Download as
Browse Code »

Commit 889dfbb24a4dfb839bb3d1d3392fcc0007a426e6

Authored by Perry Werneck
1 parent 7a87d265
Exists in master and in 3 other branches develop, macos, network_module

Implementing openssl network module.

Showing 11 changed files with 373 additions and 232 deletions   Show diff stats
@@ -310,6 +310,9 @@ @@ -310,6 +310,9 @@
310 <Unit filename="src/network_modules/linux/connect.c"> 310 <Unit filename="src/network_modules/linux/connect.c">
311 <Option compilerVar="CC" /> 311 <Option compilerVar="CC" />
312 </Unit> 312 </Unit>
  313 + <Unit filename="src/network_modules/openssl.c">
  314 + <Option compilerVar="CC" />
  315 + </Unit>
313 <Unit filename="src/network_modules/private.h" /> 316 <Unit filename="src/network_modules/private.h" />
314 <Unit filename="src/network_modules/unsecure.c"> 317 <Unit filename="src/network_modules/unsecure.c">
315 <Option compilerVar="CC" /> 318 <Option compilerVar="CC" />
src/core/connect.c
  Diff comments   View file @889dfbb
@@ -54,23 +54,6 @@ @@ -54,23 +54,6 @@
54 54
55 } 55 }
56 56
57 -  
58 -#if defined(HAVE_LIBSSL)  
59 -  
60 - static int background_ssl_init(H3270 *hSession, void *ssl_error)  
61 - {  
62 - if(ssl_ctx_init(hSession, (SSL_ERROR_MESSAGE *) ssl_error))  
63 - return -1;  
64 -  
65 -#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)  
66 - lib3270_crl_free_if_expired(hSession);  
67 -#endif // defined(SSL_ENABLE_CRL_CHECK)  
68 -  
69 - return 0;  
70 - }  
71 -  
72 -#endif // HAVE_LIBSSL  
73 -  
74 /* 57 /*
75 void connection_failed(H3270 *hSession, const char *message) 58 void connection_failed(H3270 *hSession, const char *message)
76 { 59 {
@@ -141,28 +124,13 @@ @@ -141,28 +124,13 @@
141 return errno == 0 ? -1 : errno; 124 return errno == 0 ? -1 : errno;
142 } 125 }
143 126
144 -#if defined(HAVE_LIBSSL)  
145 - debug("%s: TLS/SSL is %s",__FUNCTION__,hSession->ssl.enabled ? "ENABLED" : "DISABLED")  
146 - trace_dsn(hSession,"TLS/SSL is %s\n", hSession->ssl.enabled ? "enabled" : "disabled" );  
147 -  
148 - if(hSession->ssl.enabled)  
149 - {  
150 - SSL_ERROR_MESSAGE ssl_error;  
151 - memset(&ssl_error,0,sizeof(ssl_error)); 127 +// debug("%s: TLS/SSL is %s",__FUNCTION__,hSession->ssl.enabled ? "ENABLED" : "DISABLED")
  128 +// trace_dsn(hSession,"TLS/SSL is %s\n", hSession->ssl.enabled ? "enabled" : "disabled" );
152 129
153 - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);  
154 - int rc = lib3270_run_task(hSession, background_ssl_init, &ssl_error);  
155 -  
156 - if(rc && popup_ssl_error(hSession, rc, &ssl_error))  
157 - return errno = rc;  
158 -  
159 - set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);  
160 - hSession->ssl.host = 0;  
161 - }  
162 -#endif // HAVE_LIBSSL 130 + set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
  131 + // hSession->ssl.host = 0;
163 132
164 snprintf(hSession->full_model_name,LIB3270_FULL_MODEL_NAME_LENGTH,"IBM-327%c-%d",hSession->m3279 ? '9' : '8', hSession->model_num); 133 snprintf(hSession->full_model_name,LIB3270_FULL_MODEL_NAME_LENGTH,"IBM-327%c-%d",hSession->m3279 ? '9' : '8', hSession->model_num);
165 -  
166 lib3270_write_event_trace(hSession,"Reconnecting to %s\n",lib3270_get_url(hSession)); 134 lib3270_write_event_trace(hSession,"Reconnecting to %s\n",lib3270_get_url(hSession));
