Commit 8af83f252989dfb4c7c1cdeceb98102e29c3fe53
1 parent
6cc9e2d4
Exists in
master
and in
3 other branches
Adjusting network modules source paths.
Showing
25 changed files
with
1326 additions
and
1265 deletions
Show diff stats
Makefile.in
| @@ -32,6 +32,8 @@ LIBNAME=lib@LIB3270_NAME@ | @@ -32,6 +32,8 @@ LIBNAME=lib@LIB3270_NAME@ | ||
| 32 | PRODUCT_NAME=@PRODUCT_NAME@ | 32 | PRODUCT_NAME=@PRODUCT_NAME@ |
| 33 | INSTALL_PACKAGES=@INSTALL_PACKAGES@ | 33 | INSTALL_PACKAGES=@INSTALL_PACKAGES@ |
| 34 | 34 | ||
| 35 | +NETWORK_MODULES=default | ||
| 36 | + | ||
| 35 | SOURCES= \ | 37 | SOURCES= \ |
| 36 | $(wildcard src/core/*.c) \ | 38 | $(wildcard src/core/*.c) \ |
| 37 | $(wildcard src/core/keyboard/*.c) \ | 39 | $(wildcard src/core/keyboard/*.c) \ |
| @@ -43,11 +45,9 @@ SOURCES= \ | @@ -43,11 +45,9 @@ SOURCES= \ | ||
| 43 | $(wildcard src/core/@OSNAME@/*.c) \ | 45 | $(wildcard src/core/@OSNAME@/*.c) \ |
| 44 | $(wildcard src/core/properties/*.c) \ | 46 | $(wildcard src/core/properties/*.c) \ |
| 45 | $(wildcard src/selection/*.c) \ | 47 | $(wildcard src/selection/*.c) \ |
| 46 | - $(wildcard src/ssl/*.c) \ | ||
| 47 | - $(wildcard src/ssl/@OSNAME@/*.c) \ | ||
| 48 | $(wildcard src/network_modules/*.c) \ | 48 | $(wildcard src/network_modules/*.c) \ |
| 49 | - $(wildcard src/network_modules/@OSNAME@/*.c) \ | ||
| 50 | - $(BASEDIR)/.tmp/$(LIBNAME)/fallbacks.c | 49 | + $(BASEDIR)/.tmp/$(LIBNAME)/fallbacks.c \ |
| 50 | + $(foreach MODULE, $(NETWORK_MODULES), $(wildcard src/network_modules/$(MODULE)/*.c)) | ||
| 51 | 51 | ||
| 52 | TEST_SOURCES= \ | 52 | TEST_SOURCES= \ |
| 53 | $(wildcard src/testprogram/*.c) | 53 | $(wildcard src/testprogram/*.c) |
lib3270.cbp
| @@ -307,14 +307,21 @@ | @@ -307,14 +307,21 @@ | ||
| 307 | <Unit filename="src/mkfb/mkfb.c"> | 307 | <Unit filename="src/mkfb/mkfb.c"> |
| 308 | <Option compilerVar="CC" /> | 308 | <Option compilerVar="CC" /> |
| 309 | </Unit> | 309 | </Unit> |
| 310 | - <Unit filename="src/network_modules/linux/connect.c"> | 310 | + <Unit filename="src/network_modules/default/main.c"> |
| 311 | <Option compilerVar="CC" /> | 311 | <Option compilerVar="CC" /> |
| 312 | </Unit> | 312 | </Unit> |
| 313 | - <Unit filename="src/network_modules/openssl.c"> | 313 | + <Unit filename="src/network_modules/default/private.h" /> |
| 314 | + <Unit filename="src/network_modules/openssl/main.c"> | ||
| 314 | <Option compilerVar="CC" /> | 315 | <Option compilerVar="CC" /> |
| 315 | </Unit> | 316 | </Unit> |
| 316 | - <Unit filename="src/network_modules/private.h" /> | ||
| 317 | - <Unit filename="src/network_modules/unsecure.c"> | 317 | + <Unit filename="src/network_modules/openssl/private.h" /> |
| 318 | + <Unit filename="src/network_modules/openssl/states.c"> | ||
| 319 | + <Option compilerVar="CC" /> | ||
| 320 | + </Unit> | ||
| 321 | + <Unit filename="src/network_modules/select.c"> | ||
| 322 | + <Option compilerVar="CC" /> | ||
| 323 | + </Unit> | ||
| 324 | + <Unit filename="src/network_modules/state.c"> | ||
| 318 | <Option compilerVar="CC" /> | 325 | <Option compilerVar="CC" /> |
| 319 | </Unit> | 326 | </Unit> |
| 320 | <Unit filename="src/selection/actions.c"> | 327 | <Unit filename="src/selection/actions.c"> |
| @@ -352,9 +359,6 @@ | @@ -352,9 +359,6 @@ | ||
| 352 | <Unit filename="src/ssl/properties.c"> | 359 | <Unit filename="src/ssl/properties.c"> |
| 353 | <Option compilerVar="CC" /> | 360 | <Option compilerVar="CC" /> |
| 354 | </Unit> | 361 | </Unit> |
| 355 | - <Unit filename="src/ssl/state.c"> | ||
| 356 | - <Option compilerVar="CC" /> | ||
| 357 | - </Unit> | ||
| 358 | <Unit filename="src/ssl/windows/getcrl.c"> | 362 | <Unit filename="src/ssl/windows/getcrl.c"> |
| 359 | <Option compilerVar="CC" /> | 363 | <Option compilerVar="CC" /> |
| 360 | </Unit> | 364 | </Unit> |
src/core/connect.c
| @@ -35,8 +35,6 @@ | @@ -35,8 +35,6 @@ | ||
| 35 | #include <lib3270/trace.h> | 35 | #include <lib3270/trace.h> |
| 36 | #include <lib3270/toggle.h> | 36 | #include <lib3270/toggle.h> |
| 37 | #include <trace_dsc.h> | 37 | #include <trace_dsc.h> |
| 38 | - | ||
| 39 | -#include "../ssl/crl.h" | ||
| 40 | #include "utilc.h" | 38 | #include "utilc.h" |
| 41 | 39 | ||
| 42 | /*---[ Implement ]-------------------------------------------------------------------------------*/ | 40 | /*---[ Implement ]-------------------------------------------------------------------------------*/ |
src/core/host.c
| @@ -257,12 +257,8 @@ static void update_url(H3270 *hSession) | @@ -257,12 +257,8 @@ static void update_url(H3270 *hSession) | ||
| 257 | { | 257 | { |
| 258 | char * url = | 258 | char * url = |
| 259 | lib3270_strdup_printf( | 259 | lib3270_strdup_printf( |
| 260 | - "%s%s:%s", | ||
| 261 | -#ifdef HAVE_LIBSSL | ||
| 262 | - (hSession->ssl.enabled ? "tn3270s://" : "tn3270://"), | ||
| 263 | -#else | ||
| 264 | - "tn3270://", | ||
| 265 | -#endif // HAVE_LIBSSL | 260 | + "%s//%s:%s", |
| 261 | + hSession->network.module->name, | ||
| 266 | hSession->host.current, | 262 | hSession->host.current, |
| 267 | hSession->host.srvc | 263 | hSession->host.srvc |
| 268 | ); | 264 | ); |
| @@ -280,7 +276,7 @@ static void update_url(H3270 *hSession) | @@ -280,7 +276,7 @@ static void update_url(H3270 *hSession) | ||
| 280 | lib3270_free(hSession->host.url); | 276 | lib3270_free(hSession->host.url); |
| 281 | hSession->host.url = url; | 277 | hSession->host.url = url; |
| 282 | 278 | ||
| 283 | -#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) | 279 | +#if defined(HAVE_LIBSSLx) && defined(SSL_ENABLE_CRL_CHECK) |
| 284 | lib3270_crl_free(hSession); | 280 | lib3270_crl_free(hSession); |
| 285 | #endif // SSL_ENABLE_CRL_CHECK | 281 | #endif // SSL_ENABLE_CRL_CHECK |
| 286 | 282 | ||
| @@ -377,7 +373,7 @@ LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *n) | @@ -377,7 +373,7 @@ LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *n) | ||
| 377 | const char * srvc; | 373 | const char * srvc; |
| 378 | } sch[] = | 374 | } sch[] = |
| 379 | { | 375 | { |
| 380 | -#ifdef HAVE_LIBSSL | 376 | +#ifdef HAVE_LIBSSLx |
| 381 | { 1, "tn3270s://", "telnets" }, | 377 | { 1, "tn3270s://", "telnets" }, |
| 382 | { 1, "telnets://", "telnets" }, | 378 | { 1, "telnets://", "telnets" }, |
| 383 | { 1, "L://", "telnets" }, | 379 | { 1, "L://", "telnets" }, |
| @@ -398,7 +394,7 @@ LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *n) | @@ -398,7 +394,7 @@ LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *n) | ||
| 398 | 394 | ||
| 399 | trace("%s(%s)",__FUNCTION__,str); | 395 | trace("%s(%s)",__FUNCTION__,str); |
| 400 | 396 | ||
| 401 | -#ifdef HAVE_LIBSSL | 397 | +#ifdef HAVE_LIBSSLx |
| 402 | h->ssl.enabled = 0; | 398 | h->ssl.enabled = 0; |
| 403 | #endif // HAVE_LIBSSL | 399 | #endif // HAVE_LIBSSL |
| 404 | 400 | ||
| @@ -407,7 +403,7 @@ LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *n) | @@ -407,7 +403,7 @@ LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *n) | ||
| 407 | size_t sz = strlen(sch[f].text); | 403 | size_t sz = strlen(sch[f].text); |
| 408 | if(!strncasecmp(hostname,sch[f].text,sz)) | 404 | if(!strncasecmp(hostname,sch[f].text,sz)) |
| 409 | { | 405 | { |
| 410 | -#ifdef HAVE_LIBSSL | 406 | +#ifdef HAVE_LIBSSLx |
| 411 | h->ssl.enabled = sch[f].ssl; | 407 | h->ssl.enabled = sch[f].ssl; |
| 412 | #endif // HAVE_LIBSSL | 408 | #endif // HAVE_LIBSSL |
| 413 | srvc = sch[f].srvc; | 409 | srvc = sch[f].srvc; |
src/core/linux/connect.c
| @@ -53,9 +53,84 @@ | @@ -53,9 +53,84 @@ | ||
| 53 | #include <lib3270/internals.h> | 53 | #include <lib3270/internals.h> |
| 54 | #include <lib3270/log.h> | 54 | #include <lib3270/log.h> |
| 55 | #include <lib3270/trace.h> | 55 | #include <lib3270/trace.h> |
| 56 | +#include <networking.h> | ||
| 56 | 57 | ||
| 57 | /*---[ Implement ]-------------------------------------------------------------------------------*/ | 58 | /*---[ Implement ]-------------------------------------------------------------------------------*/ |
| 58 | 59 | ||
| 60 | + int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 61 | + | ||
| 62 | + // | ||
| 63 | + // Resolve hostname | ||
| 64 | + // | ||
| 65 | + struct addrinfo hints; | ||
| 66 | + struct addrinfo * result = NULL; | ||
| 67 | + memset(&hints,0,sizeof(hints)); | ||
| 68 | + hints.ai_family = AF_UNSPEC; // Allow IPv4 or IPv6 | ||
| 69 | + hints.ai_socktype = SOCK_STREAM; // Stream socket | ||
| 70 | + hints.ai_flags = AI_PASSIVE; // For wildcard IP address | ||
| 71 | + hints.ai_protocol = 0; // Any protocol | ||
| 72 | + | ||
| 73 | + status_resolving(hSession); | ||
| 74 | + | ||
| 75 | + int rc = getaddrinfo(hSession->host.current, hSession->host.srvc, &hints, &result); | ||
| 76 | + if(rc) | ||
| 77 | + { | ||
| 78 | + state->error_message = gai_strerror(rc); | ||
| 79 | + return -1; | ||
| 80 | + } | ||
| 81 | + | ||
| 82 | + // | ||
| 83 | + // Try connecting to hosts. | ||
| 84 | + // | ||
| 85 | + int sock = -1; | ||
| 86 | + struct addrinfo * rp = NULL; | ||
| 87 | + | ||
| 88 | + status_connecting(hSession); | ||
| 89 | + | ||
| 90 | + for(rp = result; sock < 0 && rp != NULL; rp = rp->ai_next) | ||
| 91 | + { | ||
| 92 | + // Got socket from host definition. | ||
| 93 | + sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); | ||
| 94 | + if(sock < 0) | ||
| 95 | + { | ||
| 96 | + // Can't get socket. | ||
| 97 | + state->syserror = errno; | ||
| 98 | + continue; | ||
| 99 | + } | ||
| 100 | + | ||
| 101 | + // Try connect. | ||
| 102 | + if(connect(sock, rp->ai_addr, rp->ai_addrlen)) | ||
| 103 | + { | ||
| 104 | + // Can't connect to host | ||
| 105 | + state->syserror = errno; | ||
| 106 | + close(sock); | ||
| 107 | + sock = -1; | ||
| 108 | + continue; | ||
| 109 | + } | ||
| 110 | + | ||
| 111 | + } | ||
| 112 | + | ||
| 113 | + freeaddrinfo(result); | ||
| 114 | + | ||
| 115 | + if(sock < 0) | ||
| 116 | + { | ||
| 117 | + static const LIB3270_POPUP popup = { | ||
| 118 | + .name = "CantConnect", | ||
| 119 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 120 | + .summary = N_("Can't connect to host"), | ||
| 121 | + .label = N_("Try again") | ||
| 122 | + }; | ||
| 123 | + | ||
| 124 | + state->popup = &popup; | ||
| 125 | + return sock; | ||
| 126 | + } | ||
| 127 | + | ||
| 128 | + // don't share the socket with our children | ||
| 129 | + (void) fcntl(sock, F_SETFD, 1); | ||
| 130 | + | ||
| 131 | + return sock; | ||
| 132 | + } | ||
| 133 | + | ||
| 59 | static void net_connected(H3270 *hSession, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNUSED(flag), void GNUC_UNUSED(*dunno)) | 134 | static void net_connected(H3270 *hSession, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNUSED(flag), void GNUC_UNUSED(*dunno)) |
| 60 | { | 135 | { |
| 61 | int err; | 136 | int err; |
| @@ -171,7 +246,7 @@ | @@ -171,7 +246,7 @@ | ||
| 171 | // | 246 | // |
| 172 | hSession->ever_3270 = False; | 247 | hSession->ever_3270 = False; |
| 173 | 248 | ||
| 174 | -#if defined(HAVE_LIBSSL) | 249 | +#if defined(HAVE_LIBSSLx) |
| 175 | if(hSession->ssl.enabled) | 250 | if(hSession->ssl.enabled) |
| 176 | { | 251 | { |
| 177 | hSession->ssl.host = 1; | 252 | hSession->ssl.host = 1; |
src/core/properties/boolean.c
| @@ -47,7 +47,7 @@ | @@ -47,7 +47,7 @@ | ||
| 47 | 47 | ||
| 48 | void lib3270_disable_crl_download(H3270 *hSession) | 48 | void lib3270_disable_crl_download(H3270 *hSession) |
| 49 | { | 49 | { |
| 50 | -#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) | 50 | +#if defined(HAVE_LIBSSLx) && defined(SSL_ENABLE_CRL_CHECK) |
| 51 | hSession->ssl.crl.download = 0; | 51 | hSession->ssl.crl.download = 0; |
| 52 | #endif // SSL_ENABLE_CRL_CHECK | 52 | #endif // SSL_ENABLE_CRL_CHECK |
| 53 | } | 53 | } |
src/core/properties/signed.c
| @@ -51,7 +51,7 @@ | @@ -51,7 +51,7 @@ | ||
| 51 | 51 | ||
| 52 | static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value) | 52 | static int lib3270_set_ssl_minimum_protocol_version(H3270 *hSession, int value) |
| 53 | { | 53 | { |
| 54 | -#ifdef HAVE_LIBSSL | 54 | +#ifdef HAVE_LIBSSLx |
| 55 | FAIL_IF_ONLINE(hSession); | 55 | FAIL_IF_ONLINE(hSession); |
| 56 | hSession->ssl.protocol.min_version = value; | 56 | hSession->ssl.protocol.min_version = value; |
| 57 | return 0; | 57 | return 0; |
| @@ -62,7 +62,7 @@ | @@ -62,7 +62,7 @@ | ||
| 62 | 62 | ||
| 63 | static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value) | 63 | static int lib3270_set_ssl_maximum_protocol_version(H3270 *hSession, int value) |
| 64 | { | 64 | { |
| 65 | -#ifdef HAVE_LIBSSL | 65 | +#ifdef HAVE_LIBSSLx |
| 66 | FAIL_IF_ONLINE(hSession); | 66 | FAIL_IF_ONLINE(hSession); |
| 67 | hSession->ssl.protocol.max_version = value; | 67 | hSession->ssl.protocol.max_version = value; |
| 68 | return 0; | 68 | return 0; |
| @@ -73,7 +73,7 @@ | @@ -73,7 +73,7 @@ | ||
| 73 | 73 | ||
| 74 | static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession) | 74 | static int lib3270_get_ssl_minimum_protocol_version(const H3270 *hSession) |
| 75 | { | 75 | { |
| 76 | -#ifdef HAVE_LIBSSL | 76 | +#ifdef HAVE_LIBSSLx |
| 77 | return hSession->ssl.protocol.min_version; | 77 | return hSession->ssl.protocol.min_version; |
| 78 | #else | 78 | #else |
| 79 | errno = ENOTSUP; | 79 | errno = ENOTSUP; |
| @@ -83,7 +83,7 @@ | @@ -83,7 +83,7 @@ | ||
| 83 | 83 | ||
| 84 | static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession) | 84 | static int lib3270_get_ssl_maximum_protocol_version(const H3270 *hSession) |
| 85 | { | 85 | { |
| 86 | -#ifdef HAVE_LIBSSL | 86 | +#ifdef HAVE_LIBSSLx |
| 87 | return hSession->ssl.protocol.max_version; | 87 | return hSession->ssl.protocol.max_version; |
| 88 | #else | 88 | #else |
| 89 | errno = ENOTSUP; | 89 | errno = ENOTSUP; |
src/core/properties/string.c
| @@ -139,6 +139,7 @@ | @@ -139,6 +139,7 @@ | ||
