Melhorando tratamento de erros SSL

perry.werneck@gmail.com
1 parent 358c84c0
Showing 4 changed files with 120 additions and 91 deletions Show diff stats
XtGlue.c
init.c
screen.c
telnet.c
@@ -985,9 +985,17 @@ LIB3270_EXPORT int lib3270_call_thread(int(*callback)(H3270 *h, void *), H3270 *
  
 	lib3270_main_iterate(0);
 	if(callbacks->callthread)
+	{
+		h->bgthread = 1;
+		trace("%s: background thread for %p starts",__FUNCTION__,h);
 		rc = callbacks->callthread(callback,h,parm);
+		trace("%s: background thread for %p ends",__FUNCTION__,h);
+		h->bgthread = 0;
+	}
 	else
+	{
 		rc = callback(h,parm);
+	}
 	lib3270_main_iterate(0);
  
 	if(h->set_timer)
@@ -111,6 +111,13 @@ static void set_cursor(H3270 *session, LIB3270_CURSOR id)
 {
 }
  
+static void message(H3270 *session, LIB3270_NOTIFY id , const char *title, const char *message, const char *text)
+{
+	lib3270_write_log(session,"%s",title);
+	lib3270_write_log(session,"%s",message);
+	lib3270_write_log(session,"%s",text);
+}
+
 static void lib3270_session_init(H3270 *hSession, const char *model)
 {
 	int 	ovc, ovr;
@@ -136,6 +143,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model)
 	hSession->update_oia		= update_oia;
 	hSession->update_selection	= update_selection;
 	hSession->cursor 			= set_cursor;
+	hSession->message			= message;
  
 	hSession->sock = -1;
 	hSession->model_num = -1;
@@ -596,6 +596,8 @@ void show_3270_popup_dialog(H3270 *session, LIB3270_NOTIFY type, const char *tit
 {
 	CHECK_SESSION_HANDLE(session);
  
+	trace("%s: title=%s msg=%s",__FUNCTION__,title,msg);
+
 	if(!fmt)
 		fmt = "";
  
@@ -618,6 +620,8 @@ void Error(H3270 *session, const char *fmt, ...)
  
 	CHECK_SESSION_HANDLE(session);
  
+	trace("%s: title=%s fmt=%s",__FUNCTION__,"3270 Error",fmt);
+
 	va_start(arg_ptr, fmt);
 	popup_handler(session,session->widget,LIB3270_NOTIFY_ERROR, _( "3270 Error" ),NULL,fmt,arg_ptr);
 	va_end(arg_ptr);
@@ -630,6 +634,8 @@ void Warning(H3270 *session, const char *fmt, ...)
  
 	CHECK_SESSION_HANDLE(session);
  
+	trace("%s: title=%s fmt=%s",__FUNCTION__,"3270 Warning",fmt);
+
 	va_start(arg_ptr, fmt);
 	popup_handler(session,session->widget,LIB3270_NOTIFY_WARNING, _( "3270 Warning" ),NULL,fmt,arg_ptr);
 	va_end(arg_ptr);
@@ -643,6 +649,8 @@ extern void popup_an_error(H3270 *session, const char *fmt, ...)
  
 	CHECK_SESSION_HANDLE(session);
  
+	trace("%s: title=%s fmt=%s",__FUNCTION__,"3270 Error",fmt);
+
 	va_start(args, fmt);
 	popup_handler(session,session->widget,LIB3270_NOTIFY_ERROR,_( "3270 Error" ),NULL,fmt,args);
 	va_end(args);
@@ -655,6 +663,8 @@ void popup_system_error(H3270 *session, const char *title, const char *message, 
  
 	CHECK_SESSION_HANDLE(session);
  
+	trace("%s: title=%s msg=%s",__FUNCTION__,"3270 Error",message);
+
 	va_start(args, fmt);
 	popup_handler(session,session->widget,LIB3270_NOTIFY_ERROR,title ? title : _( "3270 Error" ), message,fmt,args);
 	va_end(args);
@@ -764,6 +774,8 @@ LIB3270_EXPORT void lib3270_popup_dialog(H3270 *session, LIB3270_NOTIFY id , con
  
 	CHECK_SESSION_HANDLE(session);
  
+	trace("%s: title=%s msg=%s",__FUNCTION__,"3270 Error",message);
+
 	va_start(args, fmt);
 	popup_handler(session,session->widget,id,title ? title : _( "3270 Error" ), message,fmt,args);
 	va_end(args);
@@ -61,10 +61,6 @@
 #endif /*]*/
 #include <stdarg.h>
  
-#if defined(HAVE_LIBSSL) /*[*/
-	#include <openssl/ssl.h>
-	#include <openssl/err.h>
-#endif /*]*/
 #include "tn3270e.h"
 #include "3270ds.h"
  
