Updating SSL state API.

Perry Werneck
1 parent b4112fce
Showing 5 changed files with 62 additions and 23 deletions Show diff stats
src/include/lib3270.h
src/lib3270/properties.c
src/lib3270/session.c
src/lib3270/ssl/ctx_init.c
src/lib3270/ssl/state.c
@@ -522,12 +522,16 @@
 	 */
 	LIB3270_EXPORT const char * lib3270_get_ssl_state_message(H3270 *hSession);
  
+	LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(H3270 *hSession);
+
 	/**
 	 * @brief Get security state message.
 	 *
 	 */
 	LIB3270_EXPORT const char * lib3270_get_ssl_state_description(H3270 *hSession);
  
+	LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession);
+
 	/**
 	 * @brief Get service or port for the connect/reconnect operations.
 	 *
@@ -297,8 +297,8 @@
  const char * lib3270_get_crl_url(H3270 *hSession)
  {
 #ifdef SSL_ENABLE_CRL_CHECK
-	if(hSession->ssl.url)
-		return hSession->ssl.url;
+	if(hSession->ssl.crl.url)
+		return hSession->ssl.crl.url;
  
 #ifdef SSL_DEFAULT_CRL_URL
 	return SSL_DEFAULT_CRL_URL;
@@ -322,15 +322,21 @@
  
 #ifdef SSL_ENABLE_CRL_CHECK
  
-	if(hSession->ssl.crl)
+	if(hSession->ssl.crl.url)
 	{
-		free(hSession->ssl.crl);
-		hSession->ssl.crl = NULL;
+		free(hSession->ssl.crl.url);
+		hSession->ssl.crl.url = NULL;
+	}
+
+	if(hSession->ssl.crl.cert)
+	{
+		X509_CRL_free(hSession->ssl.crl.cert);
+		hSession->ssl.crl.cert = NULL;
 	}
  
 	if(crl)
 	{
-		hSession->ssl.crl = strdup(crl);
+		hSession->ssl.crl.url = strdup(crl);
 	}
  
 	return 0;
@@ -628,3 +634,33 @@ LIB3270_EXPORT int lib3270_get_secure_host(H3270 *hSession)
  
 }
  
+LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession)
+{
+#ifdef SSL_ENABLE_CRL_CHECK
+
+	if(hSession->ssl.crl.cert)
+	{
+
+		BIO				* out = BIO_new(BIO_s_mem());
+		unsigned char	* data;
+		unsigned char	* text;
+		int				  n;
+
+		X509_CRL_print(out,hSession->ssl.crl.cert);
+
+		n		= BIO_get_mem_data(out, &data);
+		text	= (unsigned char *) lib3270_malloc(n+1);
+		text[n]	='\0';
+
+		memcpy(text,data,n);
+		BIO_free(out);
+
+		return (char *) text;
+
+	}
+
+
+#endif // SSL_ENABLE_CRL_CHECK
+
+	return NULL;
+}
@@ -77,8 +77,8 @@ void lib3270_session_free(H3270 *h)
 #ifdef SSL_ENABLE_CRL_CHECK
 	if(h->ssl.crl.url)
 	{
-		free(h->ssl.url);
-		h->ssl.url = NULL;
+		free(h->ssl.crl.url);
+		h->ssl.crl.url = NULL;
 	}
  
 	if(h->ssl.crl.cert)
@@ -135,27 +135,21 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
  
 	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
 	{
-		BIO				* out	= BIO_new(BIO_s_mem());
-		unsigned char	* data;
-		unsigned char	* text;
-		int				  n;
+		lib3270_autoptr(char) text = lib3270_get_crl_text(hSession);
  
-		X509_CRL_print(out,crl);
+		if(text)
+			trace_ssl(hSession,"\n%s\n",text);
  
-		n		= BIO_get_mem_data(out, &data);
-		text	= (unsigned char *) malloc (n+1);
-		text[n]	='\0';
-		memcpy(text,data,n);
-
-		trace_ssl(hSession,"\n%s\n",text);
+	}
  
-		free(text);
-		BIO_free(out);
+	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
  
+	if(hSession->ssl.crl.cert)
+	{
+		X509_STORE_add_crl(store, hSession->ssl.crl.cert);
+		trace_ssl(hSession,"CRL was added to cert store");
 	}
  
-	X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
-	X509_STORE_add_crl(store, crl);
 	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
 	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
 	X509_STORE_set1_param(store, param);
@@ -437,5 +437,10 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
  	return LIB3270_NOTIFY_ERROR;
  }
  
