diff --git a/lib3270.cbp b/lib3270.cbp
index 8c77087..6ab695d 100644
--- a/lib3270.cbp
+++ b/lib3270.cbp
@@ -310,6 +310,9 @@
+
+
+
diff --git a/src/core/connect.c b/src/core/connect.c
index 26207c3..dd61d33 100644
--- a/src/core/connect.c
+++ b/src/core/connect.c
@@ -54,23 +54,6 @@
}
-
-#if defined(HAVE_LIBSSL)
-
- static int background_ssl_init(H3270 *hSession, void *ssl_error)
- {
- if(ssl_ctx_init(hSession, (SSL_ERROR_MESSAGE *) ssl_error))
- return -1;
-
-#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
- lib3270_crl_free_if_expired(hSession);
-#endif // defined(SSL_ENABLE_CRL_CHECK)
-
- return 0;
- }
-
-#endif // HAVE_LIBSSL
-
/*
void connection_failed(H3270 *hSession, const char *message)
{
@@ -141,28 +124,13 @@
return errno == 0 ? -1 : errno;
}
-#if defined(HAVE_LIBSSL)
- debug("%s: TLS/SSL is %s",__FUNCTION__,hSession->ssl.enabled ? "ENABLED" : "DISABLED")
- trace_dsn(hSession,"TLS/SSL is %s\n", hSession->ssl.enabled ? "enabled" : "disabled" );
-
- if(hSession->ssl.enabled)
- {
- SSL_ERROR_MESSAGE ssl_error;
- memset(&ssl_error,0,sizeof(ssl_error));
+// debug("%s: TLS/SSL is %s",__FUNCTION__,hSession->ssl.enabled ? "ENABLED" : "DISABLED")
+// trace_dsn(hSession,"TLS/SSL is %s\n", hSession->ssl.enabled ? "enabled" : "disabled" );
- set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);
- int rc = lib3270_run_task(hSession, background_ssl_init, &ssl_error);
-
- if(rc && popup_ssl_error(hSession, rc, &ssl_error))
- return errno = rc;
-
- set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
- hSession->ssl.host = 0;
- }
-#endif // HAVE_LIBSSL
+ set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
+ // hSession->ssl.host = 0;
snprintf(hSession->full_model_name,LIB3270_FULL_MODEL_NAME_LENGTH,"IBM-327%c-%d",hSession->m3279 ? '9' : '8', hSession->model_num);
-
lib3270_write_event_trace(hSession,"Reconnecting to %s\n",lib3270_get_url(hSession));
hSession->ever_3270 = False;
@@ -175,32 +143,34 @@
{
int rc = 0;
- if(hSession->network.module->start_tls,required)
- {
- LIB3270_NETWORK_STATE state;
- memset(&state,0,sizeof(state));
+ hSession->ssl.required = (required ? 1 : 0);
- non_blocking(hSession,False);
+ LIB3270_NETWORK_STATE state;
+ memset(&state,0,sizeof(state));
- rc = lib3270_run_task(
- hSession,
- (int(*)(H3270 *h, void *)) hSession->network.module->start_tls,
- &state
- );
+ non_blocking(hSession,False);
- if(state.popup) {
- if(lib3270_popup(hSession,state.popup,1)) {
- lib3270_disconnect(hSession);
- return rc;
- }
+ rc = lib3270_run_task(
+ hSession,
+ (int(*)(H3270 *h, void *)) hSession->network.module->start_tls,
+ &state
+ );
- // User has selected "continue", ignore error.
- return 0;
- }
+ if(required && rc) {
+
+ // SSL is required and TLS/SSL has failed, abort.
+
+ lib3270_popup(hSession,state.popup,0);
+ lib3270_disconnect(hSession);
+ return rc;
}
- return rc;
+ // Not required or success
+
+ non_blocking(hSession,True);
+
+ return 0;
}
diff --git a/src/core/telnet.c b/src/core/telnet.c
index be37c3c..6d29640 100644
--- a/src/core/telnet.c
+++ b/src/core/telnet.c
@@ -707,13 +707,13 @@ void net_input(H3270 *hSession, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNUSED
}
else if (nr == 0)
{
- /* Host disconnected. */
+ // Host disconnected.
trace_dsn(hSession,"RCVD disconnect\n");
host_disconnect(hSession,False);
return;
}
- /* Process the data. */
+ // Process the data.
if (HALF_CONNECTED)
{
if (non_blocking(hSession,False) < 0)
diff --git a/src/include/internals.h b/src/include/internals.h
index 5414361..958e3ac 100644
--- a/src/include/internals.h
+++ b/src/include/internals.h
@@ -666,34 +666,6 @@ struct _h3270
void * except;
} xio;
-#ifdef HAVE_LIBSSL
- /// @brief SSL Data.
