Commit a6a2963b26b3dd9776944b14e7c12508b7304d46
1 parent
ad33d466
Exists in
master
and in
3 other branches
The CRL URL is now a writable property.
Showing
3 changed files
with
66 additions
and
10 deletions
Show diff stats
src/include/lib3270.h
| ... | ... | @@ -466,6 +466,17 @@ |
| 466 | 466 | LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *url); |
| 467 | 467 | |
| 468 | 468 | /** |
| 469 | + * @brief Set URL for the certificate revocation list. | |
| 470 | + * | |
| 471 | + * @param hSession Session handle. | |
| 472 | + * @param crl URL for the certificate revocation list. | |
| 473 | + * | |
| 474 | + * @return 0 on sucess, non zero on error (sets errno). | |
| 475 | + * | |
| 476 | + */ | |
| 477 | + LIB3270_EXPORT int lib3270_set_crl(H3270 *hSession, const char *crl); | |
| 478 | + | |
| 479 | + /** | |
| 469 | 480 | * @brief Get hostname for the connect/reconnect operations. |
| 470 | 481 | * |
| 471 | 482 | * @param h Session handle. |
| ... | ... | @@ -1174,7 +1185,7 @@ |
| 1174 | 1185 | |
| 1175 | 1186 | LIB3270_EXPORT void * lib3270_malloc(int len); |
| 1176 | 1187 | LIB3270_EXPORT void * lib3270_realloc(void *p, int len); |
| 1177 | - LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr); | |
| 1188 | +// LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr); | |
| 1178 | 1189 | LIB3270_EXPORT void * lib3270_strdup(const char *str); |
| 1179 | 1190 | |
| 1180 | 1191 | #define LIB3270_AUTOPTR_FUNC_NAME(TypeName) lib3270_autoptr_cleanup_##TypeName | ... | ... |
src/lib3270/properties.c
| ... | ... | @@ -285,6 +285,43 @@ |
| 285 | 285 | return lib3270_get_revision(); |
| 286 | 286 | } |
| 287 | 287 | |
| 288 | + int lib3270_set_crl(H3270 *hSession, const char *crl) | |
| 289 | + { | |
| 290 | + | |
| 291 | + FAIL_IF_ONLINE(hSession); | |
| 292 | + | |
| 293 | +#ifdef SSL_ENABLE_CRL_CHECK | |
| 294 | + | |
| 295 | + if(hSession->ssl.crl) | |
| 296 | + { | |
| 297 | + free(hSession->ssl.crl); | |
| 298 | + hSession->ssl.crl = NULL; | |
| 299 | + } | |
| 300 | + | |
| 301 | + if(crl) | |
| 302 | + { | |
| 303 | + hSession->ssl.crl = strdup(crl); | |
| 304 | + } | |
| 305 | + | |
| 306 | + return 0; | |
| 307 | + | |
| 308 | +#else | |
| 309 | + | |
| 310 | + return errno = ENOTSUP; | |
| 311 | + | |
| 312 | +#endif // SSL_ENABLE_CRL_CHECK | |
| 313 | + | |
| 314 | + } | |
| 315 | + | |
| 316 | + static const char * lib3270_get_crl(H3270 *hSession) | |
| 317 | + { | |
| 318 | +#ifdef SSL_ENABLE_CRL_CHECK | |
| 319 | + if(hSession->ssl.crl) | |
| 320 | + return hSession->ssl.crl; | |
| 321 | +#endif | |
| 322 | + return ""; | |
| 323 | + } | |
| 324 | + | |
| 288 | 325 | LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void) |
| 289 | 326 | { |
| 290 | 327 | static const LIB3270_STRING_PROPERTY properties[] = { |
| ... | ... | @@ -345,6 +382,14 @@ |
| 345 | 382 | NULL // Set value. |
| 346 | 383 | }, |
| 347 | 384 | |
| 385 | + { | |
| 386 | + "crl", // Property name. | |
| 387 | + N_( "URL for the CRL file" ), // Property description. | |
| 388 | + lib3270_get_crl, // Get value. | |
| 389 | + lib3270_set_crl, // Set value. | |
| 390 | + }, | |
| 391 | + | |
| 392 | + | |
| 348 | 393 | /* |
| 349 | 394 | { |
| 350 | 395 | "", // Property name. | ... | ... |
src/lib3270/ssl/negotiate.c
| ... | ... | @@ -217,7 +217,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 217 | 217 | default: |