167 135
168 hSession->ever_3270 = False; 136 hSession->ever_3270 = False;
@@ -175,32 +143,34 @@ @@ -175,32 +143,34 @@
175 { 143 {
176 int rc = 0; 144 int rc = 0;
177 145
178 - if(hSession->network.module->start_tls,required)  
179 - {  
180 - LIB3270_NETWORK_STATE state;  
181 - memset(&state,0,sizeof(state)); 146 + hSession->ssl.required = (required ? 1 : 0);
182 147
183 - non_blocking(hSession,False); 148 + LIB3270_NETWORK_STATE state;
  149 + memset(&state,0,sizeof(state));
184 150
185 - rc = lib3270_run_task(  
186 - hSession,  
187 - (int(*)(H3270 *h, void *)) hSession->network.module->start_tls,  
188 - &state  
189 - ); 151 + non_blocking(hSession,False);
190 152
191 - if(state.popup) {  
192 - if(lib3270_popup(hSession,state.popup,1)) {  
193 - lib3270_disconnect(hSession);  
194 - return rc;  
195 - } 153 + rc = lib3270_run_task(
  154 + hSession,
  155 + (int(*)(H3270 *h, void *)) hSession->network.module->start_tls,
  156 + &state
  157 + );
196 158
197 - // User has selected "continue", ignore error.  
198 - return 0;  
199 - } 159 + if(required && rc) {
  160 +
  161 + // SSL is required and TLS/SSL has failed, abort.
  162 +
  163 + lib3270_popup(hSession,state.popup,0);
  164 + lib3270_disconnect(hSession);
  165 + return rc;
200 166
201 } 167 }
202 168
203 - return rc; 169 + // Not required or success
  170 +
  171 + non_blocking(hSession,True);
  172 +
  173 + return 0;
204 } 174 }
205 175
206 176
src/core/telnet.c
  Diff comments   View file @889dfbb
@@ -707,13 +707,13 @@ void net_input(H3270 *hSession, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNUSED @@ -707,13 +707,13 @@ void net_input(H3270 *hSession, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNUSED
707 } 707 }
708 else if (nr == 0) 708 else if (nr == 0)
709 { 709 {
710 - /* Host disconnected. */ 710 + // Host disconnected.
711 trace_dsn(hSession,"RCVD disconnect\n"); 711 trace_dsn(hSession,"RCVD disconnect\n");
712 host_disconnect(hSession,False); 712 host_disconnect(hSession,False);
713 return; 713 return;
714 } 714 }
715 715
716 - /* Process the data. */ 716 + // Process the data.
717 if (HALF_CONNECTED) 717 if (HALF_CONNECTED)
718 { 718 {
719 if (non_blocking(hSession,False) < 0) 719 if (non_blocking(hSession,False) < 0)
src/include/internals.h
  Diff comments   View file @889dfbb
@@ -666,34 +666,6 @@ struct _h3270 @@ -666,34 +666,6 @@ struct _h3270
666 void * except; 666 void * except;
667 } xio; 667 } xio;
668 668
669 -#ifdef HAVE_LIBSSL  
670 - /// @brief SSL Data.  
671 - struct  
672 - {  
673 - char enabled;  
674 - char host;  
675 - LIB3270_SSL_STATE state;  
676 - unsigned long error;  
677 -  
678 - struct  
679 - {  
680 - int min_version; ///< @brief The minimum supported protocol version.  
681 - int max_version; ///< @brief The maximum supported protocol version.  
682 - } protocol;  
683 -  
684 -#ifdef SSL_ENABLE_CRL_CHECK  
685 - struct  
686 - {  
687 - char download; ///< @brief Non zero to download CRL.  
688 - char * prefer; ///< @brief Prefered protocol for CRL.  
689 - char * url; ///< @brief URL for CRL download.  
690 - X509_CRL * cert; ///< @brief Loaded CRL (can be null).  