@@ -196,7 +192,7 @@ static void net_rawout(unsigned const char *buf, int len);
 static void check_in3270(void);
 static void store3270in(unsigned char c);
 static void check_linemode(Boolean init);
-// static int non_blocking(Boolean on);
+static int non_blocking(Boolean on);
 static void net_connected(H3270 *session);
 #if defined(X3270_TN3270E) /*[*/
 static int tn3270e_negotiate(void);
@@ -308,11 +304,13 @@ static const char *trsp_flag[2] = { &quot;POSITIVE-RESPONSE&quot;, &quot;NEGATIVE-RESPONSE&quot; };
 #define XMIT_COLS	h3270.maxCOLS
 // #endif /*]*/
  
+// #if defined(HAVE_LIBSSL)
+// static SSL *ssl_con;
+// #endif
+
 #if defined(HAVE_LIBSSL) /*[*/
-static SSL_CTX *ssl_ctx;
-static SSL *ssl_con;
 static Boolean need_tls_follows = False;
-static void ssl_init(void);
+static void ssl_init(H3270 *session);
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*[*/
 #define INFO_CONST const
 #else /*][*/
@@ -600,14 +598,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
 #endif
  
 	/* set the socket to be non-delaying */
-/*
-#if defined(_WIN32)
-	if (non_blocking(False) < 0)
-#else
 	if (non_blocking(True) < 0)
-#endif
 		close_fail;
-*/
  
 #if !defined(_WIN32)
 	/* don't share the socket with our children */
@@ -616,26 +608,14 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
  
 	/* init ssl */
 #if defined(HAVE_LIBSSL)
-	session->last_ssl_error = 0;
+	session->last_ssl_error = !0;
 	if (session->ssl_host)
-		ssl_init();
+		ssl_init(session);
 #endif
  
 	/* connect */
 	status_connecting(session,1);
  
-	if(connect_sock(session, session->sock, &haddr.sa,ha_len) == 0)
-	{
-		trace_dsn("Connected.\n");
-		net_connected(session);
-	}
-	else
-	{
-		popup_a_sockerr(session, N_( "Can't connect to %s:%d" ),session->hostname, session->current_port);
-		close_fail;
-	}
-
-/*
 	switch(connect_sock(session, session->sock, &haddr.sa,ha_len))
 	{
 	case 0:					// Connected
@@ -650,9 +630,9 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
 	case SE_EINPROGRESS:
 		*pending = True;
 		trace_dsn("Connection pending.\n");
-#if !defined(_WIN32)
+// #if !defined(_WIN32)
 		output_id = AddOutput(session->sock, session, output_possible);
-#endif
+// #endif
 		break;
  
 	default:
@@ -660,7 +640,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
 		close_fail;
  
 	}
-*/
  
 	/* set up temporary termtype */
 	if (appres.termname == CN && session->std_ds_host)
@@ -784,25 +763,40 @@ static void net_connected(H3270 *session)
 	/* Set up SSL. */
 	if(session->ssl_host && !session->secure_connection)
 	{
-		if (SSL_set_fd(ssl_con, session->sock) != 1)
+		int rc;
+
+		if (SSL_set_fd(session->ssl_con, session->sock) != 1)
 		{
 			trace_dsn("Can't set fd!\n");
+			popup_system_error(&h3270,_( "Connection failed error" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(session->ssl_con));
 		}
  
-		if (SSL_connect(ssl_con) != 1)
+		non_blocking(False);
+		rc = SSL_connect(session->ssl_con);
+
+		if(rc != 1)
 		{
-			unsigned long e = ERR_get_error();
+			unsigned long 	  e		= ERR_get_error();
+			const char  	* state	= SSL_state_string_long(session->ssl_con);
+
+			trace_dsn("TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);
+
+			host_disconnect(session,True);
+
 			if(e != session->last_ssl_error)
 			{
-				popup_system_error(&h3270,_( "Connection failed error" ), _( "SSL negotiation failed" ), "%s", SSL_state_string_long(ssl_con));
+				session->message(	&h3270,
+									LIB3270_NOTIFY_ERROR,
+									_( "Connection failed" ),
+									_( "SSL negotiation failed" ),
+									state);
 				session->last_ssl_error = e;
 			}
-
-			trace_dsn("TLS/SSL tunneled connection failed with error %ld.",e);
-			trace("%s: SSL_connect failed with error %ld",__FUNCTION__,e);
-			host_disconnect(session,True);
 			return;
+
 		}
+		non_blocking(True);
+
 		session->secure_connection = True;
 		trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
  
@@ -864,15 +858,11 @@ static void net_connected(H3270 *session)
  */
 static void connection_complete(void)
 {
-/*
-#if !defined(_WIN32)
 	if (non_blocking(False) < 0)
 	{
 		host_disconnect(&h3270,True);
 		return;
 	}
-#endif
-*/
 	host_connected(&h3270);
 	net_connected(&h3270);
 }
@@ -903,14 +893,14 @@ static void output_possible(H3270 *session)
  * net_disconnect
  *	Shut down the socket.
  */
-void
-net_disconnect(void)
+void net_disconnect(void)
 {
 #if defined(HAVE_LIBSSL) /*[*/
-	if (ssl_con != NULL) {
-		SSL_shutdown(ssl_con);
-		SSL_free(ssl_con);
-		ssl_con = NULL;
+	if (h3270.ssl_con != NULL)
+	{
+		SSL_shutdown(h3270.ssl_con);
+		SSL_free(h3270.ssl_con);
+		h3270.ssl_con = NULL;
 	}
 	h3270.secure_connection = False;
 #endif /*]*/
@@ -991,13 +981,13 @@ void net_input(H3270 *session)
 		ansi_data = 0;
 #endif /*]*/
  
