From ad9b3856f6278bbcc14c2c17a6df162ae3d7b715 Mon Sep 17 00:00:00 2001
From: Perry Werneck <perry.werneck@gmail.com>
Date: Wed, 30 Jan 2019 11:38:47 -0200
Subject: [PATCH] Updating SSL state API.

---
 src/include/lib3270.h      |  4 ++++
 src/lib3270/properties.c   | 48 ++++++++++++++++++++++++++++++++++++++++++------
 src/lib3270/session.c      |  4 ++--
 src/lib3270/ssl/ctx_init.c | 24 +++++++++---------------
 src/lib3270/ssl/state.c    |  5 +++++
 5 files changed, 62 insertions(+), 23 deletions(-)

diff --git a/src/include/lib3270.h b/src/include/lib3270.h
index 89c5845..069554c 100644
--- a/src/include/lib3270.h
+++ b/src/include/lib3270.h
@@ -522,12 +522,16 @@
 	 */
 	LIB3270_EXPORT const char * lib3270_get_ssl_state_message(H3270 *hSession);
 
+	LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(H3270 *hSession);
+
 	/**
 	 * @brief Get security state message.
 	 *
 	 */
 	LIB3270_EXPORT const char * lib3270_get_ssl_state_description(H3270 *hSession);
 
+	LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession);
+
 	/**
 	 * @brief Get service or port for the connect/reconnect operations.
 	 *
diff --git a/src/lib3270/properties.c b/src/lib3270/properties.c
index 6a0f664..b84a59f 100644
--- a/src/lib3270/properties.c
+++ b/src/lib3270/properties.c
@@ -297,8 +297,8 @@
  const char * lib3270_get_crl_url(H3270 *hSession)
  {
 #ifdef SSL_ENABLE_CRL_CHECK
-	if(hSession->ssl.url)
-		return hSession->ssl.url;
+	if(hSession->ssl.crl.url)
+		return hSession->ssl.crl.url;
 
 #ifdef SSL_DEFAULT_CRL_URL
 	return SSL_DEFAULT_CRL_URL;
@@ -322,15 +322,21 @@
 
 #ifdef SSL_ENABLE_CRL_CHECK
 
-	if(hSession->ssl.crl)
+	if(hSession->ssl.crl.url)
 	{
-		free(hSession->ssl.crl);
-		hSession->ssl.crl = NULL;
+		free(hSession->ssl.crl.url);
+		hSession->ssl.crl.url = NULL;
+	}
+
+	if(hSession->ssl.crl.cert)
+	{
+		X509_CRL_free(hSession->ssl.crl.cert);
+		hSession->ssl.crl.cert = NULL;
 	}
 
 	if(crl)
 	{
-		hSession->ssl.crl = strdup(crl);
+		hSession->ssl.crl.url = strdup(crl);
 	}
 
 	return 0;
@@ -628,3 +634,33 @@ LIB3270_EXPORT int lib3270_get_secure_host(H3270 *hSession)
 
 }
 
+LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession)
+{
+#ifdef SSL_ENABLE_CRL_CHECK
+
+	if(hSession->ssl.crl.cert)
+	{
+
+		BIO				* out = BIO_new(BIO_s_mem());
+		unsigned char	* data;
+		unsigned char	* text;
+		int				  n;
+
+		X509_CRL_print(out,hSession->ssl.crl.cert);
+
+		n		= BIO_get_mem_data(out, &data);
+		text	= (unsigned char *) lib3270_malloc(n+1);
+		text[n]	='\0';
+
+		memcpy(text,data,n);
+		BIO_free(out);
+
+		return (char *) text;
+
+	}
+
+
+#endif // SSL_ENABLE_CRL_CHECK
+
+	return NULL;
+}
diff --git a/src/lib3270/session.c b/src/lib3270/session.c
index a7d27ab..872c4b8 100644
--- a/src/lib3270/session.c
+++ b/src/lib3270/session.c
@@ -77,8 +77,8 @@ void lib3270_session_free(H3270 *h)
 #ifdef SSL_ENABLE_CRL_CHECK
 	if(h->ssl.crl.url)
 	{
-		free(h->ssl.url);
-		h->ssl.url = NULL;
+		free(h->ssl.crl.url);
+		h->ssl.crl.url = NULL;
 	}
 
 	if(h->ssl.crl.cert)
diff --git a/src/lib3270/ssl/ctx_init.c b/src/lib3270/ssl/ctx_init.c
index 7e655c2..266f197 100644
--- a/src/lib3270/ssl/ctx_init.c
+++ b/src/lib3270/ssl/ctx_init.c
@@ -135,27 +135,21 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 
 	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
 	{
-		BIO				* out	= BIO_new(BIO_s_mem());
-		unsigned char	* data;
-		unsigned char	* text;
-		int				  n;
+		lib3270_autoptr(char) text = lib3270_get_crl_text(hSession);
 
-		X509_CRL_print(out,crl);
+		if(text)
+			trace_ssl(hSession,"\n%s\n",text);
 
-		n		= BIO_get_mem_data(out, &data);
-		text	= (unsigned char *) malloc (n+1);
-		text[n]	='\0';
-		memcpy(text,data,n);
-
-		trace_ssl(hSession,"\n%s\n",text);
+	}
 
-		free(text);
-		BIO_free(out);
+	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
 
+	if(hSession->ssl.crl.cert)
+	{
+		X509_STORE_add_crl(store, hSession->ssl.crl.cert);
+		trace_ssl(hSession,"CRL was added to cert store");
 	}
 
-	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-	X509_STORE_add_crl(store, crl);
 	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
 	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
 	X509_STORE_set1_param(store, param);
diff --git a/src/lib3270/ssl/state.c b/src/lib3270/ssl/state.c
index 77c1f59..9aee5d4 100644
--- a/src/lib3270/ssl/state.c
+++ b/src/lib3270/ssl/state.c
@@ -437,5 +437,10 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
  	return LIB3270_NOTIFY_ERROR;
  }
 
+ const char	* lib3270_get_ssl_state_icon_name(H3270 *hSession)
+ {
+ 	return "dialog-error";
+ }
+
 #endif // HAVE_LIBSSL
 
--
libgit2 0.21.2