691 - } crl;  
692 -#endif // SSL_ENABLE_CRL_CHECK  
693 - SSL * con;  
694 - } ssl;  
695 -#endif // HAVE_LIBSSL  
696 -  
697 struct lib3270_linked_list_head timeouts; 669 struct lib3270_linked_list_head timeouts;
698 670
699 struct 671 struct
@@ -709,6 +681,13 @@ struct _h3270 @@ -709,6 +681,13 @@ struct _h3270
709 void *userdata; 681 void *userdata;
710 } trace; 682 } trace;
711 683
  684 + struct
  685 + {
  686 + int error; ///< @brief OpenSSL error.
  687 + unsigned char required; ///< @brief Non zero if SSL is required.
  688 + LIB3270_SSL_STATE state;
  689 + } ssl;
  690 +
712 /// @brief Event Listeners. 691 /// @brief Event Listeners.
713 struct 692 struct
714 { 693 {
@@ -795,6 +774,9 @@ LIB3270_INTERNAL int check_offline_session(const H3270 *hSession); @@ -795,6 +774,9 @@ LIB3270_INTERNAL int check_offline_session(const H3270 *hSession);
795 774
796 LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); 775 LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
797 776
  777 +LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);
  778 +
  779 +/*
798 #if defined(HAVE_LIBSSL) 780 #if defined(HAVE_LIBSSL)
799 781
800 typedef struct ssl_status_msg 782 typedef struct ssl_status_msg
@@ -820,44 +802,25 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); @@ -820,44 +802,25 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on);
820 LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message); 802 LIB3270_INTERNAL int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message);
821 LIB3270_INTERNAL int ssl_init(H3270 *session); 803 LIB3270_INTERNAL int ssl_init(H3270 *session);
822 LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession); 804 LIB3270_INTERNAL int ssl_negotiate(H3270 *hSession);
823 - LIB3270_INTERNAL void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state);  
824 LIB3270_INTERNAL const struct ssl_status_msg * ssl_get_status_from_error_code(long id); 805 LIB3270_INTERNAL const struct ssl_status_msg * ssl_get_status_from_error_code(long id);
825 806
826 807
827 - #if OPENSSL_VERSION_NUMBER >= 0x00907000L  
828 - #define INFO_CONST const  
829 - #else  
830 - #define INFO_CONST  
831 - #endif  
832 808
833 LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret); 809 LIB3270_INTERNAL void ssl_info_callback(INFO_CONST SSL *s, int where, int ret);
834 810
835 - /**  
836 - * @brief Global SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections.  
837 - *  
838 - */ 811 + // @brief Global SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections.
839 LIB3270_INTERNAL SSL_CTX * ssl_ctx; 812 LIB3270_INTERNAL SSL_CTX * ssl_ctx;
840 813
841 - /**  
842 - * @brief Index of h3270 handle in SSL session.  
843 - *  
844 - */  
845 - LIB3270_INTERNAL int ssl_3270_ex_index;  
846 814
847 - /**  
848 - * @brief Emit popup on ssl error.  
849 - *  
850 - */ 815 +
  816 + /// @brief Emit popup on ssl error.
851 LIB3270_INTERNAL int popup_ssl_error(H3270 *session, int rc, const SSL_ERROR_MESSAGE *message); 817 LIB3270_INTERNAL int popup_ssl_error(H3270 *session, int rc, const SSL_ERROR_MESSAGE *message);
852 818
853 - /**  
854 - * @brief Emits SSL popup.  
855 - *  
856 - *  
857 - */ 819 + /// @brief Emits SSL popup.
858 LIB3270_INTERNAL void ssl_popup_message(H3270 *hSession, const SSL_ERROR_MESSAGE *msg); 820 LIB3270_INTERNAL void ssl_popup_message(H3270 *hSession, const SSL_ERROR_MESSAGE *msg);
859 821
860 #endif 822 #endif
  823 +*/
861 824
862 /// @brief Clear element at adress. 825 /// @brief Clear element at adress.
863 LIB3270_INTERNAL void clear_chr(H3270 *hSession, int baddr); 826 LIB3270_INTERNAL void clear_chr(H3270 *hSession, int baddr);
src/include/networking.h
  Diff comments   View file @889dfbb
@@ -76,7 +76,7 @@ @@ -76,7 +76,7 @@
76 /// 76 ///
77 int (*disconnect)(H3270 *hSession); 77 int (*disconnect)(H3270 *hSession);
78 78
79 - int (*start_tls)(H3270 *hSession, LIB3270_NETWORK_STATE *msg, unsigned char required); 79 + int (*start_tls)(H3270 *hSession, LIB3270_NETWORK_STATE *msg);
80 80
81 /// @brief Send on network context. 81 /// @brief Send on network context.