| 139 | .set = NULL // Set value. | 139 | .set = NULL // Set value. |
| 140 | }, | 140 | }, |
| 141 | 141 | ||
| 142 | + /* | ||
| 142 | { | 143 | { |
| 143 | .name = "crl_url", // Property name. | 144 | .name = "crl_url", // Property name. |
| 144 | .group = LIB3270_ACTION_GROUP_OFFLINE, // Property group. | 145 | .group = LIB3270_ACTION_GROUP_OFFLINE, // Property group. |
| @@ -154,6 +155,7 @@ | @@ -154,6 +155,7 @@ | ||
| 154 | .get = lib3270_crl_get_preferred_protocol, // Get value. | 155 | .get = lib3270_crl_get_preferred_protocol, // Get value. |
| 155 | .set = lib3270_crl_set_preferred_protocol, // Set value. | 156 | .set = lib3270_crl_set_preferred_protocol, // Set value. |
| 156 | }, | 157 | }, |
| 158 | + */ | ||
| 157 | 159 | ||
| 158 | { | 160 | { |
| 159 | .name = "default_host", // Property name. | 161 | .name = "default_host", // Property name. |
| @@ -162,6 +164,7 @@ | @@ -162,6 +164,7 @@ | ||
| 162 | .set = NULL // Set value. | 164 | .set = NULL // Set value. |
| 163 | }, | 165 | }, |
| 164 | 166 | ||
| 167 | + /* | ||
| 165 | { | 168 | { |
| 166 | .name = "sslmessage", // Property name. | 169 | .name = "sslmessage", // Property name. |
| 167 | .description = N_( "The security state" ), // Property description. | 170 | .description = N_( "The security state" ), // Property description. |
| @@ -175,6 +178,7 @@ | @@ -175,6 +178,7 @@ | ||
| 175 | .get = lib3270_get_ssl_state_description, // Get value. | 178 | .get = lib3270_get_ssl_state_description, // Get value. |
| 176 | .set = NULL // Set value. | 179 | .set = NULL // Set value. |
| 177 | }, | 180 | }, |
| 181 | + */ | ||
| 178 | 182 | ||
| 179 | { | 183 | { |
| 180 | .name = "oversize", // Property name. | 184 | .name = "oversize", // Property name. |
src/core/session.c
| @@ -74,7 +74,7 @@ void lib3270_session_free(H3270 *h) | @@ -74,7 +74,7 @@ void lib3270_session_free(H3270 *h) | ||
| 74 | 74 | ||
| 75 | shutdown_toggles(h); | 75 | shutdown_toggles(h); |
| 76 | 76 | ||
| 77 | -#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSL) | 77 | +#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSLx) |
| 78 | if(h->ssl.crl.prefer) | 78 | if(h->ssl.crl.prefer) |
| 79 | { | 79 | { |
| 80 | free(h->ssl.crl.prefer); | 80 | free(h->ssl.crl.prefer); |
| @@ -324,7 +324,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model, const char | @@ -324,7 +324,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model, const char | ||
| 324 | memset(hSession,0,sizeof(H3270)); | 324 | memset(hSession,0,sizeof(H3270)); |
| 325 | lib3270_set_default_network_module(hSession); | 325 | lib3270_set_default_network_module(hSession); |
| 326 | 326 | ||
| 327 | -#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSL) | 327 | +#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSLx) |
| 328 | hSession->ssl.crl.download = 1; | 328 | hSession->ssl.crl.download = 1; |
| 329 | #endif // SSL_ENABLE_CRL_CHECK | 329 | #endif // SSL_ENABLE_CRL_CHECK |
| 330 | 330 |
src/core/telnet.c
| @@ -1520,37 +1520,12 @@ void net_exception(H3270 *session, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNU | @@ -1520,37 +1520,12 @@ void net_exception(H3270 *session, int GNUC_UNUSED(fd), LIB3270_IO_FLAG GNUC_UNU | ||
| 1520 | 1520 | ||
| 1521 | LIB3270_INTERNAL int lib3270_sock_send(H3270 *hSession, unsigned const char *buf, int len) | 1521 | LIB3270_INTERNAL int lib3270_sock_send(H3270 *hSession, unsigned const char *buf, int len) |
| 1522 | { | 1522 | { |
| 1523 | - int rc; | ||
| 1524 | - | ||
| 1525 | -#if defined(HAVE_LIBSSL) | ||
| 1526 | - if(hSession->ssl.con != NULL) | ||
| 1527 | - rc = SSL_write(hSession->ssl.con, (const char *) buf, len); | ||
| 1528 | - else | ||
| 1529 | - rc = send(hSession->connection.sock, (const char *) buf, len, 0); | ||
| 1530 | -#else | ||
| 1531 | - rc = hSession->network.module->send(hSession, buf, len); | ||
| 1532 | -#endif // HAVE_LIBSSL | 1523 | + int rc = hSession->network.module->send(hSession, buf, len); |
| 1533 | 1524 | ||
| 1534 | if(rc > 0) | 1525 | if(rc > 0) |
| 1535 | return rc; | 1526 | return rc; |
| 1536 | 1527 | ||
| 1537 | // Send error, notify | 1528 | // Send error, notify |
| 1538 | - | ||
| 1539 | -#if defined(HAVE_LIBSSL) | ||
| 1540 | - #error TODO - The send method should emit popup messages. | ||
| 1541 | - if(hSession->ssl.con != NULL) | ||
| 1542 | - { | ||
| 1543 | - unsigned long e; | ||
| 1544 | - char err_buf[120]; | ||
| 1545 | - | ||
| 1546 | - e = ERR_get_error(); | ||
| 1547 | - (void) ERR_error_string(e, err_buf); | ||
| 1548 | - trace_dsn(hSession,"RCVD SSL_write error %ld (%s)\n", e,err_buf); | ||
| 1549 | - popup_an_error(hSession,_( "SSL_write:\n%s" ), err_buf); | ||
| 1550 | - return -1; | ||
| 1551 | - } | ||
| 1552 | -#endif // HAVE_LIBSSL | ||
| 1553 | - | ||
| 1554 | trace_dsn(hSession,"RCVD socket error %d\n", -rc); | 1529 | trace_dsn(hSession,"RCVD socket error %d\n", -rc); |
| 1555 | 1530 | ||
| 1556 | return -1; | 1531 | return -1; |
src/include/networking.h
| @@ -51,9 +51,21 @@ | @@ -51,9 +51,21 @@ | ||
| 51 | 51 | ||
| 52 | typedef struct lib3270_net_module { | 52 | typedef struct lib3270_net_module { |
| 53 | 53 | ||
| 54 | + /// @brief Protocol name for URL. | ||
| 55 | + const char *name; | ||
| 56 | + | ||
| 57 | + /// @brief Default service name. | ||
| 58 | + const char *service; | ||
| 59 | + | ||
| 60 | + /// @brief Prepare to connect. | ||
| 61 | + /// | ||
| 62 | + /// @param hSession TN3270 session. | ||
| 63 | + /// @param state Pointer to state message. | ||
| 64 | + /// | ||
| 65 | + int (*init)(H3270 *hSession, LIB3270_NETWORK_STATE *state); | ||
| 66 | + | ||
| 54 | /// @brief Deinitialize network module. | 67 | /// @brief Deinitialize network module. |
| 55 | /// | 68 | /// |
| 56 | - /// @param context Network context. | ||
| 57 | /// @param hSession TN3270 session. | 69 | /// @param hSession TN3270 session. |
| 58 | /// @param state Pointer to state message. | 70 | /// @param state Pointer to state message. |
| 59 | /// | 71 | /// |
| @@ -61,7 +73,6 @@ | @@ -61,7 +73,6 @@ | ||
| 61 | 73 | ||
| 62 | /// @brief Connect to host. | 74 | /// @brief Connect to host. |
| 63 | /// | 75 | /// |
| 64 | - /// @param context Network context. | ||
| 65 | /// @param hSession TN3270 session. | 76 | /// @param hSession TN3270 session. |
| 66 | /// @param seconds Seconds for timeout. | 77 | /// @param seconds Seconds for timeout. |
| 67 | /// @param state Pointer to state message. | 78 | /// @param state Pointer to state message. |
| @@ -70,7 +81,6 @@ | @@ -70,7 +81,6 @@ | ||
| 70 | 81 | ||
| 71 | /// @brief Disconnect from host. | 82 | /// @brief Disconnect from host. |
| 72 | /// | 83 | /// |
| 73 | - /// @param context Network context. | ||
| 74 | /// @param hSession TN3270 session. | 84 | /// @param hSession TN3270 session. |
| 75 | /// @param state Pointer to state message. | 85 | /// @param state Pointer to state message. |
| 76 | /// | 86 | /// |
| @@ -131,14 +141,21 @@ | @@ -131,14 +141,21 @@ | ||
| 131 | /** | 141 | /** |
| 132 | * @brief Connect to host, returns a connected socket. | 142 | * @brief Connect to host, returns a connected socket. |
| 133 | * | 143 | * |
| 144 | + * @param hSession Disconnected TN3270 session. | ||
| 145 | + * @param state Pointer to network state context. | ||
| 146 | + * | ||
| 134 | * @return The Socket number or -1 in case of failure. | 147 | * @return The Socket number or -1 in case of failure. |
| 135 | * | 148 | * |
| 136 | */ | 149 | */ |
| 137 | - LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state); | ||
| 138 | - | 150 | + LIB3270_INTERNAL int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state); |
| 139 | 151 | ||
| 140 | - LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state); | ||
| 141 | - LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession); | 152 | + /** |
| 153 | + * @brief Select the default (unsecure) network context. | ||
| 154 | + * | ||
| 155 | + * @param hSession TN3270 Session handle. | ||
| 156 | + * | ||
| 157 | + */ | ||
| 158 | + LIB3270_INTERNAL void lib3270_set_default_network_module(H3270 *hSession); | ||
| 142 | 159 | ||
| 143 | #endif // LIB3270_NETWORKING_H_INCLUDED | 160 | #endif // LIB3270_NETWORKING_H_INCLUDED |
| 144 | 161 |
| @@ -0,0 +1,303 @@ | @@ -0,0 +1,303 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como unsecure.c e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | + /** | ||
| 31 | + * @brief Default networking methods. | ||
| 32 | + * | ||
| 33 | + */ | ||
| 34 | + | ||
| 35 | + #include "private.h" | ||
| 36 | + #include <fcntl.h> | ||
| 37 | + | ||
| 38 | + static void unsecure_network_finalize(H3270 *hSession) { | ||
| 39 | + | ||
| 40 | + debug("%s",__FUNCTION__); | ||
| 41 | + | ||
| 42 | + if(hSession->network.context) { | ||
| 43 | + lib3270_free(hSession->network.context); | ||
| 44 | + hSession->network.context = NULL; | ||
| 45 | + } | ||
| 46 | + | ||
| 47 | + } | ||
| 48 | + | ||
| 49 | + static int unsecure_network_disconnect(H3270 *hSession) { | ||
| 50 | + | ||
| 51 | + debug("%s",__FUNCTION__); | ||
| 52 | + | ||
| 53 | + if(hSession->network.context->sock >= 0) { | ||
| 54 | + shutdown(hSession->network.context->sock, 2); | ||
| 55 | + close(hSession->network.context->sock); | ||
| 56 | + hSession->network.context->sock = -1; | ||
| 57 | + } | ||
| 58 | + | ||
| 59 | + return 0; | ||
| 60 | + } | ||
| 61 | + | ||
| 62 | + ssize_t unsecure_network_send(H3270 *hSession, const void *buffer, size_t length) { | ||
| 63 | + | ||
| 64 | + if(hSession->network.context->sock < 0) { | ||
| 65 | + return -(errno = ENOTCONN); | ||
| 66 | + } | ||
| 67 | + | ||
| 68 | + ssize_t bytes = send(hSession->network.context->sock,buffer,length,0); | ||
| 69 | + | ||
| 70 | + debug("%s bytes=%d",__FUNCTION__,(int) bytes); | ||
| 71 | + | ||
| 72 | + if(bytes >= 0) | ||
| 73 | + return bytes; | ||
| 74 | + | ||
| 75 | + int rc = errno; | ||
| 76 | + | ||
| 77 | + debug("%s: %s",__FUNCTION__,strerror(rc)); | ||
| 78 | + | ||
| 79 | + switch(rc) | ||
| 80 | + { | ||
| 81 | + case EPIPE: | ||
| 82 | + lib3270_popup_dialog( | ||
| 83 | + hSession, | ||
| 84 | + LIB3270_NOTIFY_ERROR, | ||
| 85 | + NULL, | ||
| 86 | + _("Broken pipe"), | ||
| 87 | + _("The system error code was %d"), | ||
| 88 | + rc | ||
| 89 | + ); | ||
| 90 | + break; | ||
| 91 | + | ||
| 92 | + case ECONNRESET: | ||
| 93 | + lib3270_popup_dialog( | ||
| 94 | + hSession, | ||
| 95 | + LIB3270_NOTIFY_ERROR, | ||
| 96 | + NULL, | ||
| 97 | + _("Connection reset by peer"), | ||
| 98 | + _("The system error code was %d"), | ||
| 99 | + rc | ||
| 100 | + ); | ||
| 101 | + break; | ||
| 102 | + | ||
| 103 | + case EINTR: | ||
| 104 | + return 0; | ||
| 105 | + | ||
| 106 | + default: | ||
| 107 | + lib3270_popup_dialog( | ||
| 108 | + hSession, | ||
| 109 | + LIB3270_NOTIFY_ERROR, | ||
| 110 | + NULL, | ||
| 111 | + _("Unexpected error writing to network socket"), | ||
| 112 | + _("The system error code was %d (%s)"), | ||
| 113 | + rc, strerror(rc) | ||
| 114 | + ); | ||
| 115 | + | ||
| 116 | + } | ||
| 117 | + | ||
| 118 | + return -rc; | ||
| 119 | + } | ||
| 120 | + | ||
| 121 | + static ssize_t unsecure_network_recv(H3270 *hSession, void *buf, size_t len) { | ||
| 122 | + | ||
| 123 | + debug("%s",__FUNCTION__); | ||
| 124 | + | ||
| 125 | + if(hSession->network.context->sock < 0) { | ||
| 126 | + return -(errno = ENOTCONN); | ||
| 127 | + } | ||
| 128 | + | ||
| 129 | + ssize_t bytes = recv(hSession->network.context->sock, (char *) buf, len, 0); | ||
| 130 | + | ||
| 131 | + debug("%s bytes=%d",__FUNCTION__,(int) bytes); | ||
| 132 | + | ||
| 133 | + if(bytes < 0) { | ||
| 134 | + return -errno; | ||
| 135 | + } | ||
| 136 | + | ||
| 137 | + return bytes; | ||
| 138 | +} | ||
| 139 | + | ||
| 140 | +static int unsecure_network_getsockname(const H3270 *hSession, struct sockaddr *addr, socklen_t *addrlen) { | ||
| 141 | + if(hSession->network.context->sock < 0) | ||
| 142 | + return -(errno = ENOTCONN); | ||
| 143 | + return getsockname(hSession->network.context->sock, addr, addrlen); | ||
| 144 | +} | ||
| 145 | + | ||
| 146 | +static void * unsecure_network_add_poll(H3270 *hSession, LIB3270_IO_FLAG flag, void(*call)(H3270 *, int, LIB3270_IO_FLAG, void *), void *userdata) { | ||
| 147 | + return lib3270_add_poll_fd(hSession,hSession->network.context->sock,flag,call,userdata); | ||
| 148 | +} | ||
| 149 | + | ||
| 150 | +static int unsecure_network_non_blocking(H3270 *hSession, const unsigned char on) { | ||
| 151 | + | ||
| 152 | + if(hSession->network.context->sock < 0) | ||
| 153 | + return 0; | ||
| 154 | + | ||
| 155 | +#ifdef WIN32 | ||
| 156 | + | ||
| 157 | + WSASetLastError(0); | ||
| 158 | + u_long iMode= on ? 1 : 0; | ||
| 159 | + | ||
| 160 | + if(ioctlsocket(hSession->network.context->sock,FIONBIO,&iMode)) | ||
| 161 | + { | ||
| 162 | + lib3270_popup_dialog( hSession, | ||
| 163 | + LIB3270_NOTIFY_ERROR, | ||
| 164 | + _( "Connection error" ), | ||
| 165 | + _( "ioctlsocket(FIONBIO) failed." ), | ||
| 166 | + "%s", lib3270_win32_strerror(GetLastError())); | ||
| 167 | + return -1; | ||
| 168 | + } | ||
| 169 | + | ||
| 170 | +#else | ||
| 171 | + | ||
| 172 | + int f; | ||
| 173 | + | ||
| 174 | + if ((f = fcntl(hSession->network.context->sock, F_GETFL, 0)) == -1) | ||
| 175 | + { | ||
| 176 | + lib3270_popup_dialog( hSession, | ||
| 177 | + LIB3270_NOTIFY_ERROR, | ||
| 178 | + _( "Socket error" ), | ||
| 179 | + _( "fcntl() error when getting socket state." ), | ||
| 180 | + _( "%s" ), strerror(errno) | ||
| 181 | + ); | ||
| 182 | + | ||
| 183 | + return -1; | ||
| 184 | + } | ||
| 185 | + | ||
| 186 | + if (on) | ||
| 187 | + f |= O_NDELAY; | ||
| 188 | + else | ||
| 189 | + f &= ~O_NDELAY; | ||
| 190 | + | ||
