Melhorando tratamento do indicador de SSL

perry.werneck@gmail.com
1 parent 8a48b002
Showing 4 changed files with 85 additions and 32 deletions Show diff stats
api.h
init.c
screen.c
telnet.c
@@ -157,7 +157,7 @@
  
 		#define OIA_FLAG_BOXSOLID	LIB3270_FLAG_BOXSOLID
 		#define OIA_FLAG_UNDERA		LIB3270_FLAG_UNDERA
-		#define OIA_FLAG_SECURE		LIB3270_FLAG_SECURE
+//		#define OIA_FLAG_SECURE		LIB3270_FLAG_SECURE
 		#define OIA_FLAG_TYPEAHEAD	LIB3270_FLAG_TYPEAHEAD
 		#define OIA_FLAG_PRINTER	LIB3270_FLAG_PRINTER
 		#define OIA_FLAG_REVERSE	LIB3270_FLAG_REVERSE
@@ -356,7 +356,7 @@
 		LOCAL_EXTERN void Input_String(const unsigned char *str);
 		LOCAL_EXTERN void screen_size(int *rows, int *cols);
  
-		#define query_secure_connection(h) lib3270_get_ssl_state(h)
+//		#define query_secure_connection(h) lib3270_get_ssl_state(h)
 		#define lib3270_paste_string(str) lib3270_set_string(NULL,str)
 		#define get_3270_terminal_size(h,r,c) lib3270_get_screen_size(h,r,c)
  
@@ -118,6 +118,10 @@ static void message(H3270 *session, LIB3270_NOTIFY id , const char *title, const
 	lib3270_write_log(session,"%s",text);
 }
  
+static void update_ssl(H3270 *session, LIB3270_SSL_STATE state)
+{
+}
+
 static void lib3270_session_init(H3270 *hSession, const char *model)
 {
 	int 	ovc, ovr;
@@ -144,6 +148,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model)
 	hSession->update_selection	= update_selection;
 	hSession->cursor 			= set_cursor;
 	hSession->message			= message;
+	hSession->update_ssl		= update_ssl;
  
 	hSession->sock = -1;
 	hSession->model_num = -1;
@@ -546,15 +546,19 @@ static void status_connect(H3270 *session, int connected, void *dunno)
 		else
 			id = LIB3270_STATUS_CONNECTED;
  
-#if defined(HAVE_LIBSSL) /*[*/
+/*
+#if defined(HAVE_LIBSSL)
 		set_status(session,OIA_FLAG_SECURE,session->secure_connection);
-#endif /*]*/
+#endif
+*/
  
 	}
 	else
 	{
 		set_status(session,OIA_FLAG_BOXSOLID,False);
+/*
 		set_status(session,OIA_FLAG_SECURE,False);
+*/
  
 		id = LIB3270_STATUS_DISCONNECTED;
 	}
@@ -351,8 +351,19 @@ static void output_possible(H3270 *session);
 #endif /*]*/
  
  
+/*--[ Implement ]------------------------------------------------------------------------------------*/
+
+void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state)
+{
+	if(state == session->secure)
+		return;
+
+	trace_dsn("SSL state changes to %d",(int) state);
+	trace("SSL state changes to %d",(int) state);
+
+	session->update_ssl(session,session->secure = state);
+}
  
-
 #if defined(_WIN32) /*[*/
 void sockstart(H3270 *session)
 {
@@ -477,6 +488,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
  
 #define close_fail { (void) SOCK_CLOSE(session->sock); session->sock = -1; return -1; }
  
+	set_ssl_state(session,LIB3270_SSL_UNSECURE);
+
 #if defined(_WIN32)
 	sockstart(session);
 #endif
@@ -763,44 +776,49 @@ static void net_connected(H3270 *session)
  
 #if defined(HAVE_LIBSSL) /*[*/
 	/* Set up SSL. */
-	if(session->ssl_host && !session->secure_connection)
+	if(session->ssl_con && session->secure == LIB3270_SSL_UNDEFINED)
 	{
 		int rc;
  