82 /// 82 ///
@@ -104,7 +104,7 @@ @@ -104,7 +104,7 @@
104 /// @brief Check if the session is online. 104 /// @brief Check if the session is online.
105 /// 105 ///
106 /// @retval 0 The session is offline. 106 /// @retval 0 The session is offline.
107 - int (*is_connected)(H3270 *hSession); 107 + int (*is_connected)(const H3270 *hSession);
108 108
109 /// @brief get socket name. 109 /// @brief get socket name.
110 /// 110 ///
@@ -136,5 +136,8 @@ @@ -136,5 +136,8 @@
136 */ 136 */
137 LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state); 137 LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state);
138 138
  139 +
  140 + LIB3270_INTERNAL void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
  141 +
139 #endif // LIB3270_NETWORKING_H_INCLUDED 142 #endif // LIB3270_NETWORKING_H_INCLUDED
140 143
src/network_modules/openssl.c 0 → 100644
  Diff comments   View file @889dfbb
@@ -0,0 +1,213 @@ @@ -0,0 +1,213 @@
  1 +/*
  2 + * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como openssl.c e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça)
  27 + *
  28 + */
  29 +
  30 + /**
  31 + * @brief OpenSSL based networking methods.
  32 + *
  33 + */
  34 +
  35 + #include "private.h"
  36 +
  37 + #include <sys/types.h>
  38 + #include <sys/socket.h>
  39 + #include <netdb.h>
  40 + #include <openssl/ssl.h>
  41 + #include <openssl/x509.h>
  42 +
  43 + struct _lib3270_net_context {
  44 +
  45 + int sock; ///< @brief Session socket.
  46 +
  47 + SSL * con; ///< @brief SSL Connection handle.
  48 +
  49 + struct {
  50 + char download; ///< @brief Non zero to download CRL.
  51 + char * prefer; ///< @brief Prefered protocol for CRL.
  52 + char * url; ///< @brief URL for CRL download.
  53 + X509_CRL * cert; ///< @brief Loaded CRL (can be null).
  54 + } crl;
  55 +
  56 + };
  57 +
  58 +static void crl_free(LIB3270_NET_CONTEXT *context) {
  59 + if(context->crl.cert) {
  60 + X509_CRL_free(context->crl.cert);
  61 + context->crl.cert = NULL;
  62 + }
  63 +}
  64 +
  65 +static void openssl_network_finalize(H3270 *hSession) {
  66 +
  67 + debug("%s",__FUNCTION__);
  68 +
  69 +
  70 + if(hSession->network.context) {
  71 +
  72 + // Cleanupp
  73 + LIB3270_NET_CONTEXT *context = hSession->network.context;
  74 +
  75 + crl_free(context);
  76 +
  77 + // Release network context.
  78 + lib3270_free(hSession->network.context);
  79 + hSession->network.context = NULL;
  80 + }
  81 +
  82 +}
  83 +
  84 +static int openssl_network_disconnect(H3270 *hSession) {
  85 +
  86 +
  87 +}
  88 +
  89 +ssize_t openssl_network_send(H3270 *hSession, const void *buffer, size_t length) {
  90 +
  91 +}
  92 +
  93 +static ssize_t openssl_network_recv(H3270 *hSession, void *buf, size_t len) {
  94 +
  95 +}
  96 +
  97 +static int openssl_network_getsockname(const H3270 *hSession, struct sockaddr *addr, socklen_t *addrlen) {
  98 +
  99 +}
  100 +
  101 +static void * openssl_network_add_poll(H3270 *hSession, LIB3270_IO_FLAG flag, void(*call)(H3270 *, int, LIB3270_IO_FLAG, void *), void *userdata) {
  102 +
  103 +}
  104 +
  105 +static int openssl_network_non_blocking(H3270 *hSession, const unsigned char on) {
  106 +
  107 +}
  108 +
  109 +static int openssl_network_is_connected(H3270 *hSession) {
  110 +
  111 +}
  112 +
  113 +static int openssl_network_setsockopt(H3270 *hSession, int level, int optname, const void *optval, size_t optlen) {
  114 +
  115 +}
  116 +
  117 +static int openssl_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) {
  118 +}
  119 +
  120 +static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  121 +
  122 + set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
  123 +
  124 + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_get_openssl_context(state,state);
  125 + if(!ctx_context)
  126 + return -1;
  127 +
  128 + //
  129 + // Prepare for connection
  130 + //
  131 + LIB3270_NET_CONTEXT *context = hSession->network.context;
  132 +
  133 + if(context->crl.cert) {
  134 +
  135 + // Release CRL if expired.