-#if defined(_WIN32) /*[*/
-		(void) ResetEvent(session->sock_handle);
-#endif /*]*/
+// #if defined(_WIN32)
+//		(void) ResetEvent(session->sock_handle);
+//#endif /*]*/
  
 #if defined(HAVE_LIBSSL)
-		if (ssl_con != NULL)
-			nr = SSL_read(ssl_con, (char *) netrbuf, BUFSZ);
+		if (session->ssl_con != NULL)
+			nr = SSL_read(session->ssl_con, (char *) netrbuf, BUFSZ);
 		else
 #endif // HAVE_LIBSSL
 /*
@@ -1013,7 +1003,7 @@ void net_input(H3270 *session)
 				return;
 			}
 #if defined(HAVE_LIBSSL) /*[*/
-			if (ssl_con != NULL)
+			if(session->ssl_con != NULL)
 			{
 				unsigned long e;
 				char err_buf[120];
@@ -1026,11 +1016,11 @@ void net_input(H3270 *session)
  
 				trace_dsn("RCVD SSL_read error %ld (%s)\n", e,err_buf);
  
-				lib3270_popup_dialog(	session,
-									LIB3270_NOTIFY_CRITICAL,
-									N_( "SSL Error" ),
-									N_( "SSL Read error" ),
-									"%s", err_buf);
+				h3270.message(	&h3270,
+								LIB3270_NOTIFY_ERROR,
+								_( "SSL Error" ),
+								_( "SSL Read error" ),
+								err_buf );
  
 				host_disconnect(session,True);
 				return;
@@ -1074,13 +1064,11 @@ void net_input(H3270 *session)
  
 		if (HALF_CONNECTED)
 		{
-/*
 			if (non_blocking(False) < 0)
 			{
 				host_disconnect(session,True);
 				return;
 			}
-*/
 			host_connected(session);
 			net_connected(session);
 		}
@@ -2022,8 +2010,8 @@ net_rawout(unsigned const char *buf, int len)
 #		define n2w len
 #endif
 #if defined(HAVE_LIBSSL) /*[*/
-		if (ssl_con != NULL)
-			nw = SSL_write(ssl_con, (const char *) buf, n2w);
+		if(h3270.ssl_con != NULL)
+			nw = SSL_write(h3270.ssl_con, (const char *) buf, n2w);
 		else
 #endif /*]*/
  
@@ -2037,7 +2025,8 @@ net_rawout(unsigned const char *buf, int len)
 			nw = send(h3270.sock, (const char *) buf, n2w, 0);
 		if (nw < 0) {
 #if defined(HAVE_LIBSSL) /*[*/
-			if (ssl_con != NULL) {
+			if (h3270.ssl_con != NULL)
+			{
 				unsigned long e;
 				char err_buf[120];
  
@@ -3196,11 +3185,11 @@ net_snap_options(void)
 /*
  * Set blocking/non-blocking mode on the socket.  On error, pops up an error
  * message, but does not close the socket.
- */ /*
-static int
-non_blocking(Boolean on)
+ */
+static int non_blocking(Boolean on)
 {
 #if !defined(BLOCKING_CONNECT_ONLY)
+
 # if defined(FIONBIO)
 	int i = on ? 1 : 0;
  
@@ -3209,7 +3198,9 @@ non_blocking(Boolean on)
 		popup_a_sockerr(NULL, N_( "ioctl(%s)" ), "FIONBIO");
 		return -1;
 	}
+
 # else
+
 	int f;
  
 	if ((f = fcntl(sock, F_GETFL, 0)) == -1)
@@ -3226,42 +3217,52 @@ non_blocking(Boolean on)
 		popup_an_errno(NULL,errno, N_( "fcntl(%s)" ), "F_GETFL");
 		return -1;
 	}
-# endif
-#endif
+#endif // FIONBIO
+
+#endif // !BLOCKING_CONNECT_ONLY
+
 	return 0;
 }
-*/
  
 #if defined(HAVE_LIBSSL) /*[*/
  
 /* Initialize the OpenSSL library. */
-static void ssl_init(void)
+static void ssl_init(H3270 *session)
 {
-	static Boolean ssl_initted = False;
+	static SSL_CTX *ssl_ctx = NULL;
  