- struct
- {
- char enabled;
- char host;
- LIB3270_SSL_STATE state;
- unsigned long error;
-
- struct
- {
- int min_version; ///< @brief The minimum supported protocol version.
- int max_version; ///< @brief The maximum supported protocol version.
- } protocol;
-
-#ifdef SSL_ENABLE_CRL_CHECK
- struct
- {
- char download; ///< @brief Non zero to download CRL.
- char * prefer; ///< @brief Prefered protocol for CRL.
- char * url; ///< @brief URL for CRL download.
- X509_CRL * cert; ///< @brief Loaded CRL (can be null).
- } crl;
-#endif // SSL_ENABLE_CRL_CHECK
- SSL * con;
- } ssl;
-#endif // HAVE_LIBSSL
-
struct lib3270_linked_list_head timeouts;
struct
@@ -709,6 +681,13 @@ struct _h3270
void *userdata;
} trace;
+ struct
+ {
+ int error; ///< @brief OpenSSL error.
+ unsigned char required; ///< @brief Non zero if SSL is required.
+ LIB3270_SSL_STATE state;
+ } ssl;
+
/// @brief Event Listeners.
struct
{
@@ -795,6 +774,9 @@ LIB3270_INTERNAL int check_offline_session(const H3270 *hSession);
LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
+LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
+
+/*
#if defined(HAVE_LIBSSL)
typedef struct ssl_status_msg
@@ -820,44 +802,25 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message);
LIB3270_INTERNAL int ssl_init(H3270 *session);
LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession);
- LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
LIB3270_INTERNAL const struct ssl_status_msg * ssl_get_status_from_error_code(long id);
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
- #define INFO_CONST const
- #else
- #define INFO_CONST
- #endif
LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
- /**
- * @brief Global SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections.
- *
- */
+ // @brief Global SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections.
LIB3270_INTERNAL SSL_CTX * ssl_ctx;
- /**
- * @brief Index of h3270 handle in SSL session.
- *
- */
- LIB3270_INTERNAL int ssl_3270_ex_index;
- /**
- * @brief Emit popup on ssl error.
- *
- */
+
+ /// @brief Emit popup on ssl error.
LIB3270_INTERNAL int popup_ssl_error(H3270 *session, int rc, const SSL_ERROR_MESSAGE *message);
- /**
- * @brief Emits SSL popup.
- *
- *
- */
+ /// @brief Emits SSL popup.
LIB3270_INTERNAL void ssl_popup_message(H3270 *hSession, const SSL_ERROR_MESSAGE *msg);
#endif
+*/
/// @brief Clear element at adress.
LIB3270_INTERNAL void clear_chr(H3270 *hSession, int baddr);
diff --git a/src/include/networking.h b/src/include/networking.h
index 3bc2b68..f1f83e3 100644
--- a/src/include/networking.h
+++ b/src/include/networking.h
@@ -76,7 +76,7 @@
///
int (*disconnect)(H3270 *hSession);
- int (*start_tls)(H3270 *hSession, LIB3270_NETWORK_STATE *msg, unsigned char required);
+ int (*start_tls)(H3270 *hSession, LIB3270_NETWORK_STATE *msg);
/// @brief Send on network context.
///
@@ -104,7 +104,7 @@
/// @brief Check if the session is online.
///
/// @retval 0 The session is offline.
- int (*is_connected)(H3270 *hSession);
+ int (*is_connected)(const H3270 *hSession);
/// @brief get socket name.
///
@@ -136,5 +136,8 @@
*/
LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state);
+
+ LIB3270_INTERNAL void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
+
#endif // LIB3270_NETWORKING_H_INCLUDED
diff --git a/src/network_modules/openssl.c b/src/network_modules/openssl.c
new file mode 100644
index 0000000..141054f
--- /dev/null
+++ b/src/network_modules/openssl.c
@@ -0,0 +1,213 @@
+/*
+ * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
+ * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
+ * aplicativos mainframe. Registro no INPI sob o nome G3270.
+ *
+ * Copyright (C) <2008>
+ *
+ * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
+ * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela
+ * Free Software Foundation.
+ *
+ * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
+ * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
+ * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
+ * obter mais detalhes.
+ *
+ * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
+ * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
+ * St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Este programa está nomeado como openssl.c e possui - linhas de código.