  136 + // https://stackoverflow.com/questions/23407376/testing-x509-certificate-expiry-date-with-c
  137 + // X509_CRL_get_nextUpdate is deprecated in openssl 1.1.0
  138 +
  139 + #if OPENSSL_VERSION_NUMBER < 0x10100000L
  140 + const ASN1_TIME * next_update = X509_CRL_get_nextUpdate(context->crl.cert);
  141 + #else
  142 + const ASN1_TIME * next_update = X509_CRL_get0_nextUpdate(context->crl.cert);
  143 + #endif
  144 +
  145 + if(X509_cmp_current_time(next_update) == 1)
  146 + {
  147 + int day, sec;
  148 + if(ASN1_TIME_diff(&day, &sec, NULL, next_update))
  149 + {
  150 + trace_ssl(hSession,"CRL is valid for %d day(s) and %d second(s)\n",day,sec);
  151 + }
  152 + else
  153 + {
  154 + trace_ssl(hSession,"Can't get CRL next update, discarding it\n");
  155 + crl_free(context);
  156 + }
  157 +
  158 + }
  159 + else
  160 + {
  161 + trace_ssl(hSession,"CRL is no longer valid\n");
  162 + crl_free(context);
  163 + }
  164 +
  165 + }
  166 +
  167 + //
  168 + // Connect to host.
  169 + //
  170 + context->sock = lib3270_network_connect(hSession, state);
  171 +
  172 + return (context->sock < 0 ? -1 : 0);
  173 +
  174 +}
  175 +
  176 +static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) {
  177 +
  178 + LIB3270_NET_CONTEXT * context = hSession->network.context;
  179 +
  180 +
  181 +}
  182 +
  183 +void lib3270_set_openssl_network_module(H3270 *hSession) {
  184 +
  185 + static const LIB3270_NET_MODULE module = {
  186 + .finalize = openssl_network_finalize,
  187 + .connect = openssl_network_connect,
  188 + .disconnect = openssl_network_disconnect,
  189 + .start_tls = openssl_network_start_tls,
  190 + .send = openssl_network_send,
  191 + .recv = openssl_network_recv,
  192 + .add_poll = openssl_network_add_poll,
  193 + .non_blocking = openssl_network_non_blocking,
  194 + .is_connected = openssl_network_is_connected,
  195 + .getsockname = openssl_network_getsockname,
  196 + .setsockopt = openssl_network_setsockopt,
  197 + .getsockopt = openssl_network_getsockopt
  198 + };
  199 +
  200 + debug("%s",__FUNCTION__);
  201 +
  202 + if(hSession->network.context) {
  203 + // Has context, finalize it.
  204 + hSession->network.module->finalize(hSession);
  205 + }
  206 +
  207 + hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT));
  208 + memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT));
  209 +
  210 +
  211 +
  212 + hSession->network.module = &module;
  213 +}
src/network_modules/unsecure.c
  Diff comments   View file @889dfbb
@@ -18,7 +18,7 @@ @@ -18,7 +18,7 @@
18 * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin 18 * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
19 * St, Fifth Floor, Boston, MA 02110-1301 USA 19 * St, Fifth Floor, Boston, MA 02110-1301 USA
20 * 20 *
21 - * Este programa está nomeado como networking.h e possui - linhas de código. 21 + * Este programa está nomeado como unsecure.c e possui - linhas de código.