-	if (!ssl_initted) {
+	if(ssl_ctx == NULL)
+	{
+		lib3270_write_log(session,"%s","Initializing SSL context");
 		SSL_load_error_strings();
 		SSL_library_init();
-		ssl_initted = True;
 		ssl_ctx = SSL_CTX_new(SSLv23_method());
-		if (ssl_ctx == NULL) {
+		if(ssl_ctx == NULL)
+		{
 			popup_an_error(NULL,"SSL_CTX_new failed");
-			h3270.ssl_host = False;
+			session->ssl_host = False;
 			return;
 		}
 		SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+		SSL_CTX_set_info_callback(ssl_ctx, client_info_callback);
+		SSL_CTX_set_default_verify_paths(ssl_ctx);
 	}
  
-	ssl_con = SSL_new(ssl_ctx);
-	if (ssl_con == NULL) {
-		popup_an_error(NULL,"SSL_new failed");
-		h3270.ssl_host = False;
+	if(session->ssl_con)
+		SSL_free(session->ssl_con);
+
+	session->ssl_con = SSL_new(ssl_ctx);
+	if(session->ssl_con == NULL)
+	{
+		popup_an_error(session,"SSL_new failed");
+		session->ssl_host = False;
+		return;
 	}
-	SSL_set_verify(ssl_con, 0/*xxx*/, NULL);
  
-	SSL_CTX_set_info_callback(ssl_ctx, client_info_callback);
+	SSL_set_verify(session->ssl_con, 0/*xxx*/, NULL);
  
 	/* XXX: May need to get key file and password. */
+	/*
 	if (appres.cert_file)
 	{
 		if (!(SSL_CTX_use_certificate_chain_file(ssl_ctx,
@@ -3277,8 +3278,7 @@ static void ssl_init(void)
 					appres.cert_file, err_buf);
 		}
 	}
-
-	SSL_CTX_set_default_verify_paths(ssl_ctx);
+	*/
 }
  
 /* Callback for tracing protocol negotiation. */
@@ -3343,8 +3343,7 @@ static void client_info_callback(INFO_CONST SSL *s, int where, int ret)
 }
  
 /* Process a STARTTLS subnegotiation. */
-static void
-continue_tls(unsigned char *sbbuf, int len)
+static void continue_tls(unsigned char *sbbuf, int len)
 {
 	int rv;
  
@@ -3364,15 +3363,17 @@ continue_tls(unsigned char *sbbuf, int len)
 	trace_dsn("%s FOLLOWS %s\n", opt(TELOPT_STARTTLS), cmd(SE));
  
 	/* Initialize the SSL library. */
-	ssl_init();
-	if (ssl_con == NULL) {
+	ssl_init(&h3270);
+	if(h3270.ssl_con == NULL)
+	{
 		/* Failed. */
 		net_disconnect();
 		return;
 	}
  
 	/* Set up the TLS/SSL connection. */
-	if (SSL_set_fd(ssl_con, h3270.sock) != 1) {
+	if(SSL_set_fd(h3270.ssl_con, h3270.sock) != 1)
+	{
 		trace_dsn("Can't set fd!\n");
 	}
  
@@ -3382,7 +3383,7 @@ continue_tls(unsigned char *sbbuf, int len)
 //	(void) non_blocking(False);
 //#endif
  
-	rv = SSL_connect(ssl_con);
+	rv = SSL_connect(h3270.ssl_con);
  
