | + AC_DEFINE(SSL_ENABLE_CRL_CHECK) | ||
| 345 | +fi | ||
| 346 | + | ||
| 335 | dnl --------------------------------------------------------------------------- | 347 | dnl --------------------------------------------------------------------------- |
| 336 | dnl Check for pic | 348 | dnl Check for pic |
| 337 | dnl --------------------------------------------------------------------------- | 349 | dnl --------------------------------------------------------------------------- |
src/include/config.h.in
| @@ -50,6 +50,7 @@ | @@ -50,6 +50,7 @@ | ||
| 50 | #undef HAVE_LDAP | 50 | #undef HAVE_LDAP |
| 51 | #undef HAVE_LIBSSL | 51 | #undef HAVE_LIBSSL |
| 52 | #undef SSL_ALLOW_SELF_SIGNED_CERT | 52 | #undef SSL_ALLOW_SELF_SIGNED_CERT |
| 53 | + #undef SSL_ENABLE_CRL_CHECK | ||
| 53 | 54 | ||
| 54 | /* Windows Options */ | 55 | /* Windows Options */ |
| 55 | #ifdef WIN32 | 56 | #ifdef WIN32 |
src/lib3270/private.h
| @@ -664,12 +664,20 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); | @@ -664,12 +664,20 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); | ||
| 664 | 664 | ||
| 665 | #if defined(HAVE_LIBSSL) /*[*/ | 665 | #if defined(HAVE_LIBSSL) /*[*/ |
| 666 | 666 | ||
| 667 | - LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession); | 667 | + typedef struct _ssl_error_message |
| 668 | + { | ||
| 669 | + int error; | ||
| 670 | + const char * title; | ||
| 671 | + const char * text; | ||
| 672 | + const char * description; | ||
| 673 | + } SSL_ERROR_MESSAGE; | ||
| 674 | + | ||
| 675 | + | ||
| 676 | + LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message); | ||
| 668 | LIB3270_INTERNAL int ssl_init(H3270 *session); | 677 | LIB3270_INTERNAL int ssl_init(H3270 *session); |
| 669 | LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession); | 678 | LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession); |
| 670 | LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state); | 679 | LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state); |
| 671 | 680 | ||
| 672 | - | ||
| 673 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/ | 681 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/ |
| 674 | #define INFO_CONST const | 682 | #define INFO_CONST const |
| 675 | #else /*][*/ | 683 | #else /*][*/ |
src/lib3270/ssl/linux/ctx_init.c
| @@ -54,17 +54,43 @@ | @@ -54,17 +54,43 @@ | ||
| 54 | #include <lib3270.h> | 54 | #include <lib3270.h> |
| 55 | #include <lib3270/internals.h> | 55 | #include <lib3270/internals.h> |
| 56 | #include <lib3270/trace.h> | 56 | #include <lib3270/trace.h> |
| 57 | +#include <lib3270/log.h> | ||
| 57 | #include "trace_dsc.h" | 58 | #include "trace_dsc.h" |
| 58 | 59 | ||
| 60 | +#ifdef SSL_ENABLE_CRL_CHECK | ||
| 61 | + #include <openssl/x509.h> | ||
| 62 | +#endif // SSL_ENABLE_CRL_CHECK | ||
| 63 | + | ||
| 59 | /*--[ Implement ]------------------------------------------------------------------------------------*/ | 64 | /*--[ Implement ]------------------------------------------------------------------------------------*/ |
| 60 | 65 | ||
| 66 | +#ifdef SSL_ENABLE_CRL_CHECK | ||
| 67 | +static inline void auto_close_file(FILE **file) | ||
| 68 | +{ | ||
| 69 | + if(*file) | ||
| 70 | + fclose(*file); | ||
| 71 | +} | ||
| 72 | + | ||
| 73 | +static inline void auto_close_crl(X509_CRL **crl) | ||
| 74 | +{ | ||
| 75 | + if(*crl) | ||
| 76 | + X509_CRL_free(*crl); | ||
| 77 | +} | ||
| 78 | + | ||
| 79 | +static inline void auto_free_text(char **text) | ||
| 80 | +{ | ||
| 81 | + if(*text) | ||
| 82 | + lib3270_free(*text); | ||
| 83 | +} | ||
| 84 | + | ||
| 85 | +#endif // SSL_ENABLE_CRL_CHECK | ||
| 86 | + | ||
| 61 | /** | 87 | /** |
| 62 | * @brief Initialize openssl library. | 88 | * @brief Initialize openssl library. |
| 63 | * | 89 | * |
| 64 | * @return 0 if ok, non zero if fails. | 90 | * @return 0 if ok, non zero if fails. |
| 65 | * | 91 | * |
| 66 | */ | 92 | */ |
| 67 | -int ssl_ctx_init(H3270 *hSession) | 93 | +int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) |
