Commit ba6b7d6848d84e0545a1961106a470895808f875
1 parent
8d514ca2
Exists in
master
and in
3 other branches
Incluindo opção para validação da lista de certificados SSL revogados
(CRL).
Showing
1 changed file
with
4 additions
and
4 deletions
Show diff stats
| @@ -139,7 +139,7 @@ int ssl_negotiate(H3270 *hSession) | @@ -139,7 +139,7 @@ int ssl_negotiate(H3270 *hSession) | ||
| 139 | peer = SSL_get_peer_certificate(hSession->ssl_con); | 139 | peer = SSL_get_peer_certificate(hSession->ssl_con); |
| 140 | trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); | 140 | trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" ); |
| 141 | 141 | ||
| 142 | -#ifdef ENABLE_SELF_SIGNED_CERT | 142 | +#ifdef SSL_ALLOW_SELF_SIGNED_CERT |
| 143 | break; | 143 | break; |
| 144 | #else | 144 | #else |
| 145 | lib3270_disconnect(hSession); | 145 | lib3270_disconnect(hSession); |
| @@ -151,7 +151,7 @@ int ssl_negotiate(H3270 *hSession) | @@ -151,7 +151,7 @@ int ssl_negotiate(H3270 *hSession) | ||
| 151 | ); | 151 | ); |
| 152 | 152 | ||
| 153 | return -1; | 153 | return -1; |
| 154 | -#endif // ENABLE_SELF_SIGNED_CERT | 154 | +#endif // SSL_ALLOW_SELF_SIGNED_CERT |
| 155 | 155 | ||
| 156 | default: | 156 | default: |
| 157 | trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); | 157 | trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv); |
| @@ -255,7 +255,7 @@ int ssl_init(H3270 *hSession) | @@ -255,7 +255,7 @@ int ssl_init(H3270 *hSession) | ||
| 255 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); | 255 | SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); |
| 256 | SSL_CTX_set_default_verify_paths(ssl_ctx); | 256 | SSL_CTX_set_default_verify_paths(ssl_ctx); |
| 257 | 257 | ||
| 258 | - /* | 258 | +#if defined(SSL_ENABLE_CRL_CHECK) |
| 259 | // Set up CRL validation | 259 | // Set up CRL validation |
| 260 | // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now | 260 | // https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now |
| 261 | X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); | 261 | X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); |
| @@ -265,9 +265,9 @@ int ssl_init(H3270 *hSession) | @@ -265,9 +265,9 @@ int ssl_init(H3270 *hSession) | ||
| 265 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | 265 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); |
| 266 | X509_STORE_set1_param(store, param); | 266 | X509_STORE_set1_param(store, param); |
| 267 | X509_VERIFY_PARAM_free(param); | 267 | X509_VERIFY_PARAM_free(param); |
| 268 | - */ | ||
| 269 | 268 | ||
| 270 | // X509_STORE_free(store); | 269 | // X509_STORE_free(store); |
| 270 | +#endif // SSL_ENABLE_CRL_CHECK | ||
| 271 | 271 | ||
| 272 | #if defined(_WIN32) | 272 | #if defined(_WIN32) |
| 273 | { | 273 | { |