| 191 | + if (fcntl(hSession->network.context->sock, F_SETFL, f) < 0) | ||
| 192 | + { | ||
| 193 | + lib3270_popup_dialog( hSession, | ||
| 194 | + LIB3270_NOTIFY_ERROR, | ||
| 195 | + _( "Socket error" ), | ||
| 196 | + on ? _( "Can't set socket to blocking mode." ) : _( "Can't set socket to non blocking mode" ), | ||
| 197 | + _( "%s" ), strerror(errno) | ||
| 198 | + ); | ||
| 199 | + return -1; | ||
| 200 | + } | ||
| 201 | + | ||
| 202 | +#endif | ||
| 203 | + | ||
| 204 | + debug("Socket %d is now %s",hSession->network.context->sock,(on ? "Non Blocking" : "Blocking")); | ||
| 205 | + | ||
| 206 | + return 0; | ||
| 207 | +} | ||
| 208 | + | ||
| 209 | +static int unsecure_network_is_connected(const H3270 *hSession) { | ||
| 210 | + return hSession->network.context->sock > 0; | ||
| 211 | +} | ||
| 212 | + | ||
| 213 | +static int unsecure_network_setsockopt(H3270 *hSession, int level, int optname, const void *optval, size_t optlen) { | ||
| 214 | + | ||
| 215 | + if(hSession->network.context->sock < 0) { | ||
| 216 | + errno = ENOTCONN; | ||
| 217 | + return -1; | ||
| 218 | + } | ||
| 219 | + | ||
| 220 | + return setsockopt(hSession->network.context->sock, level, optname, optval, optlen); | ||
| 221 | + | ||
| 222 | +} | ||
| 223 | + | ||
| 224 | +static int unsecure_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) { | ||
| 225 | + | ||
| 226 | + if(hSession->network.context->sock < 0) { | ||
| 227 | + errno = ENOTCONN; | ||
| 228 | + return -1; | ||
| 229 | + } | ||
| 230 | + | ||
| 231 | + return getsockopt(hSession->network.context->sock, level, optname, optval, optlen); | ||
| 232 | +} | ||
| 233 | + | ||
| 234 | +static int unsecure_network_init(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE GNUC_UNUSED(*state)) { | ||
| 235 | + return 0; | ||
| 236 | +} | ||
| 237 | + | ||
| 238 | +static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 239 | + | ||
| 240 | + hSession->network.context->sock = lib3270_network_connect(hSession, state); | ||
| 241 | + if(hSession->network.context->sock < 0) | ||
| 242 | + return hSession->network.context->sock; | ||
| 243 | + | ||
| 244 | + return 0; | ||
| 245 | +} | ||
| 246 | + | ||
| 247 | +static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) { | ||
| 248 | + | ||
| 249 | + if(hSession->ssl.host) { | ||
| 250 | + | ||
| 251 | + // TODO: Replace network module with the openssl version, initialize and execute start_tls on it. | ||
| 252 | + | ||
| 253 | + static const LIB3270_POPUP popup = { | ||
| 254 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 255 | + .summary = N_("Can't activate SSL/TLS"), | ||
| 256 | + .body = N_("The protocol library was build without SSL/TLS support") | ||
| 257 | + }; | ||
| 258 | + | ||
| 259 | + msg->popup = &popup; | ||
| 260 | + | ||
| 261 | + return ENOTSUP; | ||
| 262 | + | ||
| 263 | + } | ||
| 264 | + | ||
| 265 | + return 0; | ||
| 266 | +} | ||
| 267 | + | ||
| 268 | +void lib3270_set_default_network_module(H3270 *hSession) { | ||
| 269 | + | ||
| 270 | + static const LIB3270_NET_MODULE module = { | ||
| 271 | + .name = "tn3270", | ||
| 272 | + .service = "tn3270", | ||
| 273 | + .init = unsecure_network_init, | ||
| 274 | + .finalize = unsecure_network_finalize, | ||
| 275 | + .connect = unsecure_network_connect, | ||
| 276 | + .disconnect = unsecure_network_disconnect, | ||
| 277 | + .start_tls = unsecure_network_start_tls, | ||
| 278 | + .send = unsecure_network_send, | ||
| 279 | + .recv = unsecure_network_recv, | ||
| 280 | + .add_poll = unsecure_network_add_poll, | ||
| 281 | + .non_blocking = unsecure_network_non_blocking, | ||
| 282 | + .is_connected = unsecure_network_is_connected, | ||
| 283 | + .getsockname = unsecure_network_getsockname, | ||
| 284 | + .setsockopt = unsecure_network_setsockopt, | ||
| 285 | + .getsockopt = unsecure_network_getsockopt | ||
| 286 | + }; | ||
| 287 | + | ||
| 288 | + debug("%s",__FUNCTION__); | ||
| 289 | + | ||
| 290 | + if(hSession->network.context) { | ||
| 291 | + // Has context, finalize it. | ||
| 292 | + hSession->network.module->finalize(hSession); | ||
| 293 | + } | ||
| 294 | + | ||
| 295 | + hSession->ssl.host = 0; | ||
| 296 | + hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT)); | ||
| 297 | + memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT)); | ||
| 298 | + hSession->network.context->sock = -1; | ||
| 299 | + | ||
| 300 | + hSession->network.module = &module; | ||
| 301 | + | ||
| 302 | +} | ||
| 303 | + |
| @@ -0,0 +1,44 @@ | @@ -0,0 +1,44 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como private.h e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | +#ifndef LIB3270_DEFAULT_MODULE_PRIVATE_H_INCLUDED | ||
| 31 | + | ||
| 32 | + #define LIB3270_DEFAULT_MODULE_PRIVATE_H_INCLUDED | ||
| 33 | + | ||
| 34 | + #include <config.h> | ||
| 35 | + #include <lib3270.h> | ||
| 36 | + #include <lib3270/log.h> | ||
| 37 | + #include <internals.h> | ||
| 38 | + | ||
| 39 | + struct _lib3270_net_context { | ||
| 40 | + int sock; | ||
| 41 | + }; | ||
| 42 | + | ||
| 43 | + | ||
| 44 | +#endif // !LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED |
src/network_modules/linux/connect.c
| @@ -1,118 +0,0 @@ | @@ -1,118 +0,0 @@ | ||
| 1 | -/* | ||
| 2 | - * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | - * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | - * | ||
| 6 | - * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | - * | ||
| 8 | - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | - * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | - * Free Software Foundation. | ||
| 11 | - * | ||
| 12 | - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | - * obter mais detalhes. | ||
| 16 | - * | ||
| 17 | - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | - * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | - * | ||
| 21 | - * Este programa está nomeado como networking.h e possui - linhas de código. | ||
| 22 | - * | ||
| 23 | - * Contatos: | ||
| 24 | - * | ||
| 25 | - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | - * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | - * | ||
| 28 | - */ | ||
| 29 | - | ||
| 30 | - /** | ||
| 31 | - * @brief Default networking methods. | ||
| 32 | - * | ||
| 33 | - */ | ||
| 34 | - | ||
| 35 | - #include <config.h> | ||
| 36 | - #include <internals.h> | ||
| 37 | - #include <networking.h> | ||
| 38 | - #include <screen.h> | ||
| 39 | - #include <unistd.h> | ||
| 40 | - #include <fcntl.h> | ||
| 41 | - | ||
| 42 | - #include <sys/types.h> | ||
| 43 | - #include <sys/socket.h> | ||
| 44 | - #include <netdb.h> | ||
| 45 | - | ||
| 46 | -int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 47 | - | ||
| 48 | - // | ||
| 49 | - // Resolve hostname | ||
| 50 | - // | ||
| 51 | - struct addrinfo hints; | ||
| 52 | - struct addrinfo * result = NULL; | ||
| 53 | - memset(&hints,0,sizeof(hints)); | ||
| 54 | - hints.ai_family = AF_UNSPEC; // Allow IPv4 or IPv6 | ||
| 55 | - hints.ai_socktype = SOCK_STREAM; // Stream socket | ||
| 56 | - hints.ai_flags = AI_PASSIVE; // For wildcard IP address | ||
| 57 | - hints.ai_protocol = 0; // Any protocol | ||
| 58 | - | ||
| 59 | - status_resolving(hSession); | ||
| 60 | - | ||
| 61 | - int rc = getaddrinfo(hSession->host.current, hSession->host.srvc, &hints, &result); | ||
| 62 | - if(rc) | ||
| 63 | - { | ||
| 64 | - state->error_message = gai_strerror(rc); | ||
| 65 | - return -1; | ||
| 66 | - } | ||
| 67 | - | ||
| 68 | - // | ||
| 69 | - // Try connecting to hosts. | ||
| 70 | - // | ||
| 71 | - int sock = -1; | ||
| 72 | - struct addrinfo * rp = NULL; | ||
| 73 | - | ||
| 74 | - status_connecting(hSession); | ||
| 75 | - | ||
| 76 | - for(rp = result; sock < 0 && rp != NULL; rp = rp->ai_next) | ||
| 77 | - { | ||
| 78 | - // Got socket from host definition. | ||
| 79 | - sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); | ||
| 80 | - if(sock < 0) | ||
| 81 | - { | ||
| 82 | - // Can't get socket. | ||
| 83 | - state->syserror = errno; | ||
| 84 | - continue; | ||
| 85 | - } | ||
| 86 | - | ||
| 87 | - // Try connect. | ||
| 88 | - if(connect(sock, rp->ai_addr, rp->ai_addrlen)) | ||
| 89 | - { | ||
| 90 | - // Can't connect to host | ||
| 91 | - state->syserror = errno; | ||
| 92 | - close(sock); | ||
| 93 | - sock = -1; | ||
| 94 | - continue; | ||
| 95 | - } | ||
| 96 | - | ||
| 97 | - } | ||
| 98 | - | ||
| 99 | - freeaddrinfo(result); | ||
| 100 | - | ||
| 101 | - if(sock < 0) | ||
| 102 | - { | ||
| 103 | - static const LIB3270_POPUP popup = { | ||
| 104 | - .name = "CantConnect", | ||
| 105 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 106 | - .summary = N_("Can't connect to host"), | ||
| 107 | - .label = N_("Try again") | ||
| 108 | - }; | ||
| 109 | - | ||
| 110 | - state->popup = &popup; | ||
| 111 | - return sock; | ||
| 112 | - } | ||
| 113 | - | ||
| 114 | - // don't share the socket with our children | ||
| 115 | - (void) fcntl(sock, F_SETFD, 1); | ||
| 116 | - | ||
| 117 | - return sock; | ||
| 118 | -} |
src/network_modules/openssl.c
| @@ -1,277 +0,0 @@ | @@ -1,277 +0,0 @@ | ||
| 1 | -/* | ||
| 2 | - * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | - * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | - * | ||
| 6 | - * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | - * | ||
| 8 | - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | - * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | - * Free Software Foundation. | ||
| 11 | - * | ||
| 12 | - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | - * obter mais detalhes. | ||
| 16 | - * | ||
| 17 | - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | - * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | - * | ||
| 21 | - * Este programa está nomeado como openssl.c e possui - linhas de código. | ||
| 22 | - * | ||
| 23 | - * Contatos: | ||
| 24 | - * | ||
| 25 | - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | - * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | - * | ||
| 28 | - */ | ||
| 29 | - | ||
| 30 | - /** | ||
| 31 | - * @brief OpenSSL based networking methods. | ||
| 32 | - * | ||
| 33 | - */ | ||
| 34 | - | ||
| 35 | - #include "private.h" | ||
| 36 | - | ||
| 37 | - #include <sys/types.h> | ||
| 38 | - #include <sys/socket.h> | ||
| 39 | - #include <netdb.h> | ||
| 40 | - #include <openssl/ssl.h> | ||
| 41 | - #include <openssl/x509.h> | ||
| 42 | - | ||
| 43 | - struct _lib3270_net_context { | ||
| 44 | - | ||
| 45 | - int sock; ///< @brief Session socket. | ||
| 46 | - | ||
| 47 | - SSL * con; ///< @brief SSL Connection handle. | ||
| 48 | - | ||
| 49 | - struct { | ||
| 50 | - char download; ///< @brief Non zero to download CRL. | ||
| 51 | - char * prefer; ///< @brief Prefered protocol for CRL. | ||
| 52 | - char * url; ///< @brief URL for CRL download. | ||
| 53 | - X509_CRL * cert; ///< @brief Loaded CRL (can be null). | ||
| 54 | - } crl; | ||
| 55 | - | ||
| 56 | - }; | ||
| 57 | - | ||
| 58 | -static void crl_free(LIB3270_NET_CONTEXT *context) { | ||
| 59 | - if(context->crl.cert) { | ||
| 60 | - X509_CRL_free(context->crl.cert); | ||
| 61 | - context->crl.cert = NULL; | ||
| 62 | - } | ||
| 63 | -} | ||
| 64 | - | ||
| 65 | -static void openssl_network_finalize(H3270 *hSession) { | ||
| 66 | - | ||
| 67 | - debug("%s",__FUNCTION__); | ||
| 68 | - | ||
| 69 | - | ||
| 70 | - if(hSession->network.context) { | ||
| 71 | - | ||
| 72 | - // Cleanupp | ||
| 73 | - LIB3270_NET_CONTEXT *context = hSession->network.context; | ||
| 74 | - | ||
| 75 | - crl_free(context); | ||
| 76 | - | ||
| 77 | - // Release network context. | ||
| 78 | - lib3270_free(hSession->network.context); | ||
| 79 | - hSession->network.context = NULL; | ||
| 80 | - } | ||
| 81 | - | ||
| 82 | -} | ||
| 83 | - | ||
| 84 | -static int openssl_network_disconnect(H3270 *hSession) { | ||
| 85 | - | ||
| 86 | - | ||
| 87 | -} | ||
| 88 | - | ||
| 89 | -ssize_t openssl_network_send(H3270 *hSession, const void *buffer, size_t length) { | ||
| 90 | - | ||
| 91 | -} | ||
| 92 | - | ||
| 93 | -static ssize_t openssl_network_recv(H3270 *hSession, void *buf, size_t len) { | ||
| 94 | - | ||
| 95 | -} | ||
| 96 | - | ||
| 97 | -static int openssl_network_getsockname(const H3270 *hSession, struct sockaddr *addr, socklen_t *addrlen) { | ||
| 98 | - | ||
| 99 | -} | ||
| 100 | - | ||
| 101 | -static void * openssl_network_add_poll(H3270 *hSession, LIB3270_IO_FLAG flag, void(*call)(H3270 *, int, LIB3270_IO_FLAG, void *), void *userdata) { | ||
| 102 | - | ||
| 103 | -} | ||
| 104 | - | ||
| 105 | -static int openssl_network_non_blocking(H3270 *hSession, const unsigned char on) { | ||
| 106 | - | ||
| 107 | -} | ||
| 108 | - | ||
| 109 | -static int openssl_network_is_connected(H3270 *hSession) { | ||
| 110 | - | ||
| 111 | -} | ||
| 112 | - | ||
| 113 | -static int openssl_network_setsockopt(H3270 *hSession, int level, int optname, const void *optval, size_t optlen) { | ||
| 114 | - | ||
| 115 | -} | ||
| 116 | - | ||
| 117 | -static int openssl_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) { | ||
| 118 | -} | ||
| 119 | - | ||
| 120 | -static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 121 | - | ||
| 122 | - set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); | ||
| 123 | - | ||
| 124 | - SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); | ||
| 125 | - if(!ctx_context) | ||
| 126 | - return -1; | ||
| 127 | - | ||
| 128 | - // | ||
| 129 | - // Prepare for connection | ||
| 130 | - // | ||
| 131 | - LIB3270_NET_CONTEXT *context = hSession->network.context; | ||
| 132 | - | ||
| 133 | - if(context->crl.cert) { | ||
| 134 | - | ||
| 135 | - // Release CRL if expired. | ||
| 136 | - // https://stackoverflow.com/questions/23407376/testing-x509-certificate-expiry-date-with-c | ||