+ *
+ * Contatos:
+ *
+ * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
+ * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça)
+ *
+ */
+
+ /**
+ * @brief OpenSSL based networking methods.
+ *
+ */
+
+ #include "private.h"
+
+ #include
+ #include
+ #include
+ #include
+ #include
+
+ struct _lib3270_net_context {
+
+ int sock; ///< @brief Session socket.
+
+ SSL * con; ///< @brief SSL Connection handle.
+
+ struct {
+ char download; ///< @brief Non zero to download CRL.
+ char * prefer; ///< @brief Prefered protocol for CRL.
+ char * url; ///< @brief URL for CRL download.
+ X509_CRL * cert; ///< @brief Loaded CRL (can be null).
+ } crl;
+
+ };
+
+static void crl_free(LIB3270_NET_CONTEXT *context) {
+ if(context->crl.cert) {
+ X509_CRL_free(context->crl.cert);
+ context->crl.cert = NULL;
+ }
+}
+
+static void openssl_network_finalize(H3270 *hSession) {
+
+ debug("%s",__FUNCTION__);
+
+
+ if(hSession->network.context) {
+
+ // Cleanupp
+ LIB3270_NET_CONTEXT *context = hSession->network.context;
+
+ crl_free(context);
+
+ // Release network context.
+ lib3270_free(hSession->network.context);
+ hSession->network.context = NULL;
+ }
+
+}
+
+static int openssl_network_disconnect(H3270 *hSession) {
+
+
+}
+
+ssize_t openssl_network_send(H3270 *hSession, const void *buffer, size_t length) {
+
+}
+
+static ssize_t openssl_network_recv(H3270 *hSession, void *buf, size_t len) {
+
+}
+
+static int openssl_network_getsockname(const H3270 *hSession, struct sockaddr *addr, socklen_t *addrlen) {
+
+}
+
+static void * openssl_network_add_poll(H3270 *hSession, LIB3270_IO_FLAG flag, void(*call)(H3270 *, int, LIB3270_IO_FLAG, void *), void *userdata) {
+
+}
+
+static int openssl_network_non_blocking(H3270 *hSession, const unsigned char on) {
+
+}
+
+static int openssl_network_is_connected(H3270 *hSession) {
+
+}
+
+static int openssl_network_setsockopt(H3270 *hSession, int level, int optname, const void *optval, size_t optlen) {
+
+}
+
+static int openssl_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) {
+}
+
+static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
+
+ set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
+
+ SSL_CTX * ctx_context = (SSL_CTX *) lib3270_get_openssl_context(state,state);
+ if(!ctx_context)
+ return -1;
+
+ //
+ // Prepare for connection
+ //
+ LIB3270_NET_CONTEXT *context = hSession->network.context;
+
+ if(context->crl.cert) {
+
+ // Release CRL if expired.
+ // https://stackoverflow.com/questions/23407376/testing-x509-certificate-expiry-date-with-c
+ // X509_CRL_get_nextUpdate is deprecated in openssl 1.1.0
+
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ const ASN1_TIME * next_update = X509_CRL_get_nextUpdate(context->crl.cert);
+ #else
+ const ASN1_TIME * next_update = X509_CRL_get0_nextUpdate(context->crl.cert);
+ #endif
+
+ if(X509_cmp_current_time(next_update) == 1)
+ {
+ int day, sec;
+ if(ASN1_TIME_diff(&day, &sec, NULL, next_update))
+ {
+ trace_ssl(hSession,"CRL is valid for %d day(s) and %d second(s)\n",day,sec);
+ }
+ else
+ {
+ trace_ssl(hSession,"Can't get CRL next update, discarding it\n");
+ crl_free(context);
+ }
+
+ }
+ else
+ {
+ trace_ssl(hSession,"CRL is no longer valid\n");
+ crl_free(context);
+ }
+
+ }
+
+ //
+ // Connect to host.
+ //
+ context->sock = lib3270_network_connect(hSession, state);
+
+ return (context->sock < 0 ? -1 : 0);
+
+}
+
+static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) {
+
+ LIB3270_NET_CONTEXT * context = hSession->network.context;
+
+
+}
+
+void lib3270_set_openssl_network_module(H3270 *hSession) {
+
+ static const LIB3270_NET_MODULE module = {
+ .finalize = openssl_network_finalize,
+ .connect = openssl_network_connect,
+ .disconnect = openssl_network_disconnect,
+ .start_tls = openssl_network_start_tls,
+ .send = openssl_network_send,
+ .recv = openssl_network_recv,
+ .add_poll = openssl_network_add_poll,
+ .non_blocking = openssl_network_non_blocking,
+ .is_connected = openssl_network_is_connected,
+ .getsockname = openssl_network_getsockname,
+ .setsockopt = openssl_network_setsockopt,
+ .getsockopt = openssl_network_getsockopt
+ };
+
+ debug("%s",__FUNCTION__);
+
+ if(hSession->network.context) {
+ // Has context, finalize it.