| 68 | { | 94 | { |
| 69 | debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx); | 95 | debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx); |
| 70 | 96 | ||
| @@ -78,40 +104,54 @@ int ssl_ctx_init(H3270 *hSession) | @@ -78,40 +104,54 @@ int ssl_ctx_init(H3270 *hSession) | ||
| 78 | 104 | ||
| 79 | ssl_ctx = SSL_CTX_new(SSLv23_method()); | 105 | ssl_ctx = SSL_CTX_new(SSLv23_method()); |
| 80 | if(ssl_ctx == NULL) | 106 | if(ssl_ctx == NULL) |
| 107 | + { | ||
| 108 | + message->error = hSession->ssl.error = ERR_get_error(); | ||
| 109 | + message->title = N_( "Security error" ); | ||
| 110 | + message->text = N_( "Cant initialize the SSL context." ); | ||
| 81 | return -1; | 111 | return -1; |
| 112 | + } | ||
| 82 | 113 | ||
| 83 | SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); | 114 | SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); |
| 84 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); | 115 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); |
| 85 | 116 | ||
| 86 | SSL_CTX_set_default_verify_paths(ssl_ctx); | 117 | SSL_CTX_set_default_verify_paths(ssl_ctx); |
| 87 | 118 | ||
| 88 | - /* | ||
| 89 | - static const char * ssldir[] = | ||
| 90 | - { | ||
| 91 | -#ifdef DATAROOTDIR | ||
| 92 | - DATAROOTDIR "/" PACKAGE_NAME "/certs", | ||
| 93 | -#endif // DATAROOTDIR | ||
| 94 | -#ifdef SYSCONFDIR | ||
| 95 | - SYSCONFDIR "/ssl/certs", | ||
| 96 | - SYSCONFDIR "/certs", | ||
| 97 | -#endif | ||
| 98 | - "/etc/ssl/certs" | ||
| 99 | - }; | ||
| 100 | - | ||
| 101 | - size_t f; | ||
| 102 | - | ||
| 103 | - for(f = 0;f < sizeof(ssldir) / sizeof(ssldir[0]);f++) | ||
| 104 | - { | ||
| 105 | - SSL_CTX_load_verify_locations(ssl_ctx,NULL,ssldir[f]); | ||
| 106 | - } | ||
| 107 | - */ | ||
| 108 | - | ||
| 109 | ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); | 119 | ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); |
| 110 | 120 | ||
| 121 | +#ifdef SSL_ENABLE_CRL_CHECK | ||
| 122 | + // | ||
| 123 | + // Set up CRL validation | ||
| 111 | // | 124 | // |
| 112 | - // Initialize CUSTOM CRL CHECK | 125 | + // https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session |
| 113 | // | 126 | // |
| 127 | + char __attribute__ ((__cleanup__(auto_free_text))) * crl_file = lib3270_strdup_printf("%s/.cache/" PACKAGE_NAME ".crl",getenv("HOME")); | ||
| 128 | + X509_CRL * __attribute__ ((__cleanup__(auto_close_crl))) crl = NULL; | ||
| 129 | + FILE * __attribute__ ((__cleanup__(auto_close_file))) hCRL = fopen(crl_file,"r"); | ||
| 130 | + | ||
| 131 | + if(!hCRL) | ||
| 132 | + { | ||
| 133 | + // Can't open CRL File. | ||
| 134 | + message->error = hSession->ssl.error = 0; | ||
| 135 | + message->title = N_( "Security error" ); | ||
| 136 | + message->text = N_( "Can't open CRL File" ); | ||
| 137 | + message->description = strerror(errno); | ||
| 138 | + lib3270_write_log(hSession,"ssl","Can't open %s: %s",crl_file,message->description); | ||
| 139 | + return -1; | ||
| 140 | + | ||
| 141 | + } | ||
| 142 | + | ||
| 143 | + lib3270_write_log(hSession,"ssl","Loading CRL from %s",crl_file); | ||
| 114 | 144 | ||
| 145 | + d2i_X509_CRL_fp(hCRL, &crl); | ||
| 146 | + | ||
| 147 | + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | ||
| 148 | + X509_STORE_add_crl(store, crl); | ||
| 149 | + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); | ||
| 150 | + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | ||
| 151 | + X509_STORE_set1_param(store, param); | ||
| 152 | + X509_VERIFY_PARAM_free(param); | ||
| 153 | + | ||
| 154 | +#endif // SSL_ENABLE_CRL_CHECK | ||
| 115 | 155 | ||
| 116 | return 0; | 156 | return 0; |
| 117 | } | 157 | } |
src/lib3270/ssl/negotiate.c
| @@ -70,15 +70,6 @@ | @@ -70,15 +70,6 @@ | ||
| 70 | */ | 70 | */ |
| 71 | SSL_CTX * ssl_ctx = NULL; | 71 | SSL_CTX * ssl_ctx = NULL; |
| 72 | 72 | ||
| 73 | -struct ssl_error_message | ||
| 74 | -{ | ||
| 75 | - int error; | ||
| 76 | - const char * title; | ||