| 137 | - // X509_CRL_get_nextUpdate is deprecated in openssl 1.1.0 | ||
| 138 | - | ||
| 139 | - #if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
| 140 | - const ASN1_TIME * next_update = X509_CRL_get_nextUpdate(context->crl.cert); | ||
| 141 | - #else | ||
| 142 | - const ASN1_TIME * next_update = X509_CRL_get0_nextUpdate(context->crl.cert); | ||
| 143 | - #endif | ||
| 144 | - | ||
| 145 | - if(X509_cmp_current_time(next_update) == 1) | ||
| 146 | - { | ||
| 147 | - int day, sec; | ||
| 148 | - if(ASN1_TIME_diff(&day, &sec, NULL, next_update)) | ||
| 149 | - { | ||
| 150 | - trace_ssl(hSession,"CRL is valid for %d day(s) and %d second(s)\n",day,sec); | ||
| 151 | - } | ||
| 152 | - else | ||
| 153 | - { | ||
| 154 | - trace_ssl(hSession,"Can't get CRL next update, discarding it\n"); | ||
| 155 | - crl_free(context); | ||
| 156 | - } | ||
| 157 | - | ||
| 158 | - } | ||
| 159 | - else | ||
| 160 | - { | ||
| 161 | - trace_ssl(hSession,"CRL is no longer valid\n"); | ||
| 162 | - crl_free(context); | ||
| 163 | - } | ||
| 164 | - | ||
| 165 | - } | ||
| 166 | - | ||
| 167 | - // | ||
| 168 | - // Enable SSL & Connect to host. | ||
| 169 | - // | ||
| 170 | - hSession->ssl.host = 1; | ||
| 171 | - context->sock = lib3270_network_connect(hSession, state); | ||
| 172 | - | ||
| 173 | - return (context->sock < 0 ? -1 : 0); | ||
| 174 | - | ||
| 175 | -} | ||
| 176 | - | ||
| 177 | -static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 178 | - | ||
| 179 | - SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); | ||
| 180 | - if(!ctx_context) | ||
| 181 | - return -1; | ||
| 182 | - | ||
| 183 | - LIB3270_NET_CONTEXT * context = hSession->network.context; | ||
| 184 | - | ||
| 185 | - debug("%s",__FUNCTION__); | ||
| 186 | - | ||
| 187 | - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | ||
| 188 | - context->con = SSL_new(ctx_context); | ||
| 189 | - if(context->con == NULL) | ||
| 190 | - { | ||
| 191 | - static const LIB3270_POPUP popup = { | ||
| 192 | - .type = LIB3270_NOTIFY_SECURE, | ||
| 193 | - .summary = N_( "Cant create a new SSL structure for current connection." ) | ||
| 194 | - }; | ||
| 195 | - | ||
| 196 | - state->popup = &popup; | ||
| 197 | - return -1; | ||
| 198 | - } | ||
| 199 | - | ||
| 200 | - SSL_set_ex_data(context->con,lib3270_openssl_get_ex_index(hSession),(char *) hSession); | ||
| 201 | -// SSL_set_verify(context->con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); | ||
| 202 | - SSL_set_verify(context->con, 0, NULL); | ||
| 203 | - | ||
| 204 | - if(SSL_set_fd(context->con, context->sock) != 1) | ||
| 205 | - { | ||
| 206 | - trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | ||
| 207 | - | ||
| 208 | - static const LIB3270_POPUP popup = { | ||
| 209 | - .summary = N_( "SSL negotiation failed" ), | ||
| 210 | - .body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." ) | ||
| 211 | - }; | ||
| 212 | - | ||
| 213 | - state->popup = &popup; | ||
| 214 | - return -1; | ||
| 215 | - | ||
| 216 | - } | ||
| 217 | - | ||
| 218 | - trace_ssl(hSession, "%s","Running SSL_connect\n"); | ||
| 219 | - int rv = SSL_connect(context->con); | ||
| 220 | - trace_ssl(hSession, "SSL_connect exits with rc=%d\n",rv); | ||
| 221 | - | ||
| 222 | - if (rv != 1) | ||
| 223 | - { | ||
| 224 | - int code = SSL_get_error(context->con,rv); | ||
| 225 | - | ||
| 226 | - if(code == SSL_ERROR_SYSCALL && hSession->ssl.error) | ||
| 227 | - code = hSession->ssl.error; | ||
| 228 | - | ||
| 229 | - state->error_message = ERR_lib_error_string(code); | ||
| 230 | - | ||
| 231 | - trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code)); | ||
| 232 | - | ||
| 233 | - static const LIB3270_POPUP popup = { | ||
| 234 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 235 | - .summary = N_( "SSL Connect failed" ), | ||
| 236 | - }; | ||
| 237 | - | ||
| 238 | - state->popup = &popup; | ||
| 239 | - return -1; | ||
| 240 | - | ||
| 241 | - } | ||
| 242 | - | ||
| 243 | - return 0; | ||
| 244 | -} | ||
| 245 | - | ||
| 246 | -void lib3270_set_openssl_network_module(H3270 *hSession) { | ||
| 247 | - | ||
| 248 | - static const LIB3270_NET_MODULE module = { | ||
| 249 | - .finalize = openssl_network_finalize, | ||
| 250 | - .connect = openssl_network_connect, | ||
| 251 | - .disconnect = openssl_network_disconnect, | ||
| 252 | - .start_tls = openssl_network_start_tls, | ||
| 253 | - .send = openssl_network_send, | ||
| 254 | - .recv = openssl_network_recv, | ||
| 255 | - .add_poll = openssl_network_add_poll, | ||
| 256 | - .non_blocking = openssl_network_non_blocking, | ||
| 257 | - .is_connected = openssl_network_is_connected, | ||
| 258 | - .getsockname = openssl_network_getsockname, | ||
| 259 | - .setsockopt = openssl_network_setsockopt, | ||
| 260 | - .getsockopt = openssl_network_getsockopt | ||
| 261 | - }; | ||
| 262 | - | ||
| 263 | - debug("%s",__FUNCTION__); | ||
| 264 | - | ||
| 265 | - if(hSession->network.context) { | ||
| 266 | - // Has context, finalize it. | ||
| 267 | - hSession->network.module->finalize(hSession); | ||
| 268 | - } | ||
| 269 | - | ||
| 270 | - hSession->ssl.host = 1; | ||
| 271 | - hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT)); | ||
| 272 | - memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT)); | ||
| 273 | - | ||
| 274 | - | ||
| 275 | - | ||
| 276 | - hSession->network.module = &module; | ||
| 277 | -} |
| @@ -0,0 +1,260 @@ | @@ -0,0 +1,260 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como openssl.c e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | + /** | ||
| 31 | + * @brief OpenSSL based networking methods. | ||
| 32 | + * | ||
| 33 | + */ | ||
| 34 | + | ||
| 35 | + #include "private.h" | ||
| 36 | + | ||
| 37 | + | ||
| 38 | +static void crl_free(LIB3270_NET_CONTEXT *context) { | ||
| 39 | + if(context->crl.cert) { | ||
| 40 | + X509_CRL_free(context->crl.cert); | ||
| 41 | + context->crl.cert = NULL; | ||
| 42 | + } | ||
| 43 | +} | ||
| 44 | + | ||
| 45 | +static void openssl_network_finalize(H3270 *hSession) { | ||
| 46 | + | ||
| 47 | + debug("%s",__FUNCTION__); | ||
| 48 | + | ||
| 49 | + | ||
| 50 | + if(hSession->network.context) { | ||
| 51 | + | ||
| 52 | + // Cleanupp | ||
| 53 | + LIB3270_NET_CONTEXT *context = hSession->network.context; | ||
| 54 | + | ||
| 55 | + crl_free(context); | ||
| 56 | + | ||
| 57 | + // Release network context. | ||
| 58 | + lib3270_free(hSession->network.context); | ||
| 59 | + hSession->network.context = NULL; | ||
| 60 | + } | ||
| 61 | + | ||
| 62 | +} | ||
| 63 | + | ||
| 64 | +static int openssl_network_disconnect(H3270 *hSession) { | ||
| 65 | + | ||
| 66 | + | ||
| 67 | +} | ||
| 68 | + | ||
| 69 | +ssize_t openssl_network_send(H3270 *hSession, const void *buffer, size_t length) { | ||
| 70 | + | ||
| 71 | +} | ||
| 72 | + | ||
| 73 | +static ssize_t openssl_network_recv(H3270 *hSession, void *buf, size_t len) { | ||
| 74 | + | ||
| 75 | +} | ||
| 76 | + | ||
| 77 | +static int openssl_network_getsockname(const H3270 *hSession, struct sockaddr *addr, socklen_t *addrlen) { | ||
| 78 | + | ||
| 79 | +} | ||
| 80 | + | ||
| 81 | +static void * openssl_network_add_poll(H3270 *hSession, LIB3270_IO_FLAG flag, void(*call)(H3270 *, int, LIB3270_IO_FLAG, void *), void *userdata) { | ||
| 82 | + | ||
| 83 | +} | ||
| 84 | + | ||
| 85 | +static int openssl_network_non_blocking(H3270 *hSession, const unsigned char on) { | ||
| 86 | + | ||
| 87 | +} | ||
| 88 | + | ||
| 89 | +static int openssl_network_is_connected(H3270 *hSession) { | ||
| 90 | + | ||
| 91 | +} | ||
| 92 | + | ||
| 93 | +static int openssl_network_setsockopt(H3270 *hSession, int level, int optname, const void *optval, size_t optlen) { | ||
| 94 | + | ||
| 95 | +} | ||
| 96 | + | ||
| 97 | +static int openssl_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) { | ||
| 98 | +} | ||
| 99 | + | ||
| 100 | +static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 101 | + | ||
| 102 | + set_ssl_state(hSession,LIB3270_SSL_UNDEFINED); | ||
| 103 | + | ||
| 104 | + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); | ||
| 105 | + if(!ctx_context) | ||
| 106 | + return -1; | ||
| 107 | + | ||
| 108 | + // | ||
| 109 | + // Prepare for connection | ||
| 110 | + // | ||
| 111 | + LIB3270_NET_CONTEXT *context = hSession->network.context; | ||
| 112 | + | ||
| 113 | + if(context->crl.cert) { | ||
| 114 | + | ||
| 115 | + // Release CRL if expired. | ||
| 116 | + // https://stackoverflow.com/questions/23407376/testing-x509-certificate-expiry-date-with-c | ||
| 117 | + // X509_CRL_get_nextUpdate is deprecated in openssl 1.1.0 | ||
| 118 | + | ||
| 119 | + #if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
| 120 | + const ASN1_TIME * next_update = X509_CRL_get_nextUpdate(context->crl.cert); | ||
| 121 | + #else | ||
| 122 | + const ASN1_TIME * next_update = X509_CRL_get0_nextUpdate(context->crl.cert); | ||
| 123 | + #endif | ||
| 124 | + | ||
| 125 | + if(X509_cmp_current_time(next_update) == 1) | ||
| 126 | + { | ||
| 127 | + int day, sec; | ||
| 128 | + if(ASN1_TIME_diff(&day, &sec, NULL, next_update)) | ||
| 129 | + { | ||
| 130 | + trace_ssl(hSession,"CRL is valid for %d day(s) and %d second(s)\n",day,sec); | ||
| 131 | + } | ||
| 132 | + else | ||
| 133 | + { | ||
| 134 | + trace_ssl(hSession,"Can't get CRL next update, discarding it\n"); | ||
| 135 | + crl_free(context); | ||
| 136 | + } | ||
| 137 | + | ||
| 138 | + } | ||
| 139 | + else | ||
| 140 | + { | ||
| 141 | + trace_ssl(hSession,"CRL is no longer valid\n"); | ||
| 142 | + crl_free(context); | ||
| 143 | + } | ||
| 144 | + | ||
| 145 | + } | ||
| 146 | + | ||
| 147 | + // | ||
| 148 | + // Enable SSL & Connect to host. | ||
| 149 | + // | ||
| 150 | + hSession->ssl.host = 1; | ||
| 151 | + context->sock = lib3270_network_connect(hSession, state); | ||
| 152 | + | ||
| 153 | + return (context->sock < 0 ? -1 : 0); | ||
| 154 | + | ||
| 155 | +} | ||
| 156 | + | ||
| 157 | +static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 158 | + | ||
| 159 | + SSL_CTX * ctx_context = (SSL_CTX *) lib3270_openssl_get_context(state,state); | ||
| 160 | + if(!ctx_context) | ||
| 161 | + return -1; | ||
| 162 | + | ||
| 163 | + LIB3270_NET_CONTEXT * context = hSession->network.context; | ||
| 164 | + | ||
| 165 | + debug("%s",__FUNCTION__); | ||
| 166 | + | ||
| 167 | + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | ||
| 168 | + context->con = SSL_new(ctx_context); | ||
| 169 | + if(context->con == NULL) | ||
| 170 | + { | ||
| 171 | + static const LIB3270_POPUP popup = { | ||
| 172 | + .type = LIB3270_NOTIFY_SECURE, | ||
| 173 | + .summary = N_( "Cant create a new SSL structure for current connection." ) | ||
| 174 | + }; | ||
| 175 | + | ||
| 176 | + state->popup = &popup; | ||
| 177 | + return -1; | ||
| 178 | + } | ||
| 179 | + | ||
| 180 | + SSL_set_ex_data(context->con,lib3270_openssl_get_ex_index(hSession),(char *) hSession); | ||
| 181 | +// SSL_set_verify(context->con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); | ||
| 182 | + SSL_set_verify(context->con, 0, NULL); | ||
| 183 | + | ||
| 184 | + if(SSL_set_fd(context->con, context->sock) != 1) | ||
| 185 | + { | ||
| 186 | + trace_ssl(hSession,"%s","SSL_set_fd failed!\n"); | ||
| 187 | + | ||
| 188 | + static const LIB3270_POPUP popup = { | ||
| 189 | + .summary = N_( "SSL negotiation failed" ), | ||
| 190 | + .body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." ) | ||
| 191 | + }; | ||
| 192 | + | ||
| 193 | + state->popup = &popup; | ||
| 194 | + return -1; | ||
| 195 | + | ||
| 196 | + } | ||
| 197 | + | ||
| 198 | + trace_ssl(hSession, "%s","Running SSL_connect\n"); | ||
| 199 | + int rv = SSL_connect(context->con); | ||
| 200 | + trace_ssl(hSession, "SSL_connect exits with rc=%d\n",rv); | ||
| 201 | + | ||
| 202 | + if (rv != 1) | ||
| 203 | + { | ||
| 204 | + int code = SSL_get_error(context->con,rv); | ||
| 205 | + | ||
| 206 | + if(code == SSL_ERROR_SYSCALL && hSession->ssl.error) | ||
| 207 | + code = hSession->ssl.error; | ||
| 208 | + | ||
| 209 | + state->error_message = ERR_lib_error_string(code); | ||
| 210 | + | ||
| 211 | + trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code)); | ||
| 212 | + | ||
| 213 | + static const LIB3270_POPUP popup = { | ||
| 214 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 215 | + .summary = N_( "SSL Connect failed" ), | ||
| 216 | + }; | ||
| 217 | + | ||
| 218 | + state->popup = &popup; | ||
| 219 | + return -1; | ||
| 220 | + | ||
| 221 | + } | ||
| 222 | + | ||
| 223 | + return 0; | ||
| 224 | +} | ||
| 225 | + | ||
| 226 | +void lib3270_set_openssl_network_module(H3270 *hSession) { | ||
| 227 | + | ||
| 228 | + static const LIB3270_NET_MODULE module = { | ||
| 229 | + .name = "tn3270s", | ||
| 230 | + .service = "tn3270s", | ||
| 231 | + .init = openssl_network_init, | ||
| 232 | + .finalize = openssl_network_finalize, | ||
| 233 | + .connect = openssl_network_connect, | ||
| 234 | + .disconnect = openssl_network_disconnect, | ||
| 235 | + .start_tls = openssl_network_start_tls, | ||
| 236 | + .send = openssl_network_send, | ||
| 237 | + .recv = openssl_network_recv, | ||
| 238 | + .add_poll = openssl_network_add_poll, | ||
| 239 | + .non_blocking = openssl_network_non_blocking, | ||
| 240 | + .is_connected = openssl_network_is_connected, | ||
| 241 | + .getsockname = openssl_network_getsockname, | ||
| 242 | + .setsockopt = openssl_network_setsockopt, | ||
| 243 | + .getsockopt = openssl_network_getsockopt | ||
| 244 | + }; | ||
| 245 | + | ||
| 246 | + debug("%s",__FUNCTION__); | ||
| 247 | + | ||
| 248 | + if(hSession->network.context) { | ||
| 249 | + // Has context, finalize it. | ||
| 250 | + hSession->network.module->finalize(hSession); | ||
