Download as
Browse Code »

Commit 8d514ca28d72dac0a1402517e4bd8f237e8261fe

Authored by Perry Werneck
1 parent da5b3b07
Exists in master and in 3 other branches develop, macos, network_module

Iniciando implementação de validação de certificados revogados.

Showing 1 changed file with 16 additions and 0 deletions   Show diff stats
@@ -39,6 +39,7 @@ @@ -39,6 +39,7 @@
39 #if defined(HAVE_LIBSSL) 39 #if defined(HAVE_LIBSSL)
40 #include <openssl/ssl.h> 40 #include <openssl/ssl.h>
41 #include <openssl/err.h> 41 #include <openssl/err.h>
  42 + #include <openssl/x509_vfy.h>
42 43
43 #ifndef SSL_ST_OK 44 #ifndef SSL_ST_OK
44 #define SSL_ST_OK 3 45 #define SSL_ST_OK 3
@@ -54,6 +55,7 @@ @@ -54,6 +55,7 @@
54 #include "trace_dsc.h" 55 #include "trace_dsc.h"
55 56
56 #if defined(HAVE_LIBSSL) 57 #if defined(HAVE_LIBSSL)
  58 +
57 static int ssl_3270_ex_index = -1; /**< Index of h3270 handle in SSL session */ 59 static int ssl_3270_ex_index = -1; /**< Index of h3270 handle in SSL session */
58 #endif // HAVE_LIBSSL 60 #endif // HAVE_LIBSSL
59 61
@@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession) @@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession)
253 SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); 255 SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
254 SSL_CTX_set_default_verify_paths(ssl_ctx); 256 SSL_CTX_set_default_verify_paths(ssl_ctx);
255 257
  258 + /*
  259 + // Set up CRL validation
  260 + // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  261 + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
  262 +
  263 + // Enable CRL checking
  264 + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
  265 + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
  266 + X509_STORE_set1_param(store, param);
  267 + X509_VERIFY_PARAM_free(param);
  268 + */
  269 +
  270 + // X509_STORE_free(store);
  271 +
256 #if defined(_WIN32) 272 #if defined(_WIN32)
257 { 273 {
258 HKEY hKey = 0; 274 HKEY hKey = 0;