+		set_ssl_state(session,LIB3270_SSL_NEGOTIATING);
+
 		if (SSL_set_fd(session->ssl_con, session->sock) != 1)
 		{
 			trace_dsn("Can't set fd!\n");
 			popup_system_error(&h3270,_( "Connection failed" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(session->ssl_con));
+			set_ssl_state(session,LIB3270_SSL_UNSECURE);
 		}
+		else
+		{
+			non_blocking(False);
+			rc = SSL_connect(session->ssl_con);
  
-		non_blocking(False);
-		rc = SSL_connect(session->ssl_con);
+			if(rc != 1)
+			{
+				unsigned long 	  e		= ERR_get_error();
+				const char  	* state	= SSL_state_string_long(session->ssl_con);
  
-		if(rc != 1)
-		{
-			unsigned long 	  e		= ERR_get_error();
-			const char  	* state	= SSL_state_string_long(session->ssl_con);
+				trace_dsn("TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);
  
-			trace_dsn("TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);
+				host_disconnect(session,True);
  
-			host_disconnect(session,True);
+				if(e != session->last_ssl_error)
+				{
+					session->message(	&h3270,
+										LIB3270_NOTIFY_ERROR,
+										_( "Connection failed" ),
+										_( "SSL negotiation failed" ),
+										state);
+					session->last_ssl_error = e;
+				}
+				return;
  
-			if(e != session->last_ssl_error)
-			{
-				session->message(	&h3270,
-									LIB3270_NOTIFY_ERROR,
-									_( "Connection failed" ),
-									_( "SSL negotiation failed" ),
-									state);
-				session->last_ssl_error = e;
 			}
-			return;
-
+			non_blocking(True);
 		}
-		non_blocking(True);
  
-		session->secure_connection = True;
-		trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
+//		session->secure_connection = True;
+//		trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
  
 		/* Tell everyone else again. */
 		host_connected(session);
@@ -897,18 +915,22 @@ static void output_possible(H3270 *session)
  */
 void net_disconnect(void)
 {
-#if defined(HAVE_LIBSSL) /*[*/
+#if defined(HAVE_LIBSSL)
 	if (h3270.ssl_con != NULL)
 	{
 		SSL_shutdown(h3270.ssl_con);
 		SSL_free(h3270.ssl_con);
 		h3270.ssl_con = NULL;
 	}
-	h3270.secure_connection = False;
-#endif /*]*/
+#endif
+
+	set_ssl_state(&h3270,LIB3270_SSL_UNSECURE);
+
 	if (CONNECTED)
 		(void) shutdown(h3270.sock, 2);
+
 	(void) SOCK_CLOSE(h3270.sock);
+
 	h3270.sock = -1;
 	trace_dsn("SENT disconnect\n");
  
@@ -3233,6 +3255,8 @@ static void ssl_init(H3270 *session)
 {
 	static SSL_CTX *ssl_ctx = NULL;
  
+	set_ssl_state(session,LIB3270_SSL_UNDEFINED);
+
 	if(ssl_ctx == NULL)
 	{
 		lib3270_write_log(session,"%s","Initializing SSL context");
@@ -3293,6 +3317,9 @@ static void client_info_callback(INFO_CONST SSL *s, int where, int ret)
 		break;
  
 	case SSL_CB_CONNECT_EXIT:
+
+		trace("%s: SSL_CB_CONNECT_EXIT",__FUNCTION__);
+
 		if (ret == 0)
 		{
 			trace_dsn("SSL_connect: failed in %s\n",SSL_state_string_long(s));
@@ -3349,6 +3376,15 @@ static void client_info_callback(INFO_CONST SSL *s, int where, int ret)
  
 	if(where & SSL_CB_ALERT)
 		lib3270_write_log(NULL,"SSL","ALERT: %s",SSL_alert_type_string_long(ret));
+
+	if(where & SSL_CB_HANDSHAKE_DONE)
+	{
+		trace("%s: SSL_CB_HANDSHAKE_DONE state=%04x",__FUNCTION__,SSL_state(s));
+		if(SSL_state(s) == 0x03)
+			set_ssl_state(&h3270,LIB3270_SSL_SECURE);
+		else
+			set_ssl_state(&h3270,LIB3270_SSL_UNSECURE);
+	}
 }
  