| 251 | + } | ||
| 252 | + | ||
| 253 | + hSession->ssl.host = 1; | ||
| 254 | + hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT)); | ||
| 255 | + memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT)); | ||
| 256 | + | ||
| 257 | + | ||
| 258 | + | ||
| 259 | + hSession->network.module = &module; | ||
| 260 | +} |
| @@ -0,0 +1,69 @@ | @@ -0,0 +1,69 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como private.h e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | +#ifndef LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED | ||
| 31 | + | ||
| 32 | + #define LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED | ||
| 33 | + | ||
| 34 | + #include <config.h> | ||
| 35 | + | ||
| 36 | + #ifdef _WIN32 | ||
| 37 | + #include <winsock.h> | ||
| 38 | + #include <windows.h> | ||
| 39 | + #else | ||
| 40 | + #include <unistd.h> | ||
| 41 | + #include <fcntl.h> | ||
| 42 | + #endif // _WIN32 | ||
| 43 | + | ||
| 44 | + #include <lib3270.h> | ||
| 45 | + #include <lib3270/log.h> | ||
| 46 | + #include <internals.h> | ||
| 47 | + | ||
| 48 | + #include <openssl/ssl.h> | ||
| 49 | + #include <openssl/x509.h> | ||
| 50 | + | ||
| 51 | + struct _lib3270_net_context { | ||
| 52 | + | ||
| 53 | + int sock; ///< @brief Session socket. | ||
| 54 | + | ||
| 55 | + SSL * con; ///< @brief SSL Connection handle. | ||
| 56 | + | ||
| 57 | + struct { | ||
| 58 | + char download; ///< @brief Non zero to download CRL. | ||
| 59 | + char * prefer; ///< @brief Prefered protocol for CRL. | ||
| 60 | + char * url; ///< @brief URL for CRL download. | ||
| 61 | + X509_CRL * cert; ///< @brief Loaded CRL (can be null). | ||
| 62 | + } crl; | ||
| 63 | + | ||
| 64 | + }; | ||
| 65 | + | ||
| 66 | + LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state); | ||
| 67 | + LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession); | ||
| 68 | + | ||
| 69 | +#endif // !LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED |
| @@ -0,0 +1,396 @@ | @@ -0,0 +1,396 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como - e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | +#include <config.h> | ||
| 31 | +#include <lib3270.h> | ||
| 32 | +#include <lib3270/log.h> | ||
| 33 | +#include <lib3270/trace.h> | ||
| 34 | + | ||
| 35 | +#include <openssl/ssl.h> | ||
| 36 | +#include <openssl/err.h> | ||
| 37 | + | ||
| 38 | +/*--[ Implement ]------------------------------------------------------------------------------------*/ | ||
| 39 | + | ||
| 40 | +static const struct ssl_status_msg status_msg[] = | ||
| 41 | +{ | ||
| 42 | + // http://www.openssl.org/docs/apps/verify.html | ||
| 43 | + { | ||
| 44 | + .id = X509_V_OK, | ||
| 45 | + .type = LIB3270_NOTIFY_SECURE, | ||
| 46 | + .iconName = "security-high", | ||
| 47 | + .summary = N_( "Secure connection was successful." ), | ||
| 48 | + .body = N_( "The connection is secure and the host identity was confirmed." ) | ||
| 49 | + }, | ||
| 50 | + | ||
| 51 | + { | ||
| 52 | + .id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, | ||
| 53 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 54 | + .iconName = "dialog-error", | ||
| 55 | + .summary = N_( "Unable to get issuer certificate" ), | ||
| 56 | + .body = N_( "The issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete." ) | ||
| 57 | + }, | ||
| 58 | + | ||
| 59 | + { | ||
| 60 | + .id = X509_V_ERR_UNABLE_TO_GET_CRL, | ||
| 61 | + .name = "X509_V_ERR_UNABLE_TO_GET_CRL", | ||
| 62 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 63 | + .iconName = "dialog-error", | ||
| 64 | + .summary = N_( "Unable to get certificate CRL." ), | ||
| 65 | + .body = N_( "The Certificate revocation list (CRL) of a certificate could not be found." ) | ||
| 66 | + }, | ||
| 67 | + | ||
| 68 | + { | ||
| 69 | + .id = X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, | ||
| 70 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 71 | + .iconName = "dialog-error", | ||
| 72 | + .summary = N_( "Unable to decrypt certificate's signature" ), | ||
| 73 | + .body = N_( "The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys." ) | ||
| 74 | + }, | ||
| 75 | + | ||
| 76 | + { | ||
| 77 | + .id = X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, | ||
| 78 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 79 | + .iconName = "dialog-error", | ||
| 80 | + .summary = N_( "Unable to decrypt CRL's signature" ), | ||
| 81 | + .body = N_( "The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused." ) | ||
| 82 | + }, | ||
| 83 | + | ||
| 84 | + { | ||
| 85 | + .id = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, | ||
| 86 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 87 | + .iconName = "dialog-error", | ||
| 88 | + .summary = N_( "Unable to decode issuer public key" ), | ||
| 89 | + .body = N_( "The public key in the certificate SubjectPublicKeyInfo could not be read." ) | ||
| 90 | + }, | ||
| 91 | + | ||
| 92 | + { | ||
| 93 | + .id = X509_V_ERR_CERT_SIGNATURE_FAILURE, | ||
| 94 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 95 | + .iconName = "dialog-error", | ||
| 96 | + .summary = N_( "Certificate signature failure" ), | ||
| 97 | + .body = N_( "The signature of the certificate is invalid." ) | ||
| 98 | + }, | ||
| 99 | + | ||
| 100 | + { | ||
| 101 | + .id = X509_V_ERR_CRL_SIGNATURE_FAILURE, | ||
| 102 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 103 | + .iconName = "dialog-error", | ||
| 104 | + .summary = N_( "CRL signature failure" ), | ||
| 105 | + .body = N_( "The signature of the certificate is invalid." ) | ||
| 106 | + }, | ||
| 107 | + | ||
| 108 | + { | ||
| 109 | + .id = X509_V_ERR_CERT_NOT_YET_VALID, | ||
| 110 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 111 | + .iconName = "dialog-warning", | ||
| 112 | + .summary = N_( "Certificate is not yet valid" ), | ||
| 113 | + .body = N_( "The certificate is not yet valid: the notBefore date is after the current time." ) | ||
| 114 | + }, | ||
| 115 | + | ||
| 116 | + { | ||
| 117 | + .id = X509_V_ERR_CERT_HAS_EXPIRED, | ||
| 118 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 119 | + .iconName = "dialog-error", | ||
| 120 | + .summary = N_( "Certificate has expired" ), | ||
| 121 | + .body = N_( "The certificate has expired: that is the notAfter date is before the current time." ) | ||
| 122 | + }, | ||
| 123 | + | ||
| 124 | + { | ||
| 125 | + .id = X509_V_ERR_CRL_NOT_YET_VALID, | ||
| 126 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 127 | + .iconName = "dialog-error", | ||
| 128 | + .summary = N_( "The CRL is not yet valid." ), | ||
| 129 | + .body = N_( "The Certificate revocation list (CRL) is not yet valid." ) | ||
| 130 | + }, | ||
| 131 | + | ||
| 132 | + { | ||
| 133 | + .id = X509_V_ERR_CRL_HAS_EXPIRED, | ||
| 134 | +#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK | ||
| 135 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 136 | +#else | ||
| 137 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 138 | +#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK | ||
| 139 | + .iconName = "security-medium", | ||
| 140 | + .summary = N_( "The CRL has expired." ), | ||
| 141 | + .body = N_( "The Certificate revocation list (CRL) has expired.") | ||
| 142 | + }, | ||
| 143 | + | ||
| 144 | + { | ||
| 145 | + .id = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, | ||
| 146 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 147 | + .iconName = "dialog-error", | ||
| 148 | + .summary = N_( "Format error in certificate's notBefore field" ), | ||
| 149 | + .body = N_( "The certificate notBefore field contains an invalid time." ) | ||
| 150 | + }, | ||
| 151 | + | ||
| 152 | + { | ||
| 153 | + .id = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, | ||
| 154 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 155 | + .iconName = "dialog-error", | ||
| 156 | + .summary = N_( "Format error in certificate's notAfter field" ), | ||
| 157 | + .body = N_( "The certificate notAfter field contains an invalid time." ) | ||
| 158 | + }, | ||
| 159 | + | ||
| 160 | + { | ||
| 161 | + .id = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, | ||
| 162 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 163 | + .iconName = "dialog-error", | ||
| 164 | + .summary = N_( "Format error in CRL's lastUpdate field" ), | ||
| 165 | + .body = N_( "The CRL lastUpdate field contains an invalid time." ) | ||
| 166 | + }, | ||
| 167 | + | ||
| 168 | + { | ||
| 169 | + .id = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, | ||
| 170 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 171 | + .iconName = "dialog-error", | ||
| 172 | + .summary = N_( "Format error in CRL's nextUpdate field" ), | ||
| 173 | + .body = N_( "The CRL nextUpdate field contains an invalid time." ) | ||
| 174 | + }, | ||
| 175 | + | ||
| 176 | + { | ||
| 177 | + .id = X509_V_ERR_OUT_OF_MEM, | ||
| 178 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 179 | + .iconName = "dialog-error", | ||
| 180 | + .summary = N_( "Out of memory" ), | ||
| 181 | + .body = N_( "An error occurred trying to allocate memory. This should never happen." ) | ||
| 182 | + }, | ||
| 183 | + | ||
| 184 | + { | ||
| 185 | + .id = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, | ||
| 186 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 187 | + .iconName = "security-medium", | ||
| 188 | + .summary = N_( "Self signed certificate" ), | ||
| 189 | + .body = N_( "The passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates." ) | ||
| 190 | + }, | ||
| 191 | + | ||
| 192 | + { | ||
| 193 | + .id = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, | ||
| 194 | +#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
| 195 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 196 | +#else | ||
| 197 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 198 | +#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
| 199 | + .iconName = "security-medium", | ||
| 200 | + .summary = N_( "Self signed certificate in certificate chain" ), | ||
| 201 | + .body = N_( "The certificate chain could be built up using the untrusted certificates but the root could not be found locally." ) | ||
| 202 | + }, | ||
| 203 | + | ||
| 204 | + { | ||
| 205 | + .id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, | ||
| 206 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 207 | + .iconName = "security-low", | ||
| 208 | + .summary = N_( "Unable to get local issuer certificate" ), | ||
| 209 | + .body = N_( "The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found." ) | ||
| 210 | + }, | ||
| 211 | + | ||
| 212 | + { | ||
| 213 | + .id = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, | ||
| 214 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 215 | + .iconName = "security-low", | ||
| 216 | + .summary = N_( "Unable to verify the first certificate" ), | ||
| 217 | + .body = N_( "No signatures could be verified because the chain contains only one certificate and it is not self signed." ) | ||
| 218 | + }, | ||
| 219 | + | ||
| 220 | + { | ||
| 221 | + .id = X509_V_ERR_CERT_REVOKED, | ||
| 222 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 223 | + .iconName = "security-low", | ||
| 224 | + .summary = N_( "Certificate revoked" ), | ||
| 225 | + .body = N_( "The certificate has been revoked." ) | ||
| 226 | + }, | ||
| 227 | + | ||
| 228 | + { | ||
| 229 | + .id = X509_V_ERR_INVALID_CA, | ||
| 230 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 231 | + .iconName = "security-low", | ||
| 232 | + .summary = N_( "Invalid CA certificate" ), | ||
| 233 | + .body = N_( "A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose." ) | ||
| 234 | + }, | ||
| 235 | + | ||
| 236 | + { | ||
| 237 | + .id = X509_V_ERR_PATH_LENGTH_EXCEEDED, | ||
| 238 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 239 | + .iconName = "dialog-error", | ||
| 240 | + .summary = N_( "Path length constraint exceeded" ), | ||
| 241 | + .body = N_( "The basicConstraints pathlength parameter has been exceeded." ), | ||
| 242 | + }, | ||
| 243 | + | ||
| 244 | + { | ||
| 245 | + .id = X509_V_ERR_INVALID_PURPOSE, | ||
| 246 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 247 | + .iconName = "dialog-error", | ||
| 248 | + .summary = N_( "Unsupported certificate purpose" ), | ||
| 249 | + .body = N_( "The supplied certificate cannot be used for the specified purpose." ) | ||
| 250 | + }, | ||
| 251 | + | ||
| 252 | + { | ||
| 253 | + .id = X509_V_ERR_CERT_UNTRUSTED, | ||
| 254 | + .type = LIB3270_NOTIFY_WARNING, | ||
| 255 | + .iconName = "security-low", | ||
| 256 | + .summary = N_( "Certificate not trusted" ), | ||
| 257 | + .body = N_( "The root CA is not marked as trusted for the specified purpose." ) | ||
| 258 | + }, | ||
| 259 | + | ||
| 260 | + { | ||
| 261 | + .id = X509_V_ERR_CERT_REJECTED, | ||
| 262 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 263 | + .iconName = "security-low", | ||
| 264 | + .summary = N_( "Certificate rejected" ), | ||
| 265 | + .body = N_( "The root CA is marked to reject the specified purpose." ) | ||
| 266 | + }, | ||
| 267 | + | ||
| 268 | + { | ||
| 269 | + .id = X509_V_ERR_SUBJECT_ISSUER_MISMATCH, | ||
| 270 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 271 | + .iconName = "security-low", | ||
| 272 | + .summary = N_( "Subject issuer mismatch" ), | ||
| 273 | + .body = N_( "The current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set." ) | ||
| 274 | + }, | ||
| 275 | + | ||
| 276 | + { | ||
| 277 | + .id = X509_V_ERR_AKID_SKID_MISMATCH, | ||
| 278 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 279 | + .iconName = "dialog-error", | ||
| 280 | + .summary = N_( "Authority and subject key identifier mismatch" ), | ||