22 * 22 *
23 * Contatos: 23 * Contatos:
24 * 24 *
@@ -213,7 +213,7 @@ static int unsecure_network_non_blocking(H3270 *hSession, const unsigned char on @@ -213,7 +213,7 @@ static int unsecure_network_non_blocking(H3270 *hSession, const unsigned char on
213 return 0; 213 return 0;
214 } 214 }
215 215
216 -static int unsecure_network_is_connected(H3270 *hSession) { 216 +static int unsecure_network_is_connected(const H3270 *hSession) {
217 return hSession->network.context->sock > 0; 217 return hSession->network.context->sock > 0;
218 } 218 }
219 219
@@ -247,9 +247,9 @@ static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *stat @@ -247,9 +247,9 @@ static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *stat
247 return 0; 247 return 0;
248 } 248 }
249 249
250 -static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg, unsigned char required) { 250 +static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) {
251 251
252 - if(required) { 252 + if(hSession->ssl.required) {
253 253
254 // TODO: Replace network module with the openssl version, initialize and execute start_tls on it. 254 // TODO: Replace network module with the openssl version, initialize and execute start_tls on it.
255 255
@@ -66,9 +66,6 @@ @@ -66,9 +66,6 @@
66 /// @brief Unconditional release of the session CRL. 66 /// @brief Unconditional release of the session CRL.
67 LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession); 67 LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession);
68 68
69 - /// @brief Release CRL if expired.  
70 - LIB3270_INTERNAL void lib3270_crl_free_if_expired(H3270 *hSession);  
71 -  
72 /// @brief Load CRL from URL. 69 /// @brief Load CRL from URL.
73 LIB3270_INTERNAL int lib3270_crl_new_from_url(H3270 *hSession, void *ssl_error, const char *url); 70 LIB3270_INTERNAL int lib3270_crl_new_from_url(H3270 *hSession, void *ssl_error, const char *url);
74 71
src/ssl/linux/init.c
  Diff comments   View file @889dfbb
@@ -35,13 +35,10 @@ @@ -35,13 +35,10 @@
35 35
36 /** 36 /**
37 * @brief OpenSSL initialization for linux. 37 * @brief OpenSSL initialization for linux.
38 - *  
39 */ 38 */
40 39
41 #include <config.h> 40 #include <config.h>
42 41
43 -#if defined(HAVE_LIBSSL)  
44 -  
45 #include <openssl/ssl.h> 42 #include <openssl/ssl.h>
46 #include <openssl/err.h> 43 #include <openssl/err.h>
47 #include <openssl/x509_vfy.h> 44 #include <openssl/x509_vfy.h>
@@ -51,63 +48,138 @@ @@ -51,63 +48,138 @@
51 #endif // !SSL_ST_OK 48 #endif // !SSL_ST_OK
52 49
53 #include <internals.h> 50 #include <internals.h>
54 -#include <errno.h>  
55 -#include <lib3270.h>  
56 -#include <lib3270/internals.h>  
57 -#include <lib3270/trace.h> 51 +#include <networking.h>
58 #include <lib3270/log.h> 52 #include <lib3270/log.h>
59 -#include "trace_dsc.h"  
60 53
61 #ifdef SSL_ENABLE_CRL_CHECK 54 #ifdef SSL_ENABLE_CRL_CHECK
62 - #include <openssl/x509.h>  
63 #endif // SSL_ENABLE_CRL_CHECK 55 #endif // SSL_ENABLE_CRL_CHECK
64 56
  57 +#if OPENSSL_VERSION_NUMBER >= 0x00907000L
  58 + #define INFO_CONST const
  59 +#else
  60 + #define INFO_CONST
  61 +#endif
  62 +
65 /*--[ Implement ]------------------------------------------------------------------------------------*/ 63 /*--[ Implement ]------------------------------------------------------------------------------------*/
66 64
67 -/**  
68 - * @brief Initialize openssl library.  
69 - *  
70 - * @return 0 if ok, non zero if fails.  
71 - *  
72 - */  
73 -int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) 65 +// @brief Index of h3270 handle in SSL session.
  66 +static int ssl_3270_ex_index;
  67 +
  68 +/// @brief Callback for tracing protocol negotiation.
