Commit a6a2963b26b3dd9776944b14e7c12508b7304d46
1 parent
ad33d466
Exists in
master
and in
3 other branches
The CRL URL is now a writable property.
Showing
3 changed files
with
66 additions
and
10 deletions
Show diff stats
src/include/lib3270.h
... | ... | @@ -466,6 +466,17 @@ |
466 | 466 | LIB3270_EXPORT int lib3270_set_url(H3270 *h, const char *url); |
467 | 467 | |
468 | 468 | /** |
469 | + * @brief Set URL for the certificate revocation list. | |
470 | + * | |
471 | + * @param hSession Session handle. | |
472 | + * @param crl URL for the certificate revocation list. | |
473 | + * | |
474 | + * @return 0 on sucess, non zero on error (sets errno). | |
475 | + * | |
476 | + */ | |
477 | + LIB3270_EXPORT int lib3270_set_crl(H3270 *hSession, const char *crl); | |
478 | + | |
479 | + /** | |
469 | 480 | * @brief Get hostname for the connect/reconnect operations. |
470 | 481 | * |
471 | 482 | * @param h Session handle. |
... | ... | @@ -1174,7 +1185,7 @@ |
1174 | 1185 | |
1175 | 1186 | LIB3270_EXPORT void * lib3270_malloc(int len); |
1176 | 1187 | LIB3270_EXPORT void * lib3270_realloc(void *p, int len); |
1177 | - LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr); | |
1188 | +// LIB3270_EXPORT void * lib3270_replace(void **p, void *ptr); | |
1178 | 1189 | LIB3270_EXPORT void * lib3270_strdup(const char *str); |
1179 | 1190 | |
1180 | 1191 | #define LIB3270_AUTOPTR_FUNC_NAME(TypeName) lib3270_autoptr_cleanup_##TypeName | ... | ... |
src/lib3270/properties.c
... | ... | @@ -285,6 +285,43 @@ |
285 | 285 | return lib3270_get_revision(); |
286 | 286 | } |
287 | 287 | |
288 | + int lib3270_set_crl(H3270 *hSession, const char *crl) | |
289 | + { | |
290 | + | |
291 | + FAIL_IF_ONLINE(hSession); | |
292 | + | |
293 | +#ifdef SSL_ENABLE_CRL_CHECK | |
294 | + | |
295 | + if(hSession->ssl.crl) | |
296 | + { | |
297 | + free(hSession->ssl.crl); | |
298 | + hSession->ssl.crl = NULL; | |
299 | + } | |
300 | + | |
301 | + if(crl) | |
302 | + { | |
303 | + hSession->ssl.crl = strdup(crl); | |
304 | + } | |
305 | + | |
306 | + return 0; | |
307 | + | |
308 | +#else | |
309 | + | |
310 | + return errno = ENOTSUP; | |
311 | + | |
312 | +#endif // SSL_ENABLE_CRL_CHECK | |
313 | + | |
314 | + } | |
315 | + | |
316 | + static const char * lib3270_get_crl(H3270 *hSession) | |
317 | + { | |
318 | +#ifdef SSL_ENABLE_CRL_CHECK | |
319 | + if(hSession->ssl.crl) | |
320 | + return hSession->ssl.crl; | |
321 | +#endif | |
322 | + return ""; | |
323 | + } | |
324 | + | |
288 | 325 | LIB3270_EXPORT const LIB3270_STRING_PROPERTY * lib3270_get_string_properties_list(void) |
289 | 326 | { |
290 | 327 | static const LIB3270_STRING_PROPERTY properties[] = { |
... | ... | @@ -345,6 +382,14 @@ |
345 | 382 | NULL // Set value. |
346 | 383 | }, |
347 | 384 | |
385 | + { | |
386 | + "crl", // Property name. | |
387 | + N_( "URL for the CRL file" ), // Property description. | |
388 | + lib3270_get_crl, // Get value. | |
389 | + lib3270_set_crl, // Set value. | |
390 | + }, | |
391 | + | |
392 | + | |
348 | 393 | /* |
349 | 394 | { |
350 | 395 | "", // Property name. | ... | ... |
src/lib3270/ssl/negotiate.c
... | ... | @@ -217,7 +217,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
217 | 217 | default: |
218 | 218 | |
219 | 219 | debug("Unexpected or invalid TLS/SSL verify result %d",rv); |
220 | - trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | |
220 | + trace_ssl(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | |
221 | 221 | } |
222 | 222 | |
223 | 223 | if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) |
... | ... | @@ -226,7 +226,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
226 | 226 | int alg_bits = 0; |
227 | 227 | const SSL_CIPHER * cipher = SSL_get_current_cipher(hSession->ssl.con); |
228 | 228 | |
229 | - trace_dsn(hSession,"TLS/SSL cipher description: %s",SSL_CIPHER_description((SSL_CIPHER *) cipher, buffer, 4095)); | |
229 | + trace_ssl(hSession,"TLS/SSL cipher description: %s",SSL_CIPHER_description((SSL_CIPHER *) cipher, buffer, 4095)); | |
230 | 230 | SSL_CIPHER_get_bits(cipher, &alg_bits); |
231 | 231 | trace_ssl(hSession,"%s version %s with %d bits\n", |
232 | 232 | SSL_CIPHER_get_name(cipher), |
... | ... | @@ -342,16 +342,16 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
342 | 342 | switch(where) |
343 | 343 | { |
344 | 344 | case SSL_CB_CONNECT_LOOP: |
345 | - trace_dsn(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s)); | |
345 | + trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s)); | |
346 | 346 | break; |
347 | 347 | |
348 | 348 | case SSL_CB_CONNECT_EXIT: |
349 | 349 | |
350 | - trace_dsn(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__); | |
350 | + trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__); | |
351 | 351 | |
352 | 352 | if (ret == 0) |
353 | 353 | { |
354 | - trace_dsn(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s)); | |
354 | + trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s)); | |
355 | 355 | } |
356 | 356 | else if (ret < 0) |
357 | 357 | { |
... | ... | @@ -379,7 +379,7 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
379 | 379 | err_buf[0] = '\0'; |
380 | 380 | } |
381 | 381 | |
382 | - trace_dsn(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n", | |
382 | + trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n", | |
383 | 383 | ret, |
384 | 384 | err_buf, |
385 | 385 | SSL_state_string_long(s), |
... | ... | @@ -390,7 +390,7 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
390 | 390 | break; |
391 | 391 | |
392 | 392 | default: |
393 | - trace_dsn(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s)); | |
393 | + trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s)); | |
394 | 394 | } |
395 | 395 | |
396 | 396 | #ifdef DEBUG |
... | ... | @@ -401,11 +401,11 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) |
401 | 401 | #endif |
402 | 402 | |
403 | 403 | if(where & SSL_CB_ALERT) |
404 | - trace_dsn(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret)); | |
404 | + trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret)); | |
405 | 405 | |
406 | 406 | if(where & SSL_CB_HANDSHAKE_DONE) |
407 | 407 | { |
408 | - trace_dsn(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s)); | |
408 | + trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s)); | |
409 | 409 | if(SSL_get_state(s) == SSL_ST_OK) |
410 | 410 | set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); |
411 | 411 | else | ... | ... |