Commit 8d514ca28d72dac0a1402517e4bd8f237e8261fe
1 parent
da5b3b07
Exists in
master
and in
3 other branches
Iniciando implementação de validação de certificados revogados.
Showing
1 changed file
with
16 additions
and
0 deletions
Show diff stats
| ... | ... | @@ -39,6 +39,7 @@ |
| 39 | 39 | #if defined(HAVE_LIBSSL) |
| 40 | 40 | #include <openssl/ssl.h> |
| 41 | 41 | #include <openssl/err.h> |
| 42 | + #include <openssl/x509_vfy.h> | |
| 42 | 43 | |
| 43 | 44 | #ifndef SSL_ST_OK |
| 44 | 45 | #define SSL_ST_OK 3 |
| ... | ... | @@ -54,6 +55,7 @@ |
| 54 | 55 | #include "trace_dsc.h" |
| 55 | 56 | |
| 56 | 57 | #if defined(HAVE_LIBSSL) |
| 58 | + | |
| 57 | 59 | static int ssl_3270_ex_index = -1; /**< Index of h3270 handle in SSL session */ |
| 58 | 60 | #endif // HAVE_LIBSSL |
| 59 | 61 | |
| ... | ... | @@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession) |
| 253 | 255 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); |
| 254 | 256 | SSL_CTX_set_default_verify_paths(ssl_ctx); |
| 255 | 257 | |
| 258 | + /* | |
| 259 | + // Set up CRL validation | |
| 260 | + // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now | |
| 261 | + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | |
| 262 | + | |
| 263 | + // Enable CRL checking | |
| 264 | + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); | |
| 265 | + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | |
| 266 | + X509_STORE_set1_param(store, param); | |
| 267 | + X509_VERIFY_PARAM_free(param); | |
| 268 | + */ | |
| 269 | + | |
| 270 | + // X509_STORE_free(store); | |
| 271 | + | |
| 256 | 272 | #if defined(_WIN32) |
| 257 | 273 | { |
| 258 | 274 | HKEY hKey = 0; | ... | ... |