  69 +static void info_callback(INFO_CONST SSL *s, int where, int ret)
74 { 70 {
75 - debug("%s ssl_ctx=%p",__FUNCTION__,ssl_ctx); 71 + H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index);
76 72
77 - if(ssl_ctx)  
78 - return 0; 73 + switch(where)
  74 + {
  75 + case SSL_CB_CONNECT_LOOP:
  76 + trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
  77 + break;
  78 +
  79 + case SSL_CB_CONNECT_EXIT:
  80 +
  81 + trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
  82 +
  83 + if (ret == 0)
  84 + {
  85 + trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));
  86 + }
  87 + else if (ret < 0)
  88 + {
  89 + unsigned long e = ERR_get_error();
  90 + char err_buf[1024];
  91 +
  92 + if(e != 0)
  93 + {
  94 + hSession->ssl.error = e;
  95 + (void) ERR_error_string_n(e, err_buf, 1023);
  96 + }
  97 +#if defined(_WIN32)
  98 + else if (GetLastError() != 0)
  99 + {
  100 + strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
  101 + }
  102 +#else
  103 + else if (errno != 0)
  104 + {
  105 + strncpy(err_buf, strerror(errno),1023);
  106 + }
  107 +#endif
  108 + else
  109 + {
  110 + err_buf[0] = '\0';
  111 + }
  112 +
  113 + trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
  114 + ret,
  115 + err_buf,
  116 + SSL_state_string_long(s),
  117 + SSL_alert_type_string_long(ret)
  118 + );
  119 +
  120 + }
  121 + break;
  122 +
  123 + default:
  124 + trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));
  125 + }
  126 +
  127 +#ifdef DEBUG
  128 + if(where & SSL_CB_EXIT)
  129 + {
  130 + trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
  131 + }
  132 +#endif
  133 +
  134 + if(where & SSL_CB_ALERT)
  135 + trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));
  136 +
  137 + if(where & SSL_CB_HANDSHAKE_DONE)
  138 + {
  139 + trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
  140 + if(SSL_get_state(s) == SSL_ST_OK)
  141 + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
  142 + else
  143 + set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
  144 + }
  145 +}
  146 +
  147 +void * lib3270_get_openssl_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  148 +
  149 + static SSL_CTX * context = NULL;
  150 +
  151 + if(context)
  152 + return context;
79 153
80 trace_ssl(hSession,"Initializing SSL context.\n"); 154 trace_ssl(hSession,"Initializing SSL context.\n");
81 155
82 SSL_load_error_strings(); 156 SSL_load_error_strings();
83 SSL_library_init(); 157 SSL_library_init();
84 158
85 - ssl_ctx = SSL_CTX_new(SSLv23_method());  
86 - if(ssl_ctx == NULL) 159 + context = SSL_CTX_new(SSLv23_method());
  160 + if(context == NULL)
87 { 161 {
88 static const LIB3270_POPUP popup = { 162 static const LIB3270_POPUP popup = {
89 - .name = "SSL-CTXERROR",  
90 .type = LIB3270_NOTIFY_SECURE, 163 .type = LIB3270_NOTIFY_SECURE,
91 - .summary = N_( "Cant initialize the SSL context." ) 164 + .summary = N_( "Can't initialize the SSL context." )
92 }; 165 };
93 166
94 - message->code = hSession->ssl.error = ERR_get_error();  
95 - message->popup = &popup; 167 +// message->code = hSession->ssl.error = ERR_get_error();
  168 + state->popup = &popup;
96 return -1; 169 return -1;
97 } 170 }
98 171
99 - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);  
100 - SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); 172 + SSL_CTX_set_options(context, SSL_OP_ALL);
  173 + SSL_CTX_set_info_callback(context, info_callback);
101 174
102 - SSL_CTX_set_default_verify_paths(ssl_ctx); 175 + SSL_CTX_set_default_verify_paths(context);
103 176
104 ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL); 177 ssl_3270_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
105 178
106 -  
107 #ifdef SSL_ENABLE_CRL_CHECK 179 #ifdef SSL_ENABLE_CRL_CHECK
108 180
109 // Enable CRL check 181 // Enable CRL check
110 - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); 182 + X509_STORE *store = SSL_CTX_get_cert_store(context);
111 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); 183 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