 //#if defined(_WIN32)
 //	// Make the socket non-blocking again for event processing
...	...	@@ -985,9 +985,17 @@ LIB3270_EXPORT int lib3270_call_thread(int(callback)(H3270 h, void ), H3270
985	985
986	986	lib3270_main_iterate(0);
987	987	if(callbacks->callthread)
	988	+ {
	989	+ h->bgthread = 1;
	990	+ trace("%s: background thread for %p starts",__FUNCTION__,h);
988	991	rc = callbacks->callthread(callback,h,parm);
	992	+ trace("%s: background thread for %p ends",__FUNCTION__,h);
	993	+ h->bgthread = 0;
	994	+ }
989	995	else
	996	+ {
990	997	rc = callback(h,parm);
	998	+ }
991	999	lib3270_main_iterate(0);
992	1000
993	1001	if(h->set_timer)
...	...
...	...	@@ -111,6 +111,13 @@ static void set_cursor(H3270 *session, LIB3270_CURSOR id)
111	111	{
112	112	}
113	113
	114	+static void message(H3270 session, LIB3270_NOTIFY id , const char title, const char message, const char text)
	115	+{
	116	+ lib3270_write_log(session,"%s",title);
	117	+ lib3270_write_log(session,"%s",message);
	118	+ lib3270_write_log(session,"%s",text);
	119	+}
	120	+
114	121	static void lib3270_session_init(H3270 hSession, const char model)
115	122	{
116	123	int ovc, ovr;
...	...	@@ -136,6 +143,7 @@ static void lib3270_session_init(H3270 hSession, const char model)
136	143	hSession->update_oia = update_oia;
137	144	hSession->update_selection = update_selection;
138	145	hSession->cursor = set_cursor;
	146	+ hSession->message = message;
139	147
140	148	hSession->sock = -1;
141	149	hSession->model_num = -1;
...	...
...	...	@@ -596,6 +596,8 @@ void show_3270_popup_dialog(H3270 session, LIB3270_NOTIFY type, const char tit
596	596	{
597	597	CHECK_SESSION_HANDLE(session);
598	598
	599	+ trace("%s: title=%s msg=%s",__FUNCTION__,title,msg);
	600	+
599	601	if(!fmt)
600	602	fmt = "";
601	603
...	...	@@ -618,6 +620,8 @@ void Error(H3270 session, const char fmt, ...)
618	620
619	621	CHECK_SESSION_HANDLE(session);
620	622
	623	+ trace("%s: title=%s fmt=%s",__FUNCTION__,"3270 Error",fmt);
	624	+
621	625	va_start(arg_ptr, fmt);
622	626	popup_handler(session,session->widget,LIB3270_NOTIFY_ERROR, _( "3270 Error" ),NULL,fmt,arg_ptr);
623	627	va_end(arg_ptr);
...	...	@@ -630,6 +634,8 @@ void Warning(H3270 session, const char fmt, ...)
630	634
631	635	CHECK_SESSION_HANDLE(session);
632	636
	637	+ trace("%s: title=%s fmt=%s",__FUNCTION__,"3270 Warning",fmt);
	638	+
633	639	va_start(arg_ptr, fmt);
634	640	popup_handler(session,session->widget,LIB3270_NOTIFY_WARNING, _( "3270 Warning" ),NULL,fmt,arg_ptr);
635	641	va_end(arg_ptr);
...	...	@@ -643,6 +649,8 @@ extern void popup_an_error(H3270 session, const char fmt, ...)
643	649
644	650	CHECK_SESSION_HANDLE(session);
645	651
	652	+ trace("%s: title=%s fmt=%s",__FUNCTION__,"3270 Error",fmt);
	653	+
646	654	va_start(args, fmt);
647	655	popup_handler(session,session->widget,LIB3270_NOTIFY_ERROR,_( "3270 Error" ),NULL,fmt,args);
648	656	va_end(args);
...	...	@@ -655,6 +663,8 @@ void popup_system_error(H3270 session, const char title, const char *message,
655	663
656	664	CHECK_SESSION_HANDLE(session);
657	665
	666	+ trace("%s: title=%s msg=%s",__FUNCTION__,"3270 Error",message);
	667	+
658	668	va_start(args, fmt);
659	669	popup_handler(session,session->widget,LIB3270_NOTIFY_ERROR,title ? title : _( "3270 Error" ), message,fmt,args);
660	670	va_end(args);
...	...	@@ -764,6 +774,8 @@ LIB3270_EXPORT void lib3270_popup_dialog(H3270 *session, LIB3270_NOTIFY id , con
764	774
765	775	CHECK_SESSION_HANDLE(session);
766	776
	777	+ trace("%s: title=%s msg=%s",__FUNCTION__,"3270 Error",message);
	778	+
767	779	va_start(args, fmt);
768	780	popup_handler(session,session->widget,id,title ? title : _( "3270 Error" ), message,fmt,args);
769	781	va_end(args);
...	...
...	...	@@ -61,10 +61,6 @@
61	61	#endif /]/
62	62	#include <stdarg.h>
63	63
64		-#if defined(HAVE_LIBSSL) /[/
65		- #include <openssl/ssl.h>
66		- #include <openssl/err.h>
67		-#endif /]/
68	64	#include "tn3270e.h"
69	65	#include "3270ds.h"
70	66
...	...	@@ -196,7 +192,7 @@ static void net_rawout(unsigned const char *buf, int len);
196	192	static void check_in3270(void);
197	193	static void store3270in(unsigned char c);