 /* Process a STARTTLS subnegotiation. */
@@ -3406,10 +3442,10 @@ static void continue_tls(unsigned char *sbbuf, int len)
 		return;
 	}
  
-	h3270.secure_connection = True;
+//	h3270.secure_connection = True;
  
 	/* Success. */
-	trace_dsn("TLS/SSL negotiated connection complete. Connection is now secure.\n");
+//	trace_dsn("TLS/SSL negotiated connection complete. Connection is now secure.\n");
  
 	/* Tell the world that we are (still) connected, now in secure mode. */
 	host_connected(&h3270);
@@ -3455,6 +3491,13 @@ net_proxy_port(void)
 	    	return NULL;
 }
  
+LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_secure(H3270 *session)
+{
+	CHECK_SESSION_HANDLE(session);
+	return session->secure;
+}
+
+/*
 LIB3270_EXPORT int lib3270_get_ssl_state(H3270 *h)
 {
 	CHECK_SESSION_HANDLE(h);
@@ -3465,6 +3508,7 @@ LIB3270_EXPORT int lib3270_get_ssl_state(H3270 *h)
 		return 0;
 #endif
 }
+*/
  
 /*
 int Get3270Socket(void)
...	...	@@ -157,7 +157,7 @@
157	157
158	158	#define OIA_FLAG_BOXSOLID LIB3270_FLAG_BOXSOLID
159	159	#define OIA_FLAG_UNDERA LIB3270_FLAG_UNDERA
160		- #define OIA_FLAG_SECURE LIB3270_FLAG_SECURE
	160	+// #define OIA_FLAG_SECURE LIB3270_FLAG_SECURE
161	161	#define OIA_FLAG_TYPEAHEAD LIB3270_FLAG_TYPEAHEAD
162	162	#define OIA_FLAG_PRINTER LIB3270_FLAG_PRINTER
163	163	#define OIA_FLAG_REVERSE LIB3270_FLAG_REVERSE
...	...	@@ -356,7 +356,7 @@
356	356	LOCAL_EXTERN void Input_String(const unsigned char *str);
357	357	LOCAL_EXTERN void screen_size(int rows, int cols);
358	358
359		- #define query_secure_connection(h) lib3270_get_ssl_state(h)
	359	+// #define query_secure_connection(h) lib3270_get_ssl_state(h)
360	360	#define lib3270_paste_string(str) lib3270_set_string(NULL,str)
361	361	#define get_3270_terminal_size(h,r,c) lib3270_get_screen_size(h,r,c)
362	362
...	...
...	...	@@ -118,6 +118,10 @@ static void message(H3270 session, LIB3270_NOTIFY id , const char title, const
118	118	lib3270_write_log(session,"%s",text);
119	119	}
120	120
	121	+static void update_ssl(H3270 *session, LIB3270_SSL_STATE state)
	122	+{
	123	+}
	124	+
121	125	static void lib3270_session_init(H3270 hSession, const char model)
122	126	{
123	127	int ovc, ovr;
...	...	@@ -144,6 +148,7 @@ static void lib3270_session_init(H3270 hSession, const char model)
144	148	hSession->update_selection = update_selection;
145	149	hSession->cursor = set_cursor;
146	150	hSession->message = message;
	151	+ hSession->update_ssl = update_ssl;
147	152
148	153	hSession->sock = -1;
149	154	hSession->model_num = -1;
...	...
...	...	@@ -546,15 +546,19 @@ static void status_connect(H3270 session, int connected, void dunno)
546	546	else
547	547	id = LIB3270_STATUS_CONNECTED;
548	548
549		-#if defined(HAVE_LIBSSL) /[/
	549	+/*
	550	+#if defined(HAVE_LIBSSL)
550	551	set_status(session,OIA_FLAG_SECURE,session->secure_connection);
551		-#endif /]/
	552	+#endif
	553	+*/
552	554
553	555	}
554	556	else
555	557	{
556	558	set_status(session,OIA_FLAG_BOXSOLID,False);
	559	+/*
557	560	set_status(session,OIA_FLAG_SECURE,False);
	561	+*/
558	562
559	563	id = LIB3270_STATUS_DISCONNECTED;
560	564	}
...	...
...	...	@@ -351,8 +351,19 @@ static void output_possible(H3270 *session);