112 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); 184 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
113 X509_STORE_set1_param(store, param); 185 X509_STORE_set1_param(store, param);
@@ -117,8 +189,6 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -117,8 +189,6 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
117 189
118 #endif // SSL_ENABLE_CRL_CHECK 190 #endif // SSL_ENABLE_CRL_CHECK
119 191
120 - return 0; 192 + return context;
121 193
122 } 194 }
123 -  
124 -#endif // HAVE_LIBSSL  
src/ssl/negotiate.c
  Diff comments   View file @889dfbb
@@ -535,85 +535,5 @@ int ssl_init(H3270 *hSession) { @@ -535,85 +535,5 @@ int ssl_init(H3270 *hSession) {
535 535
536 } 536 }
537 537
538 -  
539 -/* Callback for tracing protocol negotiation. */  
540 -void ssl_info_callback(INFO_CONST SSL *s, int where, int ret)  
541 -{  
542 - H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_3270_ex_index);  
543 -  
544 - switch(where)  
545 - {  
546 - case SSL_CB_CONNECT_LOOP:  
547 - trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));  
548 - break;  
549 -  
550 - case SSL_CB_CONNECT_EXIT:  
551 -  
552 - trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);  
553 -  
554 - if (ret == 0)  
555 - {  
556 - trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));  
557 - }  
558 - else if (ret < 0)  
559 - {  
560 - unsigned long e = ERR_get_error();  
561 - char err_buf[1024];  
562 -  
563 - if(e != 0)  
564 - {  
565 - hSession->ssl.error = e;  
566 - (void) ERR_error_string_n(e, err_buf, 1023);  
567 - }  
568 -#if defined(_WIN32)  
569 - else if (GetLastError() != 0)  
570 - {  
571 - strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);  
572 - }  
573 -#else  
574 - else if (errno != 0)  
575 - {  
576 - strncpy(err_buf, strerror(errno),1023);  
577 - }  
578 -#endif  
579 - else  
580 - {  
581 - err_buf[0] = '\0';  
582 - }  
583 -  
584 - trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",  
585 - ret,  
586 - err_buf,  
587 - SSL_state_string_long(s),  
588 - SSL_alert_type_string_long(ret)  
589 - );  
590 -  
591 - }  
592 - break;  
593 -  
594 - default:  
595 - trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));  
596 - }  
597 -  
598 -#ifdef DEBUG  
599 - if(where & SSL_CB_EXIT)  
600 - {  
601 - trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);  
602 - }  
603 -#endif  
604 -  
605 - if(where & SSL_CB_ALERT)  
606 - trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));  
607 -  
608 - if(where & SSL_CB_HANDSHAKE_DONE)  
609 - {  
610 - trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));  
611 - if(SSL_get_state(s) == SSL_ST_OK)  
612 - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);  
613 - else  
614 - set_ssl_state(hSession,LIB3270_SSL_UNSECURE);  
615 - }  
616 -}  
617 -  
618 #endif /*]*/ 538 #endif /*]*/
619 539
src/ssl/state.c
  Diff comments   View file @889dfbb
@@ -70,7 +70,6 @@ LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_ssl_state(const H3270 *hSession) @@ -70,7 +70,6 @@ LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_ssl_state(const H3270 *hSession)
70 #endif // HAVE_LIBSSL 70 #endif // HAVE_LIBSSL
71 } 71 }
72 72
73 -#if defined(HAVE_LIBSSL)  
74 void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state) 73 void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
75 { 74 {
76 if(state == hSession->ssl.state) 75 if(state == hSession->ssl.state)
@@ -83,6 +82,9 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state) @@ -83,6 +82,9 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
83 hSession->cbk.update_ssl(hSession,hSession->ssl.state); 82 hSession->cbk.update_ssl(hSession,hSession->ssl.state);
84 } 83 }
85 84
  85 +
  86 +#if defined(HAVE_LIBSSL)
  87 +
86 static const struct ssl_status_msg status_msg[] = 88 static const struct ssl_status_msg status_msg[] =
87 { 89 {
88 // http://www.openssl.org/docs/apps/verify.html 90 // http://www.openssl.org/docs/apps/verify.html