+ const char	* lib3270_get_ssl_state_icon_name(H3270 *hSession)
+ {
+ 	return "dialog-error";
+ }
+
 #endif // HAVE_LIBSSL
...	...	@@ -522,12 +522,16 @@
522	522	*/
523	523	LIB3270_EXPORT const char * lib3270_get_ssl_state_message(H3270 *hSession);
524	524
	525	+ LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(H3270 *hSession);
	526	+
525	527	/**
526	528	* @brief Get security state message.
527	529	*
528	530	*/
529	531	LIB3270_EXPORT const char * lib3270_get_ssl_state_description(H3270 *hSession);
530	532
	533	+ LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession);
	534	+
531	535	/**
532	536	* @brief Get service or port for the connect/reconnect operations.
533	537	*
...	...
...	...	@@ -297,8 +297,8 @@
297	297	const char * lib3270_get_crl_url(H3270 *hSession)
298	298	{
299	299	#ifdef SSL_ENABLE_CRL_CHECK
300		- if(hSession->ssl.url)
301		- return hSession->ssl.url;
	300	+ if(hSession->ssl.crl.url)
	301	+ return hSession->ssl.crl.url;
302	302
303	303	#ifdef SSL_DEFAULT_CRL_URL
304	304	return SSL_DEFAULT_CRL_URL;
...	...	@@ -322,15 +322,21 @@
322	322
323	323	#ifdef SSL_ENABLE_CRL_CHECK
324	324
325		- if(hSession->ssl.crl)
	325	+ if(hSession->ssl.crl.url)
326	326	{
327		- free(hSession->ssl.crl);
328		- hSession->ssl.crl = NULL;
	327	+ free(hSession->ssl.crl.url);
	328	+ hSession->ssl.crl.url = NULL;
	329	+ }
	330	+
	331	+ if(hSession->ssl.crl.cert)
	332	+ {
	333	+ X509_CRL_free(hSession->ssl.crl.cert);
	334	+ hSession->ssl.crl.cert = NULL;
329	335	}
330	336
331	337	if(crl)
332	338	{
333		- hSession->ssl.crl = strdup(crl);
	339	+ hSession->ssl.crl.url = strdup(crl);
334	340	}
335	341
336	342	return 0;
...	...	@@ -628,3 +634,33 @@ LIB3270_EXPORT int lib3270_get_secure_host(H3270 *hSession)
628	634
629	635	}
630	636
	637	+LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession)
	638	+{
	639	+#ifdef SSL_ENABLE_CRL_CHECK
	640	+
	641	+ if(hSession->ssl.crl.cert)
	642	+ {
	643	+
	644	+ BIO * out = BIO_new(BIO_s_mem());
	645	+ unsigned char * data;
	646	+ unsigned char * text;
	647	+ int n;
	648	+
	649	+ X509_CRL_print(out,hSession->ssl.crl.cert);
	650	+
	651	+ n = BIO_get_mem_data(out, &data);
	652	+ text = (unsigned char *) lib3270_malloc(n+1);
	653	+ text[n] ='\0';
	654	+
	655	+ memcpy(text,data,n);
	656	+ BIO_free(out);
	657	+
	658	+ return (char *) text;
	659	+
	660	+ }
	661	+
	662	+
	663	+#endif // SSL_ENABLE_CRL_CHECK
	664	+
	665	+ return NULL;
	666	+}
...	...
...	...	@@ -77,8 +77,8 @@ void lib3270_session_free(H3270 *h)
77	77	#ifdef SSL_ENABLE_CRL_CHECK
78	78	if(h->ssl.crl.url)
79	79	{
80		- free(h->ssl.url);
81		- h->ssl.url = NULL;
	80	+ free(h->ssl.crl.url);
	81	+ h->ssl.crl.url = NULL;
82	82	}
83	83
84	84	if(h->ssl.crl.cert)
...	...
...	...	@@ -135,27 +135,21 @@ int ssl_ctx_init(H3270 hSession, SSL_ERROR_MESSAGE message)
135	135
136	136	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
137	137	{
138		- BIO * out = BIO_new(BIO_s_mem());
139		- unsigned char * data;
140		- unsigned char * text;
141		- int n;
	138	+ lib3270_autoptr(char) text = lib3270_get_crl_text(hSession);
142	139
143		- X509_CRL_print(out,crl);
	140	+ if(text)
	141	+ trace_ssl(hSession,"\n%s\n",text);
144	142
145		- n = BIO_get_mem_data(out, &data);
146		- text = (unsigned char *) malloc (n+1);
147		- text[n] ='\0';
148		- memcpy(text,data,n);
149		-
150		- trace_ssl(hSession,"\n%s\n",text);
	143	+ }
151	144
152		- free(text);
153		- BIO_free(out);
	145	+ X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
154	146
	147	+ if(hSession->ssl.crl.cert)
	148	+ {
	149	+ X509_STORE_add_crl(store, hSession->ssl.crl.cert);
	150	+ trace_ssl(hSession,"CRL was added to cert store");
155	151	}
156	152
157		- X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
158		- X509_STORE_add_crl(store, crl);
159	153	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
160	154	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
161	155	X509_STORE_set1_param(store, param);
...	...
...	...	@@ -437,5 +437,10 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
437	437	return LIB3270_NOTIFY_ERROR;
438	438	}
439	439
	440	+ const char * lib3270_get_ssl_state_icon_name(H3270 *hSession)
	441	+ {
	442	+ return "dialog-error";
	443	+ }
	444	+
440	445	#endif // HAVE_LIBSSL
441	446
...	...