351	351	#endif /]/
352	352
353	353
	354	+/--[ Implement ]------------------------------------------------------------------------------------/
	355	+
	356	+void set_ssl_state(H3270 *session, LIB3270_SSL_STATE state)
	357	+{
	358	+ if(state == session->secure)
	359	+ return;
	360	+
	361	+ trace_dsn("SSL state changes to %d",(int) state);
	362	+ trace("SSL state changes to %d",(int) state);
	363	+
	364	+ session->update_ssl(session,session->secure = state);
	365	+}
354	366
355		-
356	367	#if defined(_WIN32) /[/
357	368	void sockstart(H3270 *session)
358	369	{
...	...	@@ -477,6 +488,8 @@ int net_connect(H3270 session, const char host, char *portname, Boolean ls, Bo
477	488
478	489	#define close_fail { (void) SOCK_CLOSE(session->sock); session->sock = -1; return -1; }
479	490
	491	+ set_ssl_state(session,LIB3270_SSL_UNSECURE);
	492	+
480	493	#if defined(_WIN32)
481	494	sockstart(session);
482	495	#endif
...	...	@@ -763,44 +776,49 @@ static void net_connected(H3270 *session)
763	776
764	777	#if defined(HAVE_LIBSSL) /[/
765	778	/* Set up SSL. */
766		- if(session->ssl_host && !session->secure_connection)
	779	+ if(session->ssl_con && session->secure == LIB3270_SSL_UNDEFINED)
767	780	{
768	781	int rc;
769	782
	783	+ set_ssl_state(session,LIB3270_SSL_NEGOTIATING);
	784	+
770	785	if (SSL_set_fd(session->ssl_con, session->sock) != 1)
771	786	{
772	787	trace_dsn("Can't set fd!\n");
773	788	popup_system_error(&h3270,_( "Connection failed" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(session->ssl_con));
	789	+ set_ssl_state(session,LIB3270_SSL_UNSECURE);
774	790	}
	791	+ else
	792	+ {
	793	+ non_blocking(False);
	794	+ rc = SSL_connect(session->ssl_con);
775	795
776		- non_blocking(False);
777		- rc = SSL_connect(session->ssl_con);
	796	+ if(rc != 1)
	797	+ {
	798	+ unsigned long e = ERR_get_error();
	799	+ const char * state = SSL_state_string_long(session->ssl_con);
778	800
779		- if(rc != 1)
780		- {
781		- unsigned long e = ERR_get_error();
782		- const char * state = SSL_state_string_long(session->ssl_con);
	801	+ trace_dsn("TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);
783	802
784		- trace_dsn("TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);
	803	+ host_disconnect(session,True);
785	804
786		- host_disconnect(session,True);
	805	+ if(e != session->last_ssl_error)
	806	+ {
	807	+ session->message( &h3270,
	808	+ LIB3270_NOTIFY_ERROR,
	809	+ _( "Connection failed" ),
	810	+ _( "SSL negotiation failed" ),
	811	+ state);
	812	+ session->last_ssl_error = e;
	813	+ }
	814	+ return;
787	815
788		- if(e != session->last_ssl_error)
789		- {
790		- session->message( &h3270,
791		- LIB3270_NOTIFY_ERROR,
792		- _( "Connection failed" ),
793		- _( "SSL negotiation failed" ),
794		- state);
795		- session->last_ssl_error = e;
796	816	}
797		- return;
798		-
	817	+ non_blocking(True);
799	818	}
800		- non_blocking(True);
801	819
802		- session->secure_connection = True;
803		- trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
	820	+// session->secure_connection = True;
	821	+// trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
804	822