| 281 | + .body = N_( "The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the -issuer_checks option is set." ) | ||
| 282 | + }, | ||
| 283 | + | ||
| 284 | + { | ||
| 285 | + .id = X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, | ||
| 286 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 287 | + .iconName = "dialog-error", | ||
| 288 | + .summary = N_( "Authority and issuer serial number mismatch" ), | ||
| 289 | + .body = N_( "The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only displayed when the -issuer_checks option is set." ) | ||
| 290 | + }, | ||
| 291 | + | ||
| 292 | + { | ||
| 293 | + .id = X509_V_ERR_KEYUSAGE_NO_CERTSIGN, | ||
| 294 | + .type = LIB3270_NOTIFY_ERROR, | ||
| 295 | + .iconName = "dialog-error", | ||
| 296 | + .summary = N_( "Key usage does not include certificate signing" ), | ||
| 297 | + .body = N_( "The current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing." ) | ||
| 298 | + } | ||
| 299 | + | ||
| 300 | + }; | ||
| 301 | + | ||
| 302 | + const struct ssl_status_msg * ssl_get_status_from_error_code(long id) | ||
| 303 | + { | ||
| 304 | + size_t f; | ||
| 305 | + | ||
| 306 | + for(f=0;f < (sizeof(status_msg)/sizeof(status_msg[0]));f++) | ||
| 307 | + { | ||
| 308 | + if(status_msg[f].id == id) | ||
| 309 | + return status_msg+f; | ||
| 310 | + } | ||
| 311 | + return NULL; | ||
| 312 | + } | ||
| 313 | + | ||
| 314 | + static const struct ssl_status_msg * get_ssl_status_msg(const H3270 *hSession) | ||
| 315 | + { | ||
| 316 | + return ssl_get_status_from_error_code(lib3270_get_SSL_verify_result(hSession)); | ||
| 317 | + } | ||
| 318 | + | ||
| 319 | + const char * lib3270_get_ssl_state_message(const H3270 *hSession) | ||
| 320 | + { | ||
| 321 | + if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 322 | + { | ||
| 323 | + const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 324 | + if(info) | ||
| 325 | + return gettext(info->summary); | ||
| 326 | + } | ||
| 327 | + | ||
| 328 | + return _( "The connection is insecure" ); | ||
| 329 | + | ||
| 330 | + } | ||
| 331 | + | ||
| 332 | + const char * lib3270_get_ssl_state_icon_name(const H3270 *hSession) | ||
| 333 | + { | ||
| 334 | + if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 335 | + { | ||
| 336 | + const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 337 | + if(info) | ||
| 338 | + return info->iconName; | ||
| 339 | + } | ||
| 340 | + | ||
| 341 | + return "dialog-error"; | ||
| 342 | + | ||
| 343 | + } | ||
| 344 | + | ||
| 345 | + | ||
| 346 | + const char * lib3270_get_ssl_state_description(const H3270 *hSession) | ||
| 347 | + { | ||
| 348 | + if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 349 | + { | ||
| 350 | + const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 351 | + if(info) | ||
| 352 | + return gettext(info->body); | ||
| 353 | + } | ||
| 354 | + else | ||
| 355 | + { | ||
| 356 | + return _( "The connection is insecure" ); | ||
| 357 | + } | ||
| 358 | + | ||
| 359 | + return _( "Unexpected or unknown security status"); | ||
| 360 | + } | ||
| 361 | + | ||
| 362 | + LIB3270_NOTIFY lib3270_get_ssl_state_icon(const H3270 *hSession) | ||
| 363 | + { | ||
| 364 | + if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 365 | + { | ||
| 366 | + const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 367 | + if(info) | ||
| 368 | + return info->type; | ||
| 369 | + } | ||
| 370 | + | ||
| 371 | + return LIB3270_NOTIFY_ERROR; | ||
| 372 | + } | ||
| 373 | + | ||
| 374 | +#else | ||
| 375 | + | ||
| 376 | + const char * lib3270_get_ssl_state_message(const H3270 *hSession) | ||
| 377 | + { | ||
| 378 | + return lib3270_get_hostname(hSession); | ||
| 379 | + } | ||
| 380 | + | ||
| 381 | + const char * lib3270_get_ssl_state_description(const H3270 *hSession) | ||
| 382 | + { | ||
| 383 | + return _( "The connection is insecure" ); | ||
| 384 | + } | ||
| 385 | + | ||
| 386 | + LIB3270_NOTIFY lib3270_get_ssl_state_icon(const H3270 *hSession) | ||
| 387 | + { | ||
| 388 | + return LIB3270_NOTIFY_ERROR; | ||
| 389 | + } | ||
| 390 | + | ||
| 391 | + const char * lib3270_get_ssl_state_icon_name(const H3270 *hSession) | ||
| 392 | + { | ||
| 393 | + return "dialog-error"; | ||
| 394 | + } | ||
| 395 | + | ||
| 396 | + |
src/network_modules/private.h
| @@ -1,52 +0,0 @@ | @@ -1,52 +0,0 @@ | ||
| 1 | -/* | ||
| 2 | - * "Software G3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | - * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | - * | ||
| 6 | - * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | - * | ||
| 8 | - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | - * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | - * Free Software Foundation. | ||
| 11 | - * | ||
| 12 | - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | - * obter mais detalhes. | ||
| 16 | - * | ||
| 17 | - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | - * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | - * | ||
| 21 | - * Este programa está nomeado como private.h e possui - linhas de código. | ||
| 22 | - * | ||
| 23 | - * Contatos: | ||
| 24 | - * | ||
| 25 | - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | - * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | - * | ||
| 28 | - */ | ||
| 29 | - | ||
| 30 | -#ifndef LIB3270_NETWORK_MODULES_PRIVATE_H_INCLUDED | ||
| 31 | - | ||
| 32 | - #define LIB3270_NETWORK_MODULES_PRIVATE_H_INCLUDED | ||
| 33 | - | ||
| 34 | - #include <config.h> | ||
| 35 | - | ||
| 36 | - #ifdef _WIN32 | ||
| 37 | - #include <winsock.h> | ||
| 38 | - #include <windows.h> | ||
| 39 | - #else | ||
| 40 | - #include <unistd.h> | ||
| 41 | - #include <fcntl.h> | ||
| 42 | - #endif // _WIN32 | ||
| 43 | - | ||
| 44 | - #include <internals.h> | ||
| 45 | - #include <networking.h> | ||
| 46 | - | ||
| 47 | - #include <lib3270.h> | ||
| 48 | - #include <lib3270/log.h> | ||
| 49 | - | ||
| 50 | - LIB3270_INTERNAL ssize_t unsecure_network_send(H3270 *hSession, const void *buffer, size_t length); | ||
| 51 | - | ||
| 52 | -#endif // !LIB3270_NETWORK_MODULES_PRIVATE_H_INCLUDED |
| @@ -0,0 +1,38 @@ | @@ -0,0 +1,38 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como unsecure.c e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | + /** | ||
| 31 | + * @brief Select network methods. | ||
| 32 | + * | ||
| 33 | + */ | ||
| 34 | + | ||
| 35 | + #include <config.h> | ||
| 36 | + #include <lib3270.h> | ||
| 37 | + #include <lib3270/log.h> | ||
| 38 | + #include <networking.h> |
| @@ -0,0 +1,77 @@ | @@ -0,0 +1,77 @@ | ||
| 1 | +/* | ||
| 2 | + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | + * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | + * | ||
| 6 | + * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | + * | ||
| 8 | + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela | ||
| 10 | + * Free Software Foundation. | ||
| 11 | + * | ||
| 12 | + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | + * obter mais detalhes. | ||
| 16 | + * | ||
| 17 | + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | + * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | + * | ||
| 21 | + * Este programa está nomeado como - e possui - linhas de código. | ||
| 22 | + * | ||
| 23 | + * Contatos: | ||
| 24 | + * | ||
| 25 | + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça) | ||
| 27 | + * | ||
| 28 | + */ | ||
| 29 | + | ||
| 30 | +#include <config.h> | ||
| 31 | +#include <internals.h> | ||
| 32 | +#include <errno.h> | ||
| 33 | +#include <lib3270.h> | ||
| 34 | +#include <lib3270/internals.h> | ||
| 35 | +#include <lib3270/popup.h> | ||
| 36 | +#include <lib3270/trace.h> | ||
| 37 | +#include <trace_dsc.h> | ||
| 38 | +#include <lib3270/log.h> | ||
| 39 | +#include <lib3270/trace.h> | ||
| 40 | + | ||
| 41 | +#ifdef HAVE_LIBSSL | ||
| 42 | + #include <openssl/ssl.h> | ||
| 43 | + #include <openssl/err.h> | ||
| 44 | +#endif // HAVE_LIBSSL | ||
| 45 | + | ||
| 46 | +/*--[ Implement ]------------------------------------------------------------------------------------*/ | ||
| 47 | + | ||
| 48 | +LIB3270_EXPORT int lib3270_is_secure(const H3270 *hSession) | ||
| 49 | +{ | ||
| 50 | + return lib3270_get_ssl_state(hSession) == LIB3270_SSL_SECURE; | ||
| 51 | +} | ||
| 52 | + | ||
| 53 | +#if defined(HAVE_LIBSSLx) | ||
| 54 | +LIB3270_EXPORT long lib3270_get_SSL_verify_result(const H3270 *hSession) | ||
| 55 | +{ | ||
| 56 | + if(hSession->ssl.con) | ||
| 57 | + return SSL_get_verify_result(hSession->ssl.con); | ||
| 58 | + return -1; | ||
| 59 | +} | ||
| 60 | +#endif // HAVE_LIBSSL | ||
| 61 | + | ||
| 62 | +LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_ssl_state(const H3270 *hSession) | ||
| 63 | +{ | ||
| 64 | + return hSession->ssl.state; | ||
| 65 | +} | ||
| 66 | + | ||
| 67 | +void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state) | ||
| 68 | +{ | ||
| 69 | + if(state == hSession->ssl.state) | ||
| 70 | + return; | ||
| 71 | + | ||
| 72 | + hSession->ssl.state = state; | ||
| 73 | + trace_dsn(hSession,"SSL state changes to %d\n",(int) state); | ||
| 74 | + debug("SSL state changes to %d\n",(int) state); | ||
| 75 | + | ||
| 76 | + hSession->cbk.update_ssl(hSession,hSession->ssl.state); | ||
| 77 | +} |
src/network_modules/unsecure.c
| @@ -1,303 +0,0 @@ | @@ -1,303 +0,0 @@ | ||
| 1 | -/* | ||
| 2 | - * "Software PW3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | - * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | - * | ||
| 6 | - * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | - * | ||
| 8 | - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | - * os termos da GPL v.2 - Licença Pública Geral ', conforme publicado pela | ||
| 10 | - * Free Software Foundation. | ||
| 11 | - * | ||
| 12 | - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | - * obter mais detalhes. | ||
| 16 | - * | ||
| 17 | - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | - * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | - * | ||
| 21 | - * Este programa está nomeado como unsecure.c e possui - linhas de código. | ||
| 22 | - * | ||
| 23 | - * Contatos: | ||
| 24 | - * | ||
| 25 | - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | - * erico.mendonca@gmail.com (Erico Mascarenhas de Mendonça) | ||
| 27 | - * | ||
| 28 | - */ | ||
| 29 | - | ||
| 30 | - /** | ||
| 31 | - * @brief Default networking methods. | ||
| 32 | - * | ||
| 33 | - */ | ||
| 34 | - | ||
| 35 | - #include "private.h" | ||
| 36 | - | ||
| 37 | - #include <sys/types.h> | ||
| 38 | - #include <sys/socket.h> | ||
| 39 | - #include <netdb.h> | ||
| 40 | - | ||
| 41 | - struct _lib3270_net_context { | ||
| 42 | - int sock; | ||
| 43 | - }; | ||
| 44 | - | ||
| 45 | - static void unsecure_network_finalize(H3270 *hSession) { | ||
| 46 | - | ||
| 47 | - debug("%s",__FUNCTION__); | ||
| 48 | - | ||
| 49 | - if(hSession->network.context) { | ||
| 50 | - lib3270_free(hSession->network.context); | ||
| 51 | - hSession->network.context = NULL; | ||
| 52 | - } | ||
| 53 | - | ||
| 54 | - } | ||
| 55 | - | ||
| 56 | - static int unsecure_network_disconnect(H3270 *hSession) { | ||
| 57 | - | ||
| 58 | - debug("%s",__FUNCTION__); | ||
| 59 | - | ||
| 60 | - if(hSession->network.context->sock >= 0) { | ||
| 61 | - shutdown(hSession->network.context->sock, 2); | ||
| 62 | - close(hSession->network.context->sock); | ||
| 63 | - hSession->network.context->sock = -1; | ||
| 64 | - } | ||
| 65 | - | ||
| 66 | - return 0; | ||
| 67 | - } | ||
| 68 | - | ||
| 69 | - ssize_t unsecure_network_send(H3270 *hSession, const void *buffer, size_t length) { | ||
| 70 | - | ||
| 71 | - if(hSession->network.context->sock < 0) { | ||
| 72 | - return -(errno = ENOTCONN); | ||
| 73 | - } | ||
| 74 | - | ||
| 75 | - ssize_t bytes = send(hSession->network.context->sock,buffer,length,0); | ||
| 76 | - | ||
| 77 | - debug("%s bytes=%d",__FUNCTION__,(int) bytes); | ||
| 78 | - | ||
| 79 | - if(bytes >= 0) | ||
| 80 | - return bytes; | ||
| 81 | - | ||
| 82 | - int rc = errno; | ||
| 83 | - | ||
| 84 | - debug("%s: %s",__FUNCTION__,strerror(rc)); | ||
| 85 | - | ||
| 86 | - switch(rc) | ||
| 87 | - { | ||
| 88 | - case EPIPE: | ||
| 89 | - lib3270_popup_dialog( | ||
| 90 | - hSession, | ||
| 91 | - LIB3270_NOTIFY_ERROR, | ||
| 92 | - NULL, | ||
| 93 | - _("Broken pipe"), | ||
| 94 | - _("The system error code was %d"), | ||
| 95 | - rc | ||
| 96 | - ); | ||
| 97 | - break; | ||
| 98 | - | ||
| 99 | - case ECONNRESET: | ||
| 100 | - lib3270_popup_dialog( | ||
| 101 | - hSession, | ||
| 102 | - LIB3270_NOTIFY_ERROR, | ||
| 103 | - NULL, | ||
| 104 | - _("Connection reset by peer"), | ||
| 105 | - _("The system error code was %d"), | ||
| 106 | - rc | ||
| 107 | - ); | ||
| 108 | - break; | ||
| 109 | - | ||
| 110 | - case EINTR: | ||
| 111 | - return 0; | ||
| 112 | - | ||
| 113 | - default: | ||
| 114 | - lib3270_popup_dialog( | ||
| 115 | - hSession, | ||
| 116 | - LIB3270_NOTIFY_ERROR, | ||
| 117 | - NULL, | ||
| 118 | - _("Unexpected error writing to network socket"), | ||
| 119 | - _("The system error code was %d (%s)"), | ||
| 120 | - rc, strerror(rc) | ||
| 121 | - ); | ||
| 122 | - | ||
| 123 | - } | ||
| 124 | - | ||
| 125 | - return -rc; | ||
| 126 | - } | ||
| 127 | - | ||
| 128 | - static ssize_t unsecure_network_recv(H3270 *hSession, void *buf, size_t len) { | ||
| 129 | - | ||
| 130 | - debug("%s",__FUNCTION__); | ||
| 131 | - | ||
| 132 | - if(hSession->network.context->sock < 0) { | ||
| 133 | - return -(errno = ENOTCONN); | ||
| 134 | - } | ||
| 135 | - | ||
| 136 | - ssize_t bytes = recv(hSession->network.context->sock, (char *) buf, len, 0); | ||
| 137 | - | ||
| 138 | - debug("%s bytes=%d",__FUNCTION__,(int) bytes); | ||
| 139 | - | ||
| 140 | - if(bytes < 0) { | ||