| 77 | - const char * text; | ||
| 78 | - const char * description; | ||
| 79 | -}; | ||
| 80 | - | ||
| 81 | - | ||
| 82 | /** | 73 | /** |
| 83 | * @brief Initialize openssl session. | 74 | * @brief Initialize openssl session. |
| 84 | * | 75 | * |
| @@ -94,15 +85,9 @@ static int background_ssl_init(H3270 *hSession, void *message) | @@ -94,15 +85,9 @@ static int background_ssl_init(H3270 *hSession, void *message) | ||
| 94 | hSession->ssl.error = 0; | 85 | hSession->ssl.error = 0; |
| 95 | hSession->ssl.host = False; | 86 | hSession->ssl.host = False; |
| 96 | 87 | ||
| 97 | - if(ssl_ctx_init(hSession)) { | ||
| 98 | - | ||
| 99 | - ((struct ssl_error_message *) message)->error = hSession->ssl.error = ERR_get_error(); | ||
| 100 | - ((struct ssl_error_message *) message)->title = N_( "Security error" ); | ||
| 101 | - ((struct ssl_error_message *) message)->text = N_( "SSL context initialization has failed" ); | ||
| 102 | - | 88 | + if(ssl_ctx_init(hSession, (SSL_ERROR_MESSAGE *) message)) { |
| 103 | set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); | 89 | set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); |
| 104 | hSession->ssl.host = False; | 90 | hSession->ssl.host = False; |
| 105 | - | ||
| 106 | return -1; | 91 | return -1; |
| 107 | } | 92 | } |
| 108 | 93 | ||
| @@ -112,9 +97,9 @@ static int background_ssl_init(H3270 *hSession, void *message) | @@ -112,9 +97,9 @@ static int background_ssl_init(H3270 *hSession, void *message) | ||
| 112 | hSession->ssl.con = SSL_new(ssl_ctx); | 97 | hSession->ssl.con = SSL_new(ssl_ctx); |
| 113 | if(hSession->ssl.con == NULL) | 98 | if(hSession->ssl.con == NULL) |
| 114 | { | 99 | { |
| 115 | - ((struct ssl_error_message *) message)->error = hSession->ssl.error = ERR_get_error(); | ||
| 116 | - ((struct ssl_error_message *) message)->title = N_( "Security error" ); | ||
| 117 | - ((struct ssl_error_message *) message)->text = N_( "Cant create a new SSL structure for current connection." ); | 100 | + ((SSL_ERROR_MESSAGE *) message)->error = hSession->ssl.error = ERR_get_error(); |
| 101 | + ((SSL_ERROR_MESSAGE *) message)->title = N_( "Security error" ); | ||
| 102 | + ((SSL_ERROR_MESSAGE *) message)->text = N_( "Cant create a new SSL structure for current connection." ); | ||
| 118 | return -1; | 103 | return -1; |
| 119 | } | 104 | } |
| 120 | 105 | ||
| @@ -142,9 +127,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -142,9 +127,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 142 | { | 127 | { |
| 143 | trace_dsn(hSession,"%s","SSL_set_fd failed!\n"); | 128 | trace_dsn(hSession,"%s","SSL_set_fd failed!\n"); |
| 144 | 129 | ||
| 145 | - ((struct ssl_error_message *) message)->title = N_( "Security error" ); | ||
| 146 | - ((struct ssl_error_message *) message)->text = N_( "SSL negotiation failed" ); | ||
| 147 | - ((struct ssl_error_message *) message)->description = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." ); | 130 | + ((SSL_ERROR_MESSAGE *) message)->title = N_( "Security error" ); |
| 131 | + ((SSL_ERROR_MESSAGE *) message)->text = N_( "SSL negotiation failed" ); | ||
| 132 | + ((SSL_ERROR_MESSAGE *) message)->description = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." ); | ||
| 148 | 133 | ||
| 149 | return -1; | 134 | return -1; |
| 150 | } | 135 | } |
| @@ -157,16 +142,16 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -157,16 +142,16 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 157 | { | 142 | { |
| 158 | const char * msg = ""; | 143 | const char * msg = ""; |
| 159 | 144 | ||
| 160 | - ((struct ssl_error_message *) message)->error = SSL_get_error(hSession->ssl.con,rv); | ||
| 161 | - if(((struct ssl_error_message *) message)->error == SSL_ERROR_SYSCALL && hSession->ssl.error) | ||
| 162 | - ((struct ssl_error_message *) message)->error = hSession->ssl.error; | 145 | + ((SSL_ERROR_MESSAGE *) message)->error = SSL_get_error(hSession->ssl.con,rv); |
| 146 | + if(((SSL_ERROR_MESSAGE *) message)->error == SSL_ERROR_SYSCALL && hSession->ssl.error) | ||