+ hSession->network.module->finalize(hSession);
+ }
+
+ hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT));
+ memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT));
+
+
+
+ hSession->network.module = &module;
+}
diff --git a/src/network_modules/unsecure.c b/src/network_modules/unsecure.c
index f764a82..274e551 100644
--- a/src/network_modules/unsecure.c
+++ b/src/network_modules/unsecure.c
@@ -18,7 +18,7 @@
* programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
* St, Fifth Floor, Boston, MA 02110-1301 USA
*
- * Este programa está nomeado como networking.h e possui - linhas de código.
+ * Este programa está nomeado como unsecure.c e possui - linhas de código.
*
* Contatos:
*
@@ -213,7 +213,7 @@ static int unsecure_network_non_blocking(H3270 *hSession, const unsigned char on
return 0;
}
-static int unsecure_network_is_connected(H3270 *hSession) {
+static int unsecure_network_is_connected(const H3270 *hSession) {
return hSession->network.context->sock > 0;
}
@@ -247,9 +247,9 @@ static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *stat
return 0;
}
-static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg, unsigned char required) {
+static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) {
- if(required) {
+ if(hSession->ssl.required) {
// TODO: Replace network module with the openssl version, initialize and execute start_tls on it.
diff --git a/src/ssl/crl.h b/src/ssl/crl.h
index 3d03dea..3e097ec 100644
--- a/src/ssl/crl.h
+++ b/src/ssl/crl.h
@@ -66,9 +66,6 @@
/// @brief Unconditional release of the session CRL.
LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession);
- /// @brief Release CRL if expired.
- LIB3270_INTERNAL void lib3270_crl_free_if_expired(H3270 *hSession);
-
/// @brief Load CRL from URL.
LIB3270_INTERNAL int lib3270_crl_new_from_url(H3270 *hSession, void *ssl_error, const char *url);
diff --git a/src/ssl/linux/init.c b/src/ssl/linux/init.c
index abc481d..0f6e5c2 100644
--- a/src/ssl/linux/init.c
+++ b/src/ssl/linux/init.c
@@ -35,13 +35,10 @@
/**
* @brief OpenSSL initialization for linux.
- *
*/
#include
-#if defined(HAVE_LIBSSL)
-
#include
#include
#include
@@ -51,63 +48,138 @@
#endif // !SSL_ST_OK
#include
-#include
-#include
-#include
-#include
+#include
#include
-#include "trace_dsc.h"
#ifdef SSL_ENABLE_CRL_CHECK
- #include
#endif // SSL_ENABLE_CRL_CHECK
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ #define INFO_CONST const
+#else
+ #define INFO_CONST
+#endif
+
/*--[ Implement ]------------------------------------------------------------------------------------*/
-/**
- * @brief Initialize openssl library.
- *
- * @return 0 if ok, non zero if fails.
- *
- */
-int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
+// @brief Index of h3270 handle in SSL session.
+static int ssl_3270_ex_index;
+
+/// @brief Callback for tracing protocol negotiation.