| 141 | - return -errno; | ||
| 142 | - } | ||
| 143 | - | ||
| 144 | - return bytes; | ||
| 145 | -} | ||
| 146 | - | ||
| 147 | -static int unsecure_network_getsockname(const H3270 *hSession, struct sockaddr *addr, socklen_t *addrlen) { | ||
| 148 | - if(hSession->network.context->sock < 0) | ||
| 149 | - return -(errno = ENOTCONN); | ||
| 150 | - return getsockname(hSession->network.context->sock, addr, addrlen); | ||
| 151 | -} | ||
| 152 | - | ||
| 153 | -static void * unsecure_network_add_poll(H3270 *hSession, LIB3270_IO_FLAG flag, void(*call)(H3270 *, int, LIB3270_IO_FLAG, void *), void *userdata) { | ||
| 154 | - return lib3270_add_poll_fd(hSession,hSession->network.context->sock,flag,call,userdata); | ||
| 155 | -} | ||
| 156 | - | ||
| 157 | -static int unsecure_network_non_blocking(H3270 *hSession, const unsigned char on) { | ||
| 158 | - | ||
| 159 | - if(hSession->network.context->sock < 0) | ||
| 160 | - return 0; | ||
| 161 | - | ||
| 162 | -#ifdef WIN32 | ||
| 163 | - | ||
| 164 | - WSASetLastError(0); | ||
| 165 | - u_long iMode= on ? 1 : 0; | ||
| 166 | - | ||
| 167 | - if(ioctlsocket(hSession->network.context->sock,FIONBIO,&iMode)) | ||
| 168 | - { | ||
| 169 | - lib3270_popup_dialog( hSession, | ||
| 170 | - LIB3270_NOTIFY_ERROR, | ||
| 171 | - _( "Connection error" ), | ||
| 172 | - _( "ioctlsocket(FIONBIO) failed." ), | ||
| 173 | - "%s", lib3270_win32_strerror(GetLastError())); | ||
| 174 | - return -1; | ||
| 175 | - } | ||
| 176 | - | ||
| 177 | -#else | ||
| 178 | - | ||
| 179 | - int f; | ||
| 180 | - | ||
| 181 | - if ((f = fcntl(hSession->network.context->sock, F_GETFL, 0)) == -1) | ||
| 182 | - { | ||
| 183 | - lib3270_popup_dialog( hSession, | ||
| 184 | - LIB3270_NOTIFY_ERROR, | ||
| 185 | - _( "Socket error" ), | ||
| 186 | - _( "fcntl() error when getting socket state." ), | ||
| 187 | - _( "%s" ), strerror(errno) | ||
| 188 | - ); | ||
| 189 | - | ||
| 190 | - return -1; | ||
| 191 | - } | ||
| 192 | - | ||
| 193 | - if (on) | ||
| 194 | - f |= O_NDELAY; | ||
| 195 | - else | ||
| 196 | - f &= ~O_NDELAY; | ||
| 197 | - | ||
| 198 | - if (fcntl(hSession->network.context->sock, F_SETFL, f) < 0) | ||
| 199 | - { | ||
| 200 | - lib3270_popup_dialog( hSession, | ||
| 201 | - LIB3270_NOTIFY_ERROR, | ||
| 202 | - _( "Socket error" ), | ||
| 203 | - on ? _( "Can't set socket to blocking mode." ) : _( "Can't set socket to non blocking mode" ), | ||
| 204 | - _( "%s" ), strerror(errno) | ||
| 205 | - ); | ||
| 206 | - return -1; | ||
| 207 | - } | ||
| 208 | - | ||
| 209 | -#endif | ||
| 210 | - | ||
| 211 | - debug("Socket %d is now %s",hSession->network.context->sock,(on ? "Non Blocking" : "Blocking")); | ||
| 212 | - | ||
| 213 | - return 0; | ||
| 214 | -} | ||
| 215 | - | ||
| 216 | -static int unsecure_network_is_connected(const H3270 *hSession) { | ||
| 217 | - return hSession->network.context->sock > 0; | ||
| 218 | -} | ||
| 219 | - | ||
| 220 | -static int unsecure_network_setsockopt(H3270 *hSession, int level, int optname, const void *optval, size_t optlen) { | ||
| 221 | - | ||
| 222 | - if(hSession->network.context->sock < 0) { | ||
| 223 | - errno = ENOTCONN; | ||
| 224 | - return -1; | ||
| 225 | - } | ||
| 226 | - | ||
| 227 | - return setsockopt(hSession->network.context->sock, level, optname, optval, optlen); | ||
| 228 | - | ||
| 229 | -} | ||
| 230 | - | ||
| 231 | -static int unsecure_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) { | ||
| 232 | - | ||
| 233 | - if(hSession->network.context->sock < 0) { | ||
| 234 | - errno = ENOTCONN; | ||
| 235 | - return -1; | ||
| 236 | - } | ||
| 237 | - | ||
| 238 | - return getsockopt(hSession->network.context->sock, level, optname, optval, optlen); | ||
| 239 | -} | ||
| 240 | - | ||
| 241 | -static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) { | ||
| 242 | - | ||
| 243 | - hSession->network.context->sock = lib3270_network_connect(hSession, state); | ||
| 244 | - if(hSession->network.context->sock < 0) | ||
| 245 | - return hSession->network.context->sock; | ||
| 246 | - | ||
| 247 | - return 0; | ||
| 248 | -} | ||
| 249 | - | ||
| 250 | -static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) { | ||
| 251 | - | ||
| 252 | - if(hSession->ssl.host) { | ||
| 253 | - | ||
| 254 | - // TODO: Replace network module with the openssl version, initialize and execute start_tls on it. | ||
| 255 | - | ||
| 256 | - static const LIB3270_POPUP popup = { | ||
| 257 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 258 | - .summary = N_("Can't activate SSL/TLS"), | ||
| 259 | - .body = N_("The protocol library was build without SSL/TLS support") | ||
| 260 | - }; | ||
| 261 | - | ||
| 262 | - msg->popup = &popup; | ||
| 263 | - | ||
| 264 | - return ENOTSUP; | ||
| 265 | - | ||
| 266 | - } | ||
| 267 | - | ||
| 268 | - return 0; | ||
| 269 | -} | ||
| 270 | - | ||
| 271 | -void lib3270_set_default_network_module(H3270 *hSession) { | ||
| 272 | - | ||
| 273 | - static const LIB3270_NET_MODULE module = { | ||
| 274 | - .finalize = unsecure_network_finalize, | ||
| 275 | - .connect = unsecure_network_connect, | ||
| 276 | - .disconnect = unsecure_network_disconnect, | ||
| 277 | - .start_tls = unsecure_network_start_tls, | ||
| 278 | - .send = unsecure_network_send, | ||
| 279 | - .recv = unsecure_network_recv, | ||
| 280 | - .add_poll = unsecure_network_add_poll, | ||
| 281 | - .non_blocking = unsecure_network_non_blocking, | ||
| 282 | - .is_connected = unsecure_network_is_connected, | ||
| 283 | - .getsockname = unsecure_network_getsockname, | ||
| 284 | - .setsockopt = unsecure_network_setsockopt, | ||
| 285 | - .getsockopt = unsecure_network_getsockopt | ||
| 286 | - }; | ||
| 287 | - | ||
| 288 | - debug("%s",__FUNCTION__); | ||
| 289 | - | ||
| 290 | - if(hSession->network.context) { | ||
| 291 | - // Has context, finalize it. | ||
| 292 | - hSession->network.module->finalize(hSession); | ||
| 293 | - } | ||
| 294 | - | ||
| 295 | - hSession->ssl.host = 0; | ||
| 296 | - hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT)); | ||
| 297 | - memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT)); | ||
| 298 | - hSession->network.context->sock = -1; | ||
| 299 | - | ||
| 300 | - hSession->network.module = &module; | ||
| 301 | - | ||
| 302 | -} | ||
| 303 | - |
src/ssl/crl.h
| @@ -35,7 +35,7 @@ | @@ -35,7 +35,7 @@ | ||
| 35 | #include <config.h> /* autoconf settings */ | 35 | #include <config.h> /* autoconf settings */ |
| 36 | #include <lib3270.h> /* lib3270 API calls and defs */ | 36 | #include <lib3270.h> /* lib3270 API calls and defs */ |
| 37 | 37 | ||
| 38 | -#if defined(HAVE_LIBSSL) | 38 | +#if defined(HAVE_LIBSSLx) |
| 39 | 39 | ||
| 40 | #include <openssl/ssl.h> | 40 | #include <openssl/ssl.h> |
| 41 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
| @@ -61,7 +61,7 @@ | @@ -61,7 +61,7 @@ | ||
| 61 | 61 | ||
| 62 | #endif // HAVE_LIBSSL | 62 | #endif // HAVE_LIBSSL |
| 63 | 63 | ||
| 64 | -#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSL) | 64 | +#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSLx) |
| 65 | 65 | ||
| 66 | /// @brief Unconditional release of the session CRL. | 66 | /// @brief Unconditional release of the session CRL. |
| 67 | LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession); | 67 | LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession); |
src/ssl/state.c
| @@ -1,445 +0,0 @@ | @@ -1,445 +0,0 @@ | ||
| 1 | -/* | ||
| 2 | - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270 | ||
| 3 | - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a | ||
| 4 | - * aplicativos mainframe. Registro no INPI sob o nome G3270. | ||
| 5 | - * | ||
| 6 | - * Copyright (C) <2008> <Banco do Brasil S.A.> | ||
| 7 | - * | ||
| 8 | - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob | ||
| 9 | - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela | ||
| 10 | - * Free Software Foundation. | ||
| 11 | - * | ||
| 12 | - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER | ||
| 13 | - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO | ||
| 14 | - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para | ||
| 15 | - * obter mais detalhes. | ||
| 16 | - * | ||
| 17 | - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este | ||
| 18 | - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin | ||
| 19 | - * St, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | - * | ||
| 21 | - * Este programa está nomeado como - e possui - linhas de código. | ||
| 22 | - * | ||
| 23 | - * Contatos: | ||
| 24 | - * | ||
| 25 | - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck) | ||
| 26 | - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça) | ||
| 27 | - * | ||
| 28 | - */ | ||
| 29 | - | ||
| 30 | -#include <config.h> | ||
| 31 | -#include <internals.h> | ||
| 32 | -#include <errno.h> | ||
| 33 | -#include <lib3270.h> | ||
| 34 | -#include <lib3270/internals.h> | ||
| 35 | -#include <lib3270/popup.h> | ||
| 36 | -#include <lib3270/trace.h> | ||
| 37 | -#include <trace_dsc.h> | ||
| 38 | -#include <lib3270/log.h> | ||
| 39 | -#include <lib3270/trace.h> | ||
| 40 | - | ||
| 41 | -#ifdef HAVE_LIBSSL | ||
| 42 | - #include <openssl/ssl.h> | ||
| 43 | - #include <openssl/err.h> | ||
| 44 | -#endif // HAVE_LIBSSL | ||
| 45 | - | ||
| 46 | -/*--[ Implement ]------------------------------------------------------------------------------------*/ | ||
| 47 | - | ||
| 48 | -LIB3270_EXPORT int lib3270_is_secure(const H3270 *hSession) | ||
| 49 | -{ | ||
| 50 | - return lib3270_get_ssl_state(hSession) == LIB3270_SSL_SECURE; | ||
| 51 | -} | ||
| 52 | - | ||
| 53 | -LIB3270_EXPORT long lib3270_get_SSL_verify_result(const H3270 *hSession) | ||
| 54 | -{ | ||
| 55 | -#if defined(HAVE_LIBSSL) | ||
| 56 | - if(hSession->ssl.con) | ||
| 57 | - return SSL_get_verify_result(hSession->ssl.con); | ||
| 58 | -#else | ||
| 59 | - errno = ENOTSUP; | ||
| 60 | -#endif // HAVE_LIBSSL | ||
| 61 | - return -1; | ||
| 62 | -} | ||
| 63 | - | ||
| 64 | -LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_ssl_state(const H3270 *hSession) | ||
| 65 | -{ | ||
| 66 | -#if defined(HAVE_LIBSSL) | ||
| 67 | - return hSession->ssl.state; | ||
| 68 | -#else | ||
| 69 | - return LIB3270_SSL_UNDEFINED; | ||
| 70 | -#endif // HAVE_LIBSSL | ||
| 71 | -} | ||
| 72 | - | ||
| 73 | -void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state) | ||
| 74 | -{ | ||
| 75 | - if(state == hSession->ssl.state) | ||
| 76 | - return; | ||
| 77 | - | ||
| 78 | - hSession->ssl.state = state; | ||
| 79 | - trace_dsn(hSession,"SSL state changes to %d\n",(int) state); | ||
| 80 | - debug("SSL state changes to %d\n",(int) state); | ||
| 81 | - | ||
| 82 | - hSession->cbk.update_ssl(hSession,hSession->ssl.state); | ||
| 83 | -} | ||
| 84 | - | ||
| 85 | - | ||
| 86 | -#if defined(HAVE_LIBSSL) | ||
| 87 | - | ||
| 88 | -static const struct ssl_status_msg status_msg[] = | ||
| 89 | -{ | ||
| 90 | - // http://www.openssl.org/docs/apps/verify.html | ||
| 91 | - { | ||
| 92 | - .id = X509_V_OK, | ||
| 93 | - .type = LIB3270_NOTIFY_SECURE, | ||
| 94 | - .iconName = "security-high", | ||
| 95 | - .summary = N_( "Secure connection was successful." ), | ||
| 96 | - .body = N_( "The connection is secure and the host identity was confirmed." ) | ||
| 97 | - }, | ||
| 98 | - | ||
| 99 | - { | ||
| 100 | - .id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, | ||
| 101 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 102 | - .iconName = "dialog-error", | ||
| 103 | - .summary = N_( "Unable to get issuer certificate" ), | ||
| 104 | - .body = N_( "The issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete." ) | ||
| 105 | - }, | ||
| 106 | - | ||
| 107 | - { | ||
| 108 | - .id = X509_V_ERR_UNABLE_TO_GET_CRL, | ||
| 109 | - .name = "X509_V_ERR_UNABLE_TO_GET_CRL", | ||
| 110 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 111 | - .iconName = "dialog-error", | ||
| 112 | - .summary = N_( "Unable to get certificate CRL." ), | ||
| 113 | - .body = N_( "The Certificate revocation list (CRL) of a certificate could not be found." ) | ||
| 114 | - }, | ||
| 115 | - | ||
| 116 | - { | ||
| 117 | - .id = X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, | ||
| 118 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 119 | - .iconName = "dialog-error", | ||
| 120 | - .summary = N_( "Unable to decrypt certificate's signature" ), | ||
| 121 | - .body = N_( "The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys." ) | ||
| 122 | - }, | ||
| 123 | - | ||
| 124 | - { | ||
| 125 | - .id = X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, | ||
| 126 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 127 | - .iconName = "dialog-error", | ||
| 128 | - .summary = N_( "Unable to decrypt CRL's signature" ), | ||
| 129 | - .body = N_( "The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused." ) | ||
| 130 | - }, | ||
| 131 | - | ||
| 132 | - { | ||
| 133 | - .id = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, | ||
| 134 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 135 | - .iconName = "dialog-error", | ||
| 136 | - .summary = N_( "Unable to decode issuer public key" ), | ||
| 137 | - .body = N_( "The public key in the certificate SubjectPublicKeyInfo could not be read." ) | ||
| 138 | - }, | ||
| 139 | - | ||
| 140 | - { | ||
| 141 | - .id = X509_V_ERR_CERT_SIGNATURE_FAILURE, | ||
| 142 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 143 | - .iconName = "dialog-error", | ||
| 144 | - .summary = N_( "Certificate signature failure" ), | ||
| 145 | - .body = N_( "The signature of the certificate is invalid." ) | ||
| 146 | - }, | ||
| 147 | - | ||
| 148 | - { | ||
| 149 | - .id = X509_V_ERR_CRL_SIGNATURE_FAILURE, | ||