805	823	/* Tell everyone else again. */
806	824	host_connected(session);
...	...	@@ -897,18 +915,22 @@ static void output_possible(H3270 *session)
897	915	*/
898	916	void net_disconnect(void)
899	917	{
900		-#if defined(HAVE_LIBSSL) /[/
	918	+#if defined(HAVE_LIBSSL)
901	919	if (h3270.ssl_con != NULL)
902	920	{
903	921	SSL_shutdown(h3270.ssl_con);
904	922	SSL_free(h3270.ssl_con);
905	923	h3270.ssl_con = NULL;
906	924	}
907		- h3270.secure_connection = False;
908		-#endif /]/
	925	+#endif
	926	+
	927	+ set_ssl_state(&h3270,LIB3270_SSL_UNSECURE);
	928	+
909	929	if (CONNECTED)
910	930	(void) shutdown(h3270.sock, 2);
	931	+
911	932	(void) SOCK_CLOSE(h3270.sock);
	933	+
912	934	h3270.sock = -1;
913	935	trace_dsn("SENT disconnect\n");
914	936
...	...	@@ -3233,6 +3255,8 @@ static void ssl_init(H3270 *session)
3233	3255	{
3234	3256	static SSL_CTX *ssl_ctx = NULL;
3235	3257
	3258	+ set_ssl_state(session,LIB3270_SSL_UNDEFINED);
	3259	+
3236	3260	if(ssl_ctx == NULL)
3237	3261	{
3238	3262	lib3270_write_log(session,"%s","Initializing SSL context");
...	...	@@ -3293,6 +3317,9 @@ static void client_info_callback(INFO_CONST SSL *s, int where, int ret)
3293	3317	break;
3294	3318
3295	3319	case SSL_CB_CONNECT_EXIT:
	3320	+
	3321	+ trace("%s: SSL_CB_CONNECT_EXIT",__FUNCTION__);
	3322	+
3296	3323	if (ret == 0)
3297	3324	{
3298	3325	trace_dsn("SSL_connect: failed in %s\n",SSL_state_string_long(s));
...	...	@@ -3349,6 +3376,15 @@ static void client_info_callback(INFO_CONST SSL *s, int where, int ret)
3349	3376
3350	3377	if(where & SSL_CB_ALERT)
3351	3378	lib3270_write_log(NULL,"SSL","ALERT: %s",SSL_alert_type_string_long(ret));
	3379	+
	3380	+ if(where & SSL_CB_HANDSHAKE_DONE)
	3381	+ {
	3382	+ trace("%s: SSL_CB_HANDSHAKE_DONE state=%04x",__FUNCTION__,SSL_state(s));
	3383	+ if(SSL_state(s) == 0x03)
	3384	+ set_ssl_state(&h3270,LIB3270_SSL_SECURE);
	3385	+ else
	3386	+ set_ssl_state(&h3270,LIB3270_SSL_UNSECURE);
	3387	+ }
3352	3388	}
3353	3389
3354	3390	/* Process a STARTTLS subnegotiation. */
...	...	@@ -3406,10 +3442,10 @@ static void continue_tls(unsigned char *sbbuf, int len)
3406	3442	return;
3407	3443	}
3408	3444
3409		- h3270.secure_connection = True;
	3445	+// h3270.secure_connection = True;
3410	3446
3411	3447	/* Success. */
3412		- trace_dsn("TLS/SSL negotiated connection complete. Connection is now secure.\n");
	3448	+// trace_dsn("TLS/SSL negotiated connection complete. Connection is now secure.\n");
3413	3449
3414	3450	/* Tell the world that we are (still) connected, now in secure mode. */
3415	3451	host_connected(&h3270);
...	...	@@ -3455,6 +3491,13 @@ net_proxy_port(void)
3455	3491	return NULL;
3456	3492	}
3457	3493
	3494	+LIB3270_EXPORT LIB3270_SSL_STATE lib3270_get_secure(H3270 *session)
	3495	+{
	3496	+ CHECK_SESSION_HANDLE(session);
	3497	+ return session->secure;
	3498	+}
	3499	+
	3500	+/*
3458	3501	LIB3270_EXPORT int lib3270_get_ssl_state(H3270 *h)
3459	3502	{
3460	3503	CHECK_SESSION_HANDLE(h);
...	...	@@ -3465,6 +3508,7 @@ LIB3270_EXPORT int lib3270_get_ssl_state(H3270 *h)
3465	3508	return 0;
3466	3509	#endif
3467	3510	}
	3511	+*/
3468	3512
3469	3513	/*
3470	3514	int Get3270Socket(void)
...	...