Commit 8d514ca28d72dac0a1402517e4bd8f237e8261fe
1 parent
da5b3b07
Exists in
master
and in
3 other branches
Iniciando implementação de validação de certificados revogados.
Showing
1 changed file
with
16 additions
and
0 deletions
Show diff stats
@@ -39,6 +39,7 @@ | @@ -39,6 +39,7 @@ | ||
39 | #if defined(HAVE_LIBSSL) | 39 | #if defined(HAVE_LIBSSL) |
40 | #include <openssl/ssl.h> | 40 | #include <openssl/ssl.h> |
41 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
42 | + #include <openssl/x509_vfy.h> | ||
42 | 43 | ||
43 | #ifndef SSL_ST_OK | 44 | #ifndef SSL_ST_OK |
44 | #define SSL_ST_OK 3 | 45 | #define SSL_ST_OK 3 |
@@ -54,6 +55,7 @@ | @@ -54,6 +55,7 @@ | ||
54 | #include "trace_dsc.h" | 55 | #include "trace_dsc.h" |
55 | 56 | ||
56 | #if defined(HAVE_LIBSSL) | 57 | #if defined(HAVE_LIBSSL) |
58 | + | ||
57 | static int ssl_3270_ex_index = -1; /**< Index of h3270 handle in SSL session */ | 59 | static int ssl_3270_ex_index = -1; /**< Index of h3270 handle in SSL session */ |
58 | #endif // HAVE_LIBSSL | 60 | #endif // HAVE_LIBSSL |
59 | 61 | ||
@@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession) | @@ -253,6 +255,20 @@ int ssl_init(H3270 *hSession) | ||
253 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); | 255 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); |
254 | SSL_CTX_set_default_verify_paths(ssl_ctx); | 256 | SSL_CTX_set_default_verify_paths(ssl_ctx); |
255 | 257 | ||
258 | + /* | ||
259 | + // Set up CRL validation | ||
260 | + // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now | ||
261 | + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | ||
262 | + | ||
263 | + // Enable CRL checking | ||
264 | + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); | ||
265 | + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | ||
266 | + X509_STORE_set1_param(store, param); | ||
267 | + X509_VERIFY_PARAM_free(param); | ||
268 | + */ | ||
269 | + | ||
270 | + // X509_STORE_free(store); | ||
271 | + | ||
256 | #if defined(_WIN32) | 272 | #if defined(_WIN32) |
257 | { | 273 | { |
258 | HKEY hKey = 0; | 274 | HKEY hKey = 0; |