+static void info_callback(INFO_CONST SSL *s, int where, int ret)
{
- debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx);
+ H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index);
- if(ssl_ctx)
- return 0;
+ switch(where)
+ {
+ case SSL_CB_CONNECT_LOOP:
+ trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
+ break;
+
+ case SSL_CB_CONNECT_EXIT:
+
+ trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
+
+ if (ret == 0)
+ {
+ trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));
+ }
+ else if (ret < 0)
+ {
+ unsigned long e = ERR_get_error();
+ char err_buf[1024];
+
+ if(e != 0)
+ {
+ hSession->ssl.error = e;
+ (void) ERR_error_string_n(e, err_buf, 1023);
+ }
+#if defined(_WIN32)
+ else if (GetLastError() != 0)
+ {
+ strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
+ }
+#else
+ else if (errno != 0)
+ {
+ strncpy(err_buf, strerror(errno),1023);
+ }
+#endif
+ else
+ {
+ err_buf[0] = '\0';
+ }
+
+ trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
+ ret,
+ err_buf,
+ SSL_state_string_long(s),
+ SSL_alert_type_string_long(ret)
+ );
+
+ }
+ break;
+
+ default:
+ trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));
+ }
+
+#ifdef DEBUG
+ if(where & SSL_CB_EXIT)
+ {
+ trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
+ }
+#endif
+
+ if(where & SSL_CB_ALERT)
+ trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));
+
+ if(where & SSL_CB_HANDSHAKE_DONE)
+ {
+ trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
+ if(SSL_get_state(s) == SSL_ST_OK)
+ set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
+ else
+ set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
+ }
+}
+
+void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
+
+ static SSL_CTX * context = NULL;
+
+ if(context)
+ return context;
trace_ssl(hSession,"Initializing SSL context.\n");
SSL_load_error_strings();
SSL_library_init();
- ssl_ctx = SSL_CTX_new(SSLv23_method());
- if(ssl_ctx == NULL)
+ context = SSL_CTX_new(SSLv23_method());
+ if(context == NULL)
{
static const LIB3270_POPUP popup = {
- .name = "SSL-CTXERROR",
.type = LIB3270_NOTIFY_SECURE,
- .summary = N_( "Cant initialize the SSL context." )
+ .summary = N_( "Can't initialize the SSL context." )
};
- message->code = hSession->ssl.error = ERR_get_error();
- message->popup = &popup;
+// message->code = hSession->ssl.error = ERR_get_error();
+ state->popup = &popup;
return -1;
}
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
- SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
+ SSL_CTX_set_options(context, SSL_OP_ALL);
+ SSL_CTX_set_info_callback(context, info_callback);
- SSL_CTX_set_default_verify_paths(ssl_ctx);
+ SSL_CTX_set_default_verify_paths(context);
ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
-
#ifdef SSL_ENABLE_CRL_CHECK
// Enable CRL check
- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
+ X509_STORE *store = SSL_CTX_get_cert_store(context);
X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
X509_STORE_set1_param(store, param);
@@ -117,8 +189,6 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
#endif // SSL_ENABLE_CRL_CHECK
- return 0;
+ return context;
}
-
-#endif // HAVE_LIBSSL
diff --git a/src/ssl/negotiate.c b/src/ssl/negotiate.c
index c92c55d..929a372 100644
--- a/src/ssl/negotiate.c
+++ b/src/ssl/negotiate.c
@@ -535,85 +535,5 @@ int ssl_init(H3270 *hSession) {
}
-
-/* Callback for tracing protocol negotiation. */
-void ssl_info_callback(INFO_CONST SSL *s, int where, int ret)
-{
- H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index);
-
- switch(where)
- {
- case SSL_CB_CONNECT_LOOP:
- trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
- break;
-
- case SSL_CB_CONNECT_EXIT:
-
- trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
-
- if (ret == 0)
- {
- trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));
- }
- else if (ret < 0)
- {
- unsigned long e = ERR_get_error();
- char err_buf[1024];
-
- if(e != 0)
- {
- hSession->ssl.error = e;
- (void) ERR_error_string_n(e, err_buf, 1023);
- }
-#if defined(_WIN32)
- else if (GetLastError() != 0)
- {
- strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
- }
-#else
- else if (errno != 0)
- {
- strncpy(err_buf, strerror(errno),1023);
- }
-#endif
- else
- {
- err_buf[0] = '\0';
- }
-
- trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
- ret,
- err_buf,
- SSL_state_string_long(s),
- SSL_alert_type_string_long(ret)
- );
-
- }
- break;
-
- default:
- trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));
- }
-
-#ifdef DEBUG
- if(where & SSL_CB_EXIT)
- {
- trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
- }
-#endif
-
- if(where & SSL_CB_ALERT)
- trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));
-
- if(where & SSL_CB_HANDSHAKE_DONE)
- {
- trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
- if(SSL_get_state(s) == SSL_ST_OK)
- set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
- else
- set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
- }
-}
-
#endif /*]*/
diff --git a/src/ssl/state.c b/src/ssl/state.c
index dcdf252..db36166 100644
--- a/src/ssl/state.c
+++ b/src/ssl/state.c
@@ -70,7 +70,6 @@ LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_ssl_state(const H3270 *hSession)
#endif // HAVE_LIBSSL
}
-#if defined(HAVE_LIBSSL)
void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
{
if(state == hSession->ssl.state)
@@ -83,6 +82,9 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
hSession->cbk.update_ssl(hSession,hSession->ssl.state);
}
+
+#if defined(HAVE_LIBSSL)
+
static const struct ssl_status_msg status_msg[] =
{
// http://www.openssl.org/docs/apps/verify.html
--
libgit2 0.21.2