| 150 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 151 | - .iconName = "dialog-error", | ||
| 152 | - .summary = N_( "CRL signature failure" ), | ||
| 153 | - .body = N_( "The signature of the certificate is invalid." ) | ||
| 154 | - }, | ||
| 155 | - | ||
| 156 | - { | ||
| 157 | - .id = X509_V_ERR_CERT_NOT_YET_VALID, | ||
| 158 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 159 | - .iconName = "dialog-warning", | ||
| 160 | - .summary = N_( "Certificate is not yet valid" ), | ||
| 161 | - .body = N_( "The certificate is not yet valid: the notBefore date is after the current time." ) | ||
| 162 | - }, | ||
| 163 | - | ||
| 164 | - { | ||
| 165 | - .id = X509_V_ERR_CERT_HAS_EXPIRED, | ||
| 166 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 167 | - .iconName = "dialog-error", | ||
| 168 | - .summary = N_( "Certificate has expired" ), | ||
| 169 | - .body = N_( "The certificate has expired: that is the notAfter date is before the current time." ) | ||
| 170 | - }, | ||
| 171 | - | ||
| 172 | - { | ||
| 173 | - .id = X509_V_ERR_CRL_NOT_YET_VALID, | ||
| 174 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 175 | - .iconName = "dialog-error", | ||
| 176 | - .summary = N_( "The CRL is not yet valid." ), | ||
| 177 | - .body = N_( "The Certificate revocation list (CRL) is not yet valid." ) | ||
| 178 | - }, | ||
| 179 | - | ||
| 180 | - { | ||
| 181 | - .id = X509_V_ERR_CRL_HAS_EXPIRED, | ||
| 182 | -#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK | ||
| 183 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 184 | -#else | ||
| 185 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 186 | -#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK | ||
| 187 | - .iconName = "security-medium", | ||
| 188 | - .summary = N_( "The CRL has expired." ), | ||
| 189 | - .body = N_( "The Certificate revocation list (CRL) has expired.") | ||
| 190 | - }, | ||
| 191 | - | ||
| 192 | - { | ||
| 193 | - .id = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, | ||
| 194 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 195 | - .iconName = "dialog-error", | ||
| 196 | - .summary = N_( "Format error in certificate's notBefore field" ), | ||
| 197 | - .body = N_( "The certificate notBefore field contains an invalid time." ) | ||
| 198 | - }, | ||
| 199 | - | ||
| 200 | - { | ||
| 201 | - .id = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, | ||
| 202 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 203 | - .iconName = "dialog-error", | ||
| 204 | - .summary = N_( "Format error in certificate's notAfter field" ), | ||
| 205 | - .body = N_( "The certificate notAfter field contains an invalid time." ) | ||
| 206 | - }, | ||
| 207 | - | ||
| 208 | - { | ||
| 209 | - .id = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, | ||
| 210 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 211 | - .iconName = "dialog-error", | ||
| 212 | - .summary = N_( "Format error in CRL's lastUpdate field" ), | ||
| 213 | - .body = N_( "The CRL lastUpdate field contains an invalid time." ) | ||
| 214 | - }, | ||
| 215 | - | ||
| 216 | - { | ||
| 217 | - .id = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, | ||
| 218 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 219 | - .iconName = "dialog-error", | ||
| 220 | - .summary = N_( "Format error in CRL's nextUpdate field" ), | ||
| 221 | - .body = N_( "The CRL nextUpdate field contains an invalid time." ) | ||
| 222 | - }, | ||
| 223 | - | ||
| 224 | - { | ||
| 225 | - .id = X509_V_ERR_OUT_OF_MEM, | ||
| 226 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 227 | - .iconName = "dialog-error", | ||
| 228 | - .summary = N_( "Out of memory" ), | ||
| 229 | - .body = N_( "An error occurred trying to allocate memory. This should never happen." ) | ||
| 230 | - }, | ||
| 231 | - | ||
| 232 | - { | ||
| 233 | - .id = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, | ||
| 234 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 235 | - .iconName = "security-medium", | ||
| 236 | - .summary = N_( "Self signed certificate" ), | ||
| 237 | - .body = N_( "The passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates." ) | ||
| 238 | - }, | ||
| 239 | - | ||
| 240 | - { | ||
| 241 | - .id = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, | ||
| 242 | -#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
| 243 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 244 | -#else | ||
| 245 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 246 | -#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK | ||
| 247 | - .iconName = "security-medium", | ||
| 248 | - .summary = N_( "Self signed certificate in certificate chain" ), | ||
| 249 | - .body = N_( "The certificate chain could be built up using the untrusted certificates but the root could not be found locally." ) | ||
| 250 | - }, | ||
| 251 | - | ||
| 252 | - { | ||
| 253 | - .id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, | ||
| 254 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 255 | - .iconName = "security-low", | ||
| 256 | - .summary = N_( "Unable to get local issuer certificate" ), | ||
| 257 | - .body = N_( "The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found." ) | ||
| 258 | - }, | ||
| 259 | - | ||
| 260 | - { | ||
| 261 | - .id = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, | ||
| 262 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 263 | - .iconName = "security-low", | ||
| 264 | - .summary = N_( "Unable to verify the first certificate" ), | ||
| 265 | - .body = N_( "No signatures could be verified because the chain contains only one certificate and it is not self signed." ) | ||
| 266 | - }, | ||
| 267 | - | ||
| 268 | - { | ||
| 269 | - .id = X509_V_ERR_CERT_REVOKED, | ||
| 270 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 271 | - .iconName = "security-low", | ||
| 272 | - .summary = N_( "Certificate revoked" ), | ||
| 273 | - .body = N_( "The certificate has been revoked." ) | ||
| 274 | - }, | ||
| 275 | - | ||
| 276 | - { | ||
| 277 | - .id = X509_V_ERR_INVALID_CA, | ||
| 278 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 279 | - .iconName = "security-low", | ||
| 280 | - .summary = N_( "Invalid CA certificate" ), | ||
| 281 | - .body = N_( "A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose." ) | ||
| 282 | - }, | ||
| 283 | - | ||
| 284 | - { | ||
| 285 | - .id = X509_V_ERR_PATH_LENGTH_EXCEEDED, | ||
| 286 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 287 | - .iconName = "dialog-error", | ||
| 288 | - .summary = N_( "Path length constraint exceeded" ), | ||
| 289 | - .body = N_( "The basicConstraints pathlength parameter has been exceeded." ), | ||
| 290 | - }, | ||
| 291 | - | ||
| 292 | - { | ||
| 293 | - .id = X509_V_ERR_INVALID_PURPOSE, | ||
| 294 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 295 | - .iconName = "dialog-error", | ||
| 296 | - .summary = N_( "Unsupported certificate purpose" ), | ||
| 297 | - .body = N_( "The supplied certificate cannot be used for the specified purpose." ) | ||
| 298 | - }, | ||
| 299 | - | ||
| 300 | - { | ||
| 301 | - .id = X509_V_ERR_CERT_UNTRUSTED, | ||
| 302 | - .type = LIB3270_NOTIFY_WARNING, | ||
| 303 | - .iconName = "security-low", | ||
| 304 | - .summary = N_( "Certificate not trusted" ), | ||
| 305 | - .body = N_( "The root CA is not marked as trusted for the specified purpose." ) | ||
| 306 | - }, | ||
| 307 | - | ||
| 308 | - { | ||
| 309 | - .id = X509_V_ERR_CERT_REJECTED, | ||
| 310 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 311 | - .iconName = "security-low", | ||
| 312 | - .summary = N_( "Certificate rejected" ), | ||
| 313 | - .body = N_( "The root CA is marked to reject the specified purpose." ) | ||
| 314 | - }, | ||
| 315 | - | ||
| 316 | - { | ||
| 317 | - .id = X509_V_ERR_SUBJECT_ISSUER_MISMATCH, | ||
| 318 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 319 | - .iconName = "security-low", | ||
| 320 | - .summary = N_( "Subject issuer mismatch" ), | ||
| 321 | - .body = N_( "The current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set." ) | ||
| 322 | - }, | ||
| 323 | - | ||
| 324 | - { | ||
| 325 | - .id = X509_V_ERR_AKID_SKID_MISMATCH, | ||
| 326 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 327 | - .iconName = "dialog-error", | ||
| 328 | - .summary = N_( "Authority and subject key identifier mismatch" ), | ||
| 329 | - .body = N_( "The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the -issuer_checks option is set." ) | ||
| 330 | - }, | ||
| 331 | - | ||
| 332 | - { | ||
| 333 | - .id = X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, | ||
| 334 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 335 | - .iconName = "dialog-error", | ||
| 336 | - .summary = N_( "Authority and issuer serial number mismatch" ), | ||
| 337 | - .body = N_( "The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only displayed when the -issuer_checks option is set." ) | ||
| 338 | - }, | ||
| 339 | - | ||
| 340 | - { | ||
| 341 | - .id = X509_V_ERR_KEYUSAGE_NO_CERTSIGN, | ||
| 342 | - .type = LIB3270_NOTIFY_ERROR, | ||
| 343 | - .iconName = "dialog-error", | ||
| 344 | - .summary = N_( "Key usage does not include certificate signing" ), | ||
| 345 | - .body = N_( "The current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing." ) | ||
| 346 | - } | ||
| 347 | - | ||
| 348 | - }; | ||
| 349 | - | ||
| 350 | - const struct ssl_status_msg * ssl_get_status_from_error_code(long id) | ||
| 351 | - { | ||
| 352 | - size_t f; | ||
| 353 | - | ||
| 354 | - for(f=0;f < (sizeof(status_msg)/sizeof(status_msg[0]));f++) | ||
| 355 | - { | ||
| 356 | - if(status_msg[f].id == id) | ||
| 357 | - return status_msg+f; | ||
| 358 | - } | ||
| 359 | - return NULL; | ||
| 360 | - } | ||
| 361 | - | ||
| 362 | - static const struct ssl_status_msg * get_ssl_status_msg(const H3270 *hSession) | ||
| 363 | - { | ||
| 364 | - return ssl_get_status_from_error_code(lib3270_get_SSL_verify_result(hSession)); | ||
| 365 | - } | ||
| 366 | - | ||
| 367 | - const char * lib3270_get_ssl_state_message(const H3270 *hSession) | ||
| 368 | - { | ||
| 369 | - if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 370 | - { | ||
| 371 | - const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 372 | - if(info) | ||
| 373 | - return gettext(info->summary); | ||
| 374 | - } | ||
| 375 | - | ||
| 376 | - return _( "The connection is insecure" ); | ||
| 377 | - | ||
| 378 | - } | ||
| 379 | - | ||
| 380 | - const char * lib3270_get_ssl_state_icon_name(const H3270 *hSession) | ||
| 381 | - { | ||
| 382 | - if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 383 | - { | ||
| 384 | - const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 385 | - if(info) | ||
| 386 | - return info->iconName; | ||
| 387 | - } | ||
| 388 | - | ||
| 389 | - return "dialog-error"; | ||
| 390 | - | ||
| 391 | - } | ||
| 392 | - | ||
| 393 | - | ||
| 394 | - const char * lib3270_get_ssl_state_description(const H3270 *hSession) | ||
| 395 | - { | ||
| 396 | - if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 397 | - { | ||
| 398 | - const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 399 | - if(info) | ||
| 400 | - return gettext(info->body); | ||
| 401 | - } | ||
| 402 | - else | ||
| 403 | - { | ||
| 404 | - return _( "The connection is insecure" ); | ||
| 405 | - } | ||
| 406 | - | ||
| 407 | - return _( "Unexpected or unknown security status"); | ||
| 408 | - } | ||
| 409 | - | ||
| 410 | - LIB3270_NOTIFY lib3270_get_ssl_state_icon(const H3270 *hSession) | ||
| 411 | - { | ||
| 412 | - if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE) | ||
| 413 | - { | ||
| 414 | - const struct ssl_status_msg *info = get_ssl_status_msg(hSession); | ||
| 415 | - if(info) | ||
| 416 | - return info->type; | ||
| 417 | - } | ||
| 418 | - | ||
| 419 | - return LIB3270_NOTIFY_ERROR; | ||
| 420 | - } | ||
| 421 | - | ||
| 422 | -#else | ||
| 423 | - | ||
| 424 | - const char * lib3270_get_ssl_state_message(const H3270 *hSession) | ||
| 425 | - { | ||
| 426 | - return lib3270_get_hostname(hSession); | ||
| 427 | - } | ||
| 428 | - | ||
| 429 | - const char * lib3270_get_ssl_state_description(const H3270 *hSession) | ||
| 430 | - { | ||
| 431 | - return _( "The connection is insecure" ); | ||
| 432 | - } | ||
| 433 | - | ||
| 434 | - LIB3270_NOTIFY lib3270_get_ssl_state_icon(const H3270 *hSession) | ||
| 435 | - { | ||
| 436 | - return LIB3270_NOTIFY_ERROR; | ||
| 437 | - } | ||
| 438 | - | ||
| 439 | - const char * lib3270_get_ssl_state_icon_name(const H3270 *hSession) | ||
| 440 | - { | ||
| 441 | - return "dialog-error"; | ||
| 442 | - } | ||
| 443 | - | ||
| 444 | -#endif // HAVE_LIBSSL | ||
| 445 | - |
src/testprogram/testprogram.c
| @@ -109,9 +109,9 @@ int main(int argc, char *argv[]) | @@ -109,9 +109,9 @@ int main(int argc, char *argv[]) | ||
| 109 | lib3270_set_url(h,optarg); | 109 | lib3270_set_url(h,optarg); |
| 110 | break; | 110 | break; |
| 111 | 111 | ||
| 112 | - case 'C': | ||
| 113 | - lib3270_crl_set_url(h,optarg); | ||
| 114 | - break; | 112 | +// case 'C': |
| 113 | +// lib3270_crl_set_url(h,optarg); | ||
| 114 | +// break; | ||
| 115 | 115 | ||
| 116 | case 't': | 116 | case 't': |
| 117 | trace_file = optarg; | 117 | trace_file = optarg; |
| @@ -122,7 +122,7 @@ int main(int argc, char *argv[]) | @@ -122,7 +122,7 @@ int main(int argc, char *argv[]) | ||
| 122 | 122 | ||
| 123 | } | 123 | } |
| 124 | 124 | ||
| 125 | - printf("HOST URL: %s\tHOST CRL: %s\n",lib3270_get_url(h),lib3270_crl_get_url(h)); | 125 | +// printf("HOST URL: %s\tHOST CRL: %s\n",lib3270_get_url(h),lib3270_crl_get_url(h)); |
| 126 | 126 | ||
| 127 | #ifdef _WIN32 | 127 | #ifdef _WIN32 |
| 128 | { | 128 | { |