| 147 | + ((SSL_ERROR_MESSAGE *) message)->error = hSession->ssl.error; | ||
| 163 | 148 | ||
| 164 | - msg = ERR_lib_error_string(((struct ssl_error_message *) message)->error); | 149 | + msg = ERR_lib_error_string(((SSL_ERROR_MESSAGE *) message)->error); |
| 165 | 150 | ||
| 166 | trace_dsn(hSession,"SSL_connect failed: %s %s\n",msg,ERR_reason_error_string(hSession->ssl.error)); | 151 | trace_dsn(hSession,"SSL_connect failed: %s %s\n",msg,ERR_reason_error_string(hSession->ssl.error)); |
| 167 | 152 | ||
| 168 | - ((struct ssl_error_message *) message)->title = N_( "Security error" ); | ||
| 169 | - ((struct ssl_error_message *) message)->text = N_( "SSL Connect failed" ); | 153 | + ((SSL_ERROR_MESSAGE *) message)->title = N_( "Security error" ); |
| 154 | + ((SSL_ERROR_MESSAGE *) message)->text = N_( "SSL Connect failed" ); | ||
| 170 | lib3270_disconnect(hSession); | 155 | lib3270_disconnect(hSession); |
| 171 | return -1; | 156 | return -1; |
| 172 | 157 | ||
| @@ -191,9 +176,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -191,9 +176,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 191 | debug("%s","The CRL of a certificate could not be found." ); | 176 | debug("%s","The CRL of a certificate could not be found." ); |
| 192 | trace_dsn(hSession,"%s","The CRL of a certificate could not be found.\n" ); | 177 | trace_dsn(hSession,"%s","The CRL of a certificate could not be found.\n" ); |
| 193 | 178 | ||
| 194 | - ((struct ssl_error_message *) message)->title = _( "SSL error" ); | ||
| 195 | - ((struct ssl_error_message *) message)->text = _( "Unable to get certificate CRL." ); | ||
| 196 | - ((struct ssl_error_message *) message)->description = _( "The Certificate revocation list (CRL) of a certificate could not be found." ); | 179 | + ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
| 180 | + ((SSL_ERROR_MESSAGE *) message)->text = _( "Unable to get certificate CRL." ); | ||
| 181 | + ((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) of a certificate could not be found." ); | ||
| 197 | 182 | ||
| 198 | return -1; | 183 | return -1; |
| 199 | 184 | ||
| @@ -207,9 +192,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -207,9 +192,9 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 207 | #ifdef SSL_ALLOW_SELF_SIGNED_CERT | 192 | #ifdef SSL_ALLOW_SELF_SIGNED_CERT |
| 208 | break; | 193 | break; |
| 209 | #else | 194 | #else |
| 210 | - ((struct ssl_error_message *) message)->title = _( "SSL error" ); | ||
| 211 | - ((struct ssl_error_message *) message)->text = _( "The SSL certificate for this host is not trusted." ); | ||
| 212 | - ((struct ssl_error_message *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); | 195 | + ((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" ); |
| 196 | + ((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." ); | ||
| 197 | + ((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." ); | ||
| 213 | return -1; | 198 | return -1; |
| 214 | #endif // SSL_ALLOW_SELF_SIGNED_CERT | 199 | #endif // SSL_ALLOW_SELF_SIGNED_CERT |
| 215 | 200 | ||
| @@ -273,7 +258,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | @@ -273,7 +258,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) | ||
| 273 | int ssl_negotiate(H3270 *hSession) | 258 | int ssl_negotiate(H3270 *hSession) |
| 274 | { | 259 | { |
| 275 | int rc; | 260 | int rc; |
| 276 | - struct ssl_error_message msg; | 261 | + SSL_ERROR_MESSAGE msg; |
| 277 | 262 | ||
| 278 | memset(&msg,0,sizeof(msg)); | 263 | memset(&msg,0,sizeof(msg)); |
| 279 | 264 | ||
| @@ -301,7 +286,7 @@ int ssl_negotiate(H3270 *hSession) | @@ -301,7 +286,7 @@ int ssl_negotiate(H3270 *hSession) | ||
| 301 | int ssl_init(H3270 *hSession) { | 286 | int ssl_init(H3270 *hSession) { |
| 302 | 287 | ||
| 303 | int rc; | 288 | int rc; |
| 304 | - struct ssl_error_message msg; | 289 | + SSL_ERROR_MESSAGE msg; |
| 305 | 290 | ||
| 306 | memset(&msg,0,sizeof(msg)); | 291 | memset(&msg,0,sizeof(msg)); |
| 307 | 292 |