From ad9b3856f6278bbcc14c2c17a6df162ae3d7b715 Mon Sep 17 00:00:00 2001 From: Perry Werneck Date: Wed, 30 Jan 2019 11:38:47 -0200 Subject: [PATCH] Updating SSL state API. --- src/include/lib3270.h | 4 ++++ src/lib3270/properties.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ src/lib3270/session.c | 4 ++-- src/lib3270/ssl/ctx_init.c | 24 +++++++++--------------- src/lib3270/ssl/state.c | 5 +++++ 5 files changed, 62 insertions(+), 23 deletions(-) diff --git a/src/include/lib3270.h b/src/include/lib3270.h index 89c5845..069554c 100644 --- a/src/include/lib3270.h +++ b/src/include/lib3270.h @@ -522,12 +522,16 @@ */ LIB3270_EXPORT const char * lib3270_get_ssl_state_message(H3270 *hSession); + LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(H3270 *hSession); + /** * @brief Get security state message. * */ LIB3270_EXPORT const char * lib3270_get_ssl_state_description(H3270 *hSession); + LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession); + /** * @brief Get service or port for the connect/reconnect operations. * diff --git a/src/lib3270/properties.c b/src/lib3270/properties.c index 6a0f664..b84a59f 100644 --- a/src/lib3270/properties.c +++ b/src/lib3270/properties.c @@ -297,8 +297,8 @@ const char * lib3270_get_crl_url(H3270 *hSession) { #ifdef SSL_ENABLE_CRL_CHECK - if(hSession->ssl.url) - return hSession->ssl.url; + if(hSession->ssl.crl.url) + return hSession->ssl.crl.url; #ifdef SSL_DEFAULT_CRL_URL return SSL_DEFAULT_CRL_URL; @@ -322,15 +322,21 @@ #ifdef SSL_ENABLE_CRL_CHECK - if(hSession->ssl.crl) + if(hSession->ssl.crl.url) { - free(hSession->ssl.crl); - hSession->ssl.crl = NULL; + free(hSession->ssl.crl.url); + hSession->ssl.crl.url = NULL; + } + + if(hSession->ssl.crl.cert) + { + X509_CRL_free(hSession->ssl.crl.cert); + hSession->ssl.crl.cert = NULL; } if(crl) { - hSession->ssl.crl = strdup(crl); + hSession->ssl.crl.url = strdup(crl); } return 0; @@ -628,3 +634,33 @@ LIB3270_EXPORT int lib3270_get_secure_host(H3270 *hSession) } +LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession) +{ +#ifdef SSL_ENABLE_CRL_CHECK + + if(hSession->ssl.crl.cert) + { + + BIO * out = BIO_new(BIO_s_mem()); + unsigned char * data; + unsigned char * text; + int n; + + X509_CRL_print(out,hSession->ssl.crl.cert); + + n = BIO_get_mem_data(out, &data); + text = (unsigned char *) lib3270_malloc(n+1); + text[n] ='\0'; + + memcpy(text,data,n); + BIO_free(out); + + return (char *) text; + + } + + +#endif // SSL_ENABLE_CRL_CHECK + + return NULL; +} diff --git a/src/lib3270/session.c b/src/lib3270/session.c index a7d27ab..872c4b8 100644 --- a/src/lib3270/session.c +++ b/src/lib3270/session.c @@ -77,8 +77,8 @@ void lib3270_session_free(H3270 *h) #ifdef SSL_ENABLE_CRL_CHECK if(h->ssl.crl.url) { - free(h->ssl.url); - h->ssl.url = NULL; + free(h->ssl.crl.url); + h->ssl.crl.url = NULL; } if(h->ssl.crl.cert) diff --git a/src/lib3270/ssl/ctx_init.c b/src/lib3270/ssl/ctx_init.c index 7e655c2..266f197 100644 --- a/src/lib3270/ssl/ctx_init.c +++ b/src/lib3270/ssl/ctx_init.c @@ -135,27 +135,21 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) { - BIO * out = BIO_new(BIO_s_mem()); - unsigned char * data; - unsigned char * text; - int n; + lib3270_autoptr(char) text = lib3270_get_crl_text(hSession); - X509_CRL_print(out,crl); + if(text) + trace_ssl(hSession,"\n%s\n",text); - n = BIO_get_mem_data(out, &data); - text = (unsigned char *) malloc (n+1); - text[n] ='\0'; - memcpy(text,data,n); - - trace_ssl(hSession,"\n%s\n",text); + } - free(text); - BIO_free(out); + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); + if(hSession->ssl.crl.cert) + { + X509_STORE_add_crl(store, hSession->ssl.crl.cert); + trace_ssl(hSession,"CRL was added to cert store"); } - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); - X509_STORE_add_crl(store, crl); X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); X509_STORE_set1_param(store, param); diff --git a/src/lib3270/ssl/state.c b/src/lib3270/ssl/state.c index 77c1f59..9aee5d4 100644 --- a/src/lib3270/ssl/state.c +++ b/src/lib3270/ssl/state.c @@ -437,5 +437,10 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state) return LIB3270_NOTIFY_ERROR; } + const char * lib3270_get_ssl_state_icon_name(H3270 *hSession) + { + return "dialog-error"; + } + #endif // HAVE_LIBSSL -- libgit2 0.21.2