Download as
Browse Code »

Commit ad9b3856f6278bbcc14c2c17a6df162ae3d7b715

Authored by Perry Werneck
1 parent b4112fce
Exists in master and in 3 other branches develop, macos, network_module

Updating SSL state API.

Showing 5 changed files with 62 additions and 23 deletions   Show diff stats
src/include/lib3270.h
  Diff comments   View file @ad9b385
@@ -522,12 +522,16 @@ @@ -522,12 +522,16 @@
522 */ 522 */
523 LIB3270_EXPORT const char * lib3270_get_ssl_state_message(H3270 *hSession); 523 LIB3270_EXPORT const char * lib3270_get_ssl_state_message(H3270 *hSession);
524 524
  525 + LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(H3270 *hSession);
  526 +
525 /** 527 /**
526 * @brief Get security state message. 528 * @brief Get security state message.
527 * 529 *
528 */ 530 */
529 LIB3270_EXPORT const char * lib3270_get_ssl_state_description(H3270 *hSession); 531 LIB3270_EXPORT const char * lib3270_get_ssl_state_description(H3270 *hSession);
530 532
  533 + LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession);
  534 +
531 /** 535 /**
532 * @brief Get service or port for the connect/reconnect operations. 536 * @brief Get service or port for the connect/reconnect operations.
533 * 537 *
src/lib3270/properties.c
  Diff comments   View file @ad9b385
@@ -297,8 +297,8 @@ @@ -297,8 +297,8 @@
297 const char * lib3270_get_crl_url(H3270 *hSession) 297 const char * lib3270_get_crl_url(H3270 *hSession)
298 { 298 {
299 #ifdef SSL_ENABLE_CRL_CHECK 299 #ifdef SSL_ENABLE_CRL_CHECK
300 - if(hSession->ssl.url)  
301 - return hSession->ssl.url; 300 + if(hSession->ssl.crl.url)
  301 + return hSession->ssl.crl.url;
302 302
303 #ifdef SSL_DEFAULT_CRL_URL 303 #ifdef SSL_DEFAULT_CRL_URL
304 return SSL_DEFAULT_CRL_URL; 304 return SSL_DEFAULT_CRL_URL;
@@ -322,15 +322,21 @@ @@ -322,15 +322,21 @@
322 322
323 #ifdef SSL_ENABLE_CRL_CHECK 323 #ifdef SSL_ENABLE_CRL_CHECK
324 324
325 - if(hSession->ssl.crl) 325 + if(hSession->ssl.crl.url)
326 { 326 {
327 - free(hSession->ssl.crl);  
328 - hSession->ssl.crl = NULL; 327 + free(hSession->ssl.crl.url);
  328 + hSession->ssl.crl.url = NULL;
  329 + }
  330 +
  331 + if(hSession->ssl.crl.cert)
  332 + {
  333 + X509_CRL_free(hSession->ssl.crl.cert);
  334 + hSession->ssl.crl.cert = NULL;
329 } 335 }
330 336
331 if(crl) 337 if(crl)
332 { 338 {
333 - hSession->ssl.crl = strdup(crl); 339 + hSession->ssl.crl.url = strdup(crl);
334 } 340 }
335 341
336 return 0; 342 return 0;
@@ -628,3 +634,33 @@ LIB3270_EXPORT int lib3270_get_secure_host(H3270 *hSession) @@ -628,3 +634,33 @@ LIB3270_EXPORT int lib3270_get_secure_host(H3270 *hSession)
628 634
629 } 635 }
630 636
  637 +LIB3270_EXPORT char * lib3270_get_crl_text(H3270 *hSession)
  638 +{
  639 +#ifdef SSL_ENABLE_CRL_CHECK
  640 +
  641 + if(hSession->ssl.crl.cert)
  642 + {
  643 +
  644 + BIO * out = BIO_new(BIO_s_mem());
  645 + unsigned char * data;
  646 + unsigned char * text;
  647 + int n;
  648 +
  649 + X509_CRL_print(out,hSession->ssl.crl.cert);
  650 +
  651 + n = BIO_get_mem_data(out, &data);
  652 + text = (unsigned char *) lib3270_malloc(n+1);
  653 + text[n] ='\0';
  654 +
  655 + memcpy(text,data,n);
  656 + BIO_free(out);
  657 +
  658 + return (char *) text;
  659 +
  660 + }
  661 +
  662 +
  663 +#endif // SSL_ENABLE_CRL_CHECK
  664 +
  665 + return NULL;
  666 +}
src/lib3270/session.c
  Diff comments   View file @ad9b385
@@ -77,8 +77,8 @@ void lib3270_session_free(H3270 *h) @@ -77,8 +77,8 @@ void lib3270_session_free(H3270 *h)
77 #ifdef SSL_ENABLE_CRL_CHECK 77 #ifdef SSL_ENABLE_CRL_CHECK
78 if(h->ssl.crl.url) 78 if(h->ssl.crl.url)
79 { 79 {
80 - free(h->ssl.url);  
81 - h->ssl.url = NULL; 80 + free(h->ssl.crl.url);
  81 + h->ssl.crl.url = NULL;
82 } 82 }
83 83
84 if(h->ssl.crl.cert) 84 if(h->ssl.crl.cert)
src/lib3270/ssl/ctx_init.c
  Diff comments   View file @ad9b385
@@ -135,27 +135,21 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -135,27 +135,21 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
135 135
136 if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE)) 136 if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
137 { 137 {
138 - BIO * out = BIO_new(BIO_s_mem());  
139 - unsigned char * data;  
140 - unsigned char * text;  
141 - int n; 138 + lib3270_autoptr(char) text = lib3270_get_crl_text(hSession);
142 139
143 - X509_CRL_print(out,crl); 140 + if(text)
  141 + trace_ssl(hSession,"\n%s\n",text);
144 142
145 - n = BIO_get_mem_data(out, &data);  
146 - text = (unsigned char *) malloc (n+1);  
147 - text[n] ='\0';  
148 - memcpy(text,data,n);  
149 -  
150 - trace_ssl(hSession,"\n%s\n",text); 143 + }
151 144
152 - free(text);  
153 - BIO_free(out); 145 + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
154 146
  147 + if(hSession->ssl.crl.cert)
  148 + {
  149 + X509_STORE_add_crl(store, hSession->ssl.crl.cert);
  150 + trace_ssl(hSession,"CRL was added to cert store");
155 } 151 }
156 152
157 - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);  
158 - X509_STORE_add_crl(store, crl);  
159 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); 153 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
160 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); 154 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
161 X509_STORE_set1_param(store, param); 155 X509_STORE_set1_param(store, param);
src/lib3270/ssl/state.c
  Diff comments   View file @ad9b385
@@ -437,5 +437,10 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state) @@ -437,5 +437,10 @@ void set_ssl_state(H3270 *hSession, LIB3270_SSL_STATE state)
437 return LIB3270_NOTIFY_ERROR; 437 return LIB3270_NOTIFY_ERROR;
438 } 438 }
439 439
  440 + const char * lib3270_get_ssl_state_icon_name(H3270 *hSession)
  441 + {
  442 + return "dialog-error";
  443 + }
  444 +
440 #endif // HAVE_LIBSSL 445 #endif // HAVE_LIBSSL
441 446