198	194	static void check_linemode(Boolean init);
199		-// static int non_blocking(Boolean on);
	195	+static int non_blocking(Boolean on);
200	196	static void net_connected(H3270 *session);
201	197	#if defined(X3270_TN3270E) /[/
202	198	static int tn3270e_negotiate(void);
...	...	@@ -308,11 +304,13 @@ static const char *trsp_flag[2] = { "POSITIVE-RESPONSE", "NEGATIVE-RESPONSE" };
308	304	#define XMIT_COLS h3270.maxCOLS
309	305	// #endif /]/
310	306
	307	+// #if defined(HAVE_LIBSSL)
	308	+// static SSL *ssl_con;
	309	+// #endif
	310	+
311	311	#if defined(HAVE_LIBSSL) /[/
312		-static SSL_CTX *ssl_ctx;
313		-static SSL *ssl_con;
314	312	static Boolean need_tls_follows = False;
315		-static void ssl_init(void);
	313	+static void ssl_init(H3270 *session);
316	314	#if OPENSSL_VERSION_NUMBER >= 0x00907000L /[/
317	315	#define INFO_CONST const
318	316	#else /][/
...	...	@@ -600,14 +598,8 @@ int net_connect(H3270 session, const char host, char *portname, Boolean ls, Bo
600	598	#endif
601	599
602	600	/* set the socket to be non-delaying */
603		-/*
604		-#if defined(_WIN32)
605		- if (non_blocking(False) < 0)
606		-#else
607	601	if (non_blocking(True) < 0)
608		-#endif
609	602	close_fail;
610		-*/
611	603
612	604	#if !defined(_WIN32)
613	605	/* don't share the socket with our children */
...	...	@@ -616,26 +608,14 @@ int net_connect(H3270 session, const char host, char *portname, Boolean ls, Bo
616	608
617	609	/* init ssl */
618	610	#if defined(HAVE_LIBSSL)
619		- session->last_ssl_error = 0;
	611	+ session->last_ssl_error = !0;
620	612	if (session->ssl_host)
621		- ssl_init();
	613	+ ssl_init(session);
622	614	#endif
623	615
624	616	/* connect */
625	617	status_connecting(session,1);
626	618
627		- if(connect_sock(session, session->sock, &haddr.sa,ha_len) == 0)
628		- {
629		- trace_dsn("Connected.\n");
630		- net_connected(session);
631		- }
632		- else
633		- {
634		- popup_a_sockerr(session, N_( "Can't connect to %s:%d" ),session->hostname, session->current_port);
635		- close_fail;
636		- }
637		-
638		-/*
639	619	switch(connect_sock(session, session->sock, &haddr.sa,ha_len))
640	620	{
641	621	case 0: // Connected
...	...	@@ -650,9 +630,9 @@ int net_connect(H3270 session, const char host, char *portname, Boolean ls, Bo
650	630	case SE_EINPROGRESS:
651	631	*pending = True;
652	632	trace_dsn("Connection pending.\n");
653		-#if !defined(_WIN32)
	633	+// #if !defined(_WIN32)
654	634	output_id = AddOutput(session->sock, session, output_possible);
655		-#endif
	635	+// #endif
656	636	break;
657	637
658	638	default:
...	...	@@ -660,7 +640,6 @@ int net_connect(H3270 session, const char host, char *portname, Boolean ls, Bo
660	640	close_fail;
661	641
662	642	}
663		-*/
664	643
665	644	/* set up temporary termtype */
666	645	if (appres.termname == CN && session->std_ds_host)
...	...	@@ -784,25 +763,40 @@ static void net_connected(H3270 *session)
784	763	/* Set up SSL. */
785	764	if(session->ssl_host && !session->secure_connection)
786	765	{
787		- if (SSL_set_fd(ssl_con, session->sock) != 1)
	766	+ int rc;
	767	+
	768	+ if (SSL_set_fd(session->ssl_con, session->sock) != 1)
788	769	{
789	770	trace_dsn("Can't set fd!\n");
	771	+ popup_system_error(&h3270,_( "Connection failed error" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(session->ssl_con));
790	772	}
791	773
792		- if (SSL_connect(ssl_con) != 1)
	774	+ non_blocking(False);
	775	+ rc = SSL_connect(session->ssl_con);
	776	+
	777	+ if(rc != 1)
793	778	{
794		- unsigned long e = ERR_get_error();
	779	+ unsigned long e = ERR_get_error();
	780	+ const char * state = SSL_state_string_long(session->ssl_con);
	781	+
	782	+ trace_dsn("TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);
	783	+
	784	+ host_disconnect(session,True);
	785	+
795	786	if(e != session->last_ssl_error)
796	787	{
797		- popup_system_error(&h3270,_( "Connection failed error" ), _( "SSL negotiation failed" ), "%s", SSL_state_string_long(ssl_con));
	788	+ session->message( &h3270,
	789	+ LIB3270_NOTIFY_ERROR,
	790	+ _( "Connection failed" ),
	791	+ _( "SSL negotiation failed" ),
	792	+ state);