| 218 | 218 | |
| 219 | 219 | debug("Unexpected or invalid TLS/SSL verify result %d",rv); |
| 220 | - trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | |
| 220 | + trace_ssl(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | |
| 221 | 221 | } |
| 222 | 222 | |
| 223 | 223 | if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) |
| ... | ... | @@ -226,7 +226,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 226 | 226 | int alg_bits = 0; |
| 227 | 227 | const SSL_CIPHER * cipher = SSL_get_current_cipher(hSession->ssl.con); |
| 228 | 228 | |
| 229 | - trace_dsn(hSession,"TLS/SSL cipher description: %s",SSL_CIPHER_description((SSL_CIPHER *) cipher, buffer, 4095)); | |
| 229 | + trace_ssl(hSession,"TLS/SSL cipher description: %s",SSL_CIPHER_description((SSL_CIPHER *) cipher, buffer, 4095)); | |
| 230 | 230 | SSL_CIPHER_get_bits(cipher, &alg_bits); |
| 231 | 231 | trace_ssl(hSession,"%s version %s with %d bits\n", |
| 232 | 232 | SSL_CIPHER_get_name(cipher), |
| ... | ... | @@ -342,16 +342,16 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
| 342 | 342 | switch(where) |
| 343 | 343 | { |
| 344 | 344 | case SSL_CB_CONNECT_LOOP: |
| 345 | - trace_dsn(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s)); | |
| 345 | + trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s)); | |
| 346 | 346 | break; |
| 347 | 347 | |
| 348 | 348 | case SSL_CB_CONNECT_EXIT: |
| 349 | 349 | |
| 350 | - trace_dsn(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__); | |
| 350 | + trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__); | |
| 351 | 351 | |
| 352 | 352 | if (ret == 0) |
| 353 | 353 | { |
| 354 | - trace_dsn(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s)); | |
| 354 | + trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s)); | |
| 355 | 355 | } |
| 356 | 356 | else if (ret < 0) |
| 357 | 357 | { |
| ... | ... | @@ -379,7 +379,7 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
| 379 | 379 | err_buf[0] = '\0'; |
| 380 | 380 | } |
| 381 | 381 | |
| 382 | - trace_dsn(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n", | |
| 382 | + trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n", | |
| 383 | 383 | ret, |
| 384 | 384 | err_buf, |
| 385 | 385 | SSL_state_string_long(s), |
| ... | ... | @@ -390,7 +390,7 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
| 390 | 390 | break; |
| 391 | 391 | |
| 392 | 392 | default: |
| 393 | - trace_dsn(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s)); | |
| 393 | + trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s)); | |
| 394 | 394 | } |
| 395 | 395 | |
| 396 | 396 | #ifdef DEBUG |
| ... | ... | @@ -401,11 +401,11 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
| 401 | 401 | #endif |
| 402 | 402 | |
| 403 | 403 | if(where & SSL_CB_ALERT) |
| 404 | - trace_dsn(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret)); | |
| 404 | + trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret)); | |
| 405 | 405 | |
| 406 | 406 | if(where & SSL_CB_HANDSHAKE_DONE) |
| 407 | 407 | { |
| 408 | - trace_dsn(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s)); | |
| 408 | + trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s)); | |
| 409 | 409 | if(SSL_get_state(s) == SSL_ST_OK) |
| 410 | 410 | set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); |
| 411 | 411 | else | ... | ... |