798	793	session->last_ssl_error = e;
799	794	}
800		-
801		- trace_dsn("TLS/SSL tunneled connection failed with error %ld.",e);
802		- trace("%s: SSL_connect failed with error %ld",__FUNCTION__,e);
803		- host_disconnect(session,True);
804	795	return;
	796	+
805	797	}
	798	+ non_blocking(True);
	799	+
806	800	session->secure_connection = True;
807	801	trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
808	802
...	...	@@ -864,15 +858,11 @@ static void net_connected(H3270 *session)
864	858	*/
865	859	static void connection_complete(void)
866	860	{
867		-/*
868		-#if !defined(_WIN32)
869	861	if (non_blocking(False) < 0)
870	862	{
871	863	host_disconnect(&h3270,True);
872	864	return;
873	865	}
874		-#endif
875		-*/
876	866	host_connected(&h3270);
877	867	net_connected(&h3270);
878	868	}
...	...	@@ -903,14 +893,14 @@ static void output_possible(H3270 *session)
903	893	* net_disconnect
904	894	* Shut down the socket.
905	895	*/
906		-void
907		-net_disconnect(void)
	896	+void net_disconnect(void)
908	897	{
909	898	#if defined(HAVE_LIBSSL) /[/
910		- if (ssl_con != NULL) {
911		- SSL_shutdown(ssl_con);
912		- SSL_free(ssl_con);
913		- ssl_con = NULL;
	899	+ if (h3270.ssl_con != NULL)
	900	+ {
	901	+ SSL_shutdown(h3270.ssl_con);
	902	+ SSL_free(h3270.ssl_con);
	903	+ h3270.ssl_con = NULL;
914	904	}
915	905	h3270.secure_connection = False;
916	906	#endif /]/
...	...	@@ -991,13 +981,13 @@ void net_input(H3270 *session)
991	981	ansi_data = 0;
992	982	#endif /]/
993	983
994		-#if defined(_WIN32) /[/
995		- (void) ResetEvent(session->sock_handle);
996		-#endif /]/
	984	+// #if defined(_WIN32)
	985	+// (void) ResetEvent(session->sock_handle);
	986	+//#endif /]/
997	987
998	988	#if defined(HAVE_LIBSSL)
999		- if (ssl_con != NULL)
1000		- nr = SSL_read(ssl_con, (char *) netrbuf, BUFSZ);
	989	+ if (session->ssl_con != NULL)
	990	+ nr = SSL_read(session->ssl_con, (char *) netrbuf, BUFSZ);
1001	991	else
1002	992	#endif // HAVE_LIBSSL
1003	993	/*
...	...	@@ -1013,7 +1003,7 @@ void net_input(H3270 *session)
1013	1003	return;
1014	1004	}
1015	1005	#if defined(HAVE_LIBSSL) /[/
1016		- if (ssl_con != NULL)
	1006	+ if(session->ssl_con != NULL)
1017	1007	{
1018	1008	unsigned long e;
1019	1009	char err_buf[120];
...	...	@@ -1026,11 +1016,11 @@ void net_input(H3270 *session)
1026	1016
1027	1017	trace_dsn("RCVD SSL_read error %ld (%s)\n", e,err_buf);
1028	1018
1029		- lib3270_popup_dialog( session,
1030		- LIB3270_NOTIFY_CRITICAL,
1031		- N_( "SSL Error" ),
1032		- N_( "SSL Read error" ),
1033		- "%s", err_buf);
	1019	+ h3270.message( &h3270,
	1020	+ LIB3270_NOTIFY_ERROR,
	1021	+ _( "SSL Error" ),
	1022	+ _( "SSL Read error" ),
	1023	+ err_buf );
1034	1024
1035	1025	host_disconnect(session,True);
1036	1026	return;
...	...	@@ -1074,13 +1064,11 @@ void net_input(H3270 *session)
1074	1064
1075	1065	if (HALF_CONNECTED)
1076	1066	{
1077		-/*
1078	1067	if (non_blocking(False) < 0)
1079	1068	{
1080	1069	host_disconnect(session,True);
1081	1070	return;
1082	1071	}
1083		-*/
1084	1072	host_connected(session);
1085	1073	net_connected(session);
1086	1074	}
...	...	@@ -2022,8 +2010,8 @@ net_rawout(unsigned const char *buf, int len)
2022	2010	# define n2w len
2023	2011	#endif
2024	2012	#if defined(HAVE_LIBSSL) /[/
2025		- if (ssl_con != NULL)
2026		- nw = SSL_write(ssl_con, (const char *) buf, n2w);
	2013	+ if(h3270.ssl_con != NULL)
	2014	+ nw = SSL_write(h3270.ssl_con, (const char *) buf, n2w);
2027	2015	else
2028	2016	#endif /]/
2029	2017
...	...	@@ -2037,7 +2025,8 @@ net_rawout(unsigned const char *buf, int len)
2037	2025	nw = send(h3270.sock, (const char *) buf, n2w, 0);
2038	2026	if (nw < 0) {
2039	2027	#if defined(HAVE_LIBSSL) /[/
2040		- if (ssl_con != NULL) {
	2028	+ if (h3270.ssl_con != NULL)
	2029	+ {
2041	2030	unsigned long e;
2042	2031	char err_buf[120];
2043	2032
...	...	@@ -3196,11 +3185,11 @@ net_snap_options(void)
3196	3185	/*
3197	3186	* Set blocking/non-blocking mode on the socket. On error, pops up an error
3198	3187	* message, but does not close the socket.
3199		- / /
3200		-static int
3201		-non_blocking(Boolean on)
	3188	+ */
	3189	+static int non_blocking(Boolean on)
3202	3190	{
3203	3191	#if !defined(BLOCKING_CONNECT_ONLY)
	3192	+
3204	3193	# if defined(FIONBIO)
3205	3194	int i = on ? 1 : 0;
3206	3195
...	...	@@ -3209,7 +3198,9 @@ non_blocking(Boolean on)
3209	3198	popup_a_sockerr(NULL, N_( "ioctl(%s)" ), "FIONBIO");
3210	3199	return -1;
3211	3200	}
	3201	+
3212	3202	# else
	3203	+
3213	3204	int f;
3214	3205
3215	3206	if ((f = fcntl(sock, F_GETFL, 0)) == -1)
...	...	@@ -3226,42 +3217,52 @@ non_blocking(Boolean on)
3226	3217	popup_an_errno(NULL,errno, N_( "fcntl(%s)" ), "F_GETFL");
3227	3218	return -1;
3228	3219	}
3229		-# endif
3230		-#endif
	3220	+#endif // FIONBIO
	3221	+
	3222	+#endif // !BLOCKING_CONNECT_ONLY
	3223	+
3231	3224	return 0;
3232	3225	}
3233		-*/
3234	3226
3235	3227	#if defined(HAVE_LIBSSL) /[/
3236	3228
3237	3229	/* Initialize the OpenSSL library. */
3238		-static void ssl_init(void)
	3230	+static void ssl_init(H3270 *session)
3239	3231	{
3240		- static Boolean ssl_initted = False;
	3232	+ static SSL_CTX *ssl_ctx = NULL;
3241	3233
3242		- if (!ssl_initted) {
	3234	+ if(ssl_ctx == NULL)
	3235	+ {
	3236	+ lib3270_write_log(session,"%s","Initializing SSL context");
3243	3237	SSL_load_error_strings();
3244	3238	SSL_library_init();
3245		- ssl_initted = True;
3246	3239	ssl_ctx = SSL_CTX_new(SSLv23_method());
3247		- if (ssl_ctx == NULL) {
	3240	+ if(ssl_ctx == NULL)
	3241	+ {
3248	3242	popup_an_error(NULL,"SSL_CTX_new failed");
3249		- h3270.ssl_host = False;
	3243	+ session->ssl_host = False;
3250	3244	return;
3251	3245	}
3252	3246	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
	3247	+ SSL_CTX_set_info_callback(ssl_ctx, client_info_callback);
	3248	+ SSL_CTX_set_default_verify_paths(ssl_ctx);
3253	3249	}
3254	3250
3255		- ssl_con = SSL_new(ssl_ctx);
3256		- if (ssl_con == NULL) {
3257		- popup_an_error(NULL,"SSL_new failed");
3258		- h3270.ssl_host = False;
	3251	+ if(session->ssl_con)
	3252	+ SSL_free(session->ssl_con);
	3253	+
	3254	+ session->ssl_con = SSL_new(ssl_ctx);
	3255	+ if(session->ssl_con == NULL)
	3256	+ {
	3257	+ popup_an_error(session,"SSL_new failed");
	3258	+ session->ssl_host = False;
	3259	+ return;
3259	3260	}
3260		- SSL_set_verify(ssl_con, 0/xxx/, NULL);
3261	3261
3262		- SSL_CTX_set_info_callback(ssl_ctx, client_info_callback);
	3262	+ SSL_set_verify(session->ssl_con, 0/xxx/, NULL);
3263	3263
3264	3264	/* XXX: May need to get key file and password. */
	3265	+ /*
3265	3266	if (appres.cert_file)
3266	3267	{
3267	3268	if (!(SSL_CTX_use_certificate_chain_file(ssl_ctx,
...	...	@@ -3277,8 +3278,7 @@ static void ssl_init(void)
3277	3278	appres.cert_file, err_buf);
3278	3279	}
3279	3280	}
3280		-
3281		- SSL_CTX_set_default_verify_paths(ssl_ctx);
	3281	+ */
3282	3282	}
3283	3283
3284	3284	/* Callback for tracing protocol negotiation. */
...	...	@@ -3343,8 +3343,7 @@ static void client_info_callback(INFO_CONST SSL *s, int where, int ret)
3343	3343	}
3344	3344
3345	3345	/* Process a STARTTLS subnegotiation. */
3346		-static void
3347		-continue_tls(unsigned char *sbbuf, int len)
	3346	+static void continue_tls(unsigned char *sbbuf, int len)
3348	3347	{
3349	3348	int rv;
3350	3349
...	...	@@ -3364,15 +3363,17 @@ continue_tls(unsigned char *sbbuf, int len)
3364	3363	trace_dsn("%s FOLLOWS %s\n", opt(TELOPT_STARTTLS), cmd(SE));
3365	3364
3366	3365	/* Initialize the SSL library. */
3367		- ssl_init();
3368		- if (ssl_con == NULL) {
	3366	+ ssl_init(&h3270);
	3367	+ if(h3270.ssl_con == NULL)
	3368	+ {
3369	3369	/* Failed. */
3370	3370	net_disconnect();
3371	3371	return;
3372	3372	}
3373	3373
3374	3374	/* Set up the TLS/SSL connection. */
3375		- if (SSL_set_fd(ssl_con, h3270.sock) != 1) {
	3375	+ if(SSL_set_fd(h3270.ssl_con, h3270.sock) != 1)
	3376	+ {
3376	3377	trace_dsn("Can't set fd!\n");
3377	3378	}
3378	3379
...	...	@@ -3382,7 +3383,7 @@ continue_tls(unsigned char *sbbuf, int len)
3382	3383	// (void) non_blocking(False);
3383	3384	//#endif
3384	3385
3385		- rv = SSL_connect(ssl_con);
	3386	+ rv = SSL_connect(h3270.ssl_con);
3386	3387
3387	3388	//#if defined(_WIN32)
3388	3389	// // Make the socket non-blocking again for event processing
...	...