From bbc56d7aebfd23749358ef33641d39a02992c0af Mon Sep 17 00:00:00 2001 From: Perry Werneck Date: Tue, 6 Aug 2019 13:20:53 -0300 Subject: [PATCH] Adding build option to disable SSL erro notifications. --- configure.ac | 14 ++++++++++++++ src/core/connect.c | 12 ++++-------- src/include/config.h.in | 1 + src/include/lib3270-internals.h | 6 ++++++ src/ssl/negotiate.c | 36 ++++++++++++++++++++++++++++++++++-- 5 files changed, 59 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index 5841094..55beb60 100644 --- a/configure.ac +++ b/configure.ac @@ -398,6 +398,20 @@ AC_ARG_WITH([default-crl-url], AC_MSG_NOTICE(No default crl url) ]) +AC_ARG_ENABLE([ssl-error-notification], + [AS_HELP_STRING([--disable-ssl-error-notification], [Disable notifications when the security negotiation fails])], +[ + app_cv_enable_ssl_notification="$enableval" +],[ + app_cv_enable_ssl_notification="yes" +]) + +if test "$app_cv_enable_ssl_notification" == "yes"; then + AC_DEFINE(SSL_ENABLE_NOTIFICATION_WHEN_FAILED) +else + AC_MSG_NOTICE(No notifications when SSL negotiation fails) +fi + dnl --------------------------------------------------------------------------- dnl Check for pic dnl --------------------------------------------------------------------------- diff --git a/src/core/connect.c b/src/core/connect.c index 652a8f7..121b6de 100644 --- a/src/core/connect.c +++ b/src/core/connect.c @@ -151,9 +151,7 @@ static int notify_crl_error(H3270 *hSession, int rc, const SSL_ERROR_MESSAGE *me if(message->description) { - lib3270_write_log(hSession,"SSL-CRL-GET","%s",message->description); - - if(hSession->cbk.popup_ssl_error(hSession,rc,message->title,message->text,message->description)) + if(popup_ssl_error(hSession,rc,message->title,message->text,message->description)) return rc; } #ifdef _WIN32 @@ -162,9 +160,7 @@ static int notify_crl_error(H3270 *hSession, int rc, const SSL_ERROR_MESSAGE *me lib3270_autoptr(char) windows_error = lib3270_win32_translate_error_code(message->lasterror); lib3270_autoptr(char) formatted_error = lib3270_strdup_printf(_( "Windows error was \"%s\" (%u)" ), windows_error,(unsigned int) message->lasterror); - lib3270_write_log(hSession,"SSL-CRL-GET","%s (lasterror=%u - %s)",message->text,(unsigned int) message->lasterror, windows_error); - - if(hSession->cbk.popup_ssl_error(hSession,rc,message->title,message->text,formatted_error)) + if(popup_ssl_error(hSession,rc,message->title,message->text,formatted_error)) return rc; } @@ -174,12 +170,12 @@ static int notify_crl_error(H3270 *hSession, int rc, const SSL_ERROR_MESSAGE *me lib3270_autoptr(char) formatted_error = lib3270_strdup_printf(_( "%s (SSL error %d)" ),ERR_reason_error_string(message->error),message->error); lib3270_write_log(hSession,"SSL-CRL-GET","%s",formatted_error); - if(hSession->cbk.popup_ssl_error(hSession,rc,message->title,message->text,formatted_error)) + if(popup_ssl_error(hSession,rc,message->title,message->text,formatted_error)) return rc; } else { - if(hSession->cbk.popup_ssl_error(hSession,rc,message->title,message->text,"")) + if(popup_ssl_error(hSession,rc,message->title,message->text,"")) return rc; } diff --git a/src/include/config.h.in b/src/include/config.h.in index 77c1e8c..6989bbc 100644 --- a/src/include/config.h.in +++ b/src/include/config.h.in @@ -69,6 +69,7 @@ #undef SSL_ENABLE_CRL_CHECK #undef SSL_ENABLE_CRL_EXPIRATION_CHECK #undef SSL_DEFAULT_CRL_URL + #undef SSL_ENABLE_NOTIFICATION_WHEN_FAILED /* Optional parts. */ #undef X3270_DBCS diff --git a/src/include/lib3270-internals.h b/src/include/lib3270-internals.h index a9f74c1..7daf1ca 100644 --- a/src/include/lib3270-internals.h +++ b/src/include/lib3270-internals.h @@ -809,6 +809,12 @@ LIB3270_INTERNAL int non_blocking(H3270 *session, Boolean on); */ LIB3270_INTERNAL int ssl_3270_ex_index; + /** + * @brief Emit popup on ssl error. + * + */ + LIB3270_INTERNAL int popup_ssl_error(H3270 *session, int rc, const char *title, const char *summary, const char *body); + #ifdef SSL_ENABLE_CRL_CHECK LIB3270_INTERNAL X509_CRL * lib3270_get_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *url); #endif // SSL_ENABLE_CRL_CHECK diff --git a/src/ssl/negotiate.c b/src/ssl/negotiate.c index b9dbd9b..f19375a 100644 --- a/src/ssl/negotiate.c +++ b/src/ssl/negotiate.c @@ -292,9 +292,9 @@ int ssl_negotiate(H3270 *hSession) int abort = -1; if(msg.description) - abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,msg.description); + abort = popup_ssl_error(hSession,rc,msg.title,msg.text,msg.description); else - abort = hSession->cbk.popup_ssl_error(hSession,rc,msg.title,msg.text,ERR_reason_error_string(msg.error)); + abort = popup_ssl_error(hSession,rc,msg.title,msg.text,ERR_reason_error_string(msg.error)); if(abort) { @@ -434,3 +434,35 @@ void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) #endif /*]*/ +int popup_ssl_error(H3270 *hSession, int rc, const char *title, const char *summary, const char *body) +{ +#ifdef SSL_ENABLE_NOTIFICATION_WHEN_FAILED + + lib3270_write_log(hSession, "SSL", "%s", summary ); + return hSession->cbk.popup_ssl_error(hSession,rc,title,summary,body); + +#else + + lib3270_autoptr(char) message = NULL; + + if(body && *body) + message = lib3270_strdup_printf("%s - rc=%d",body,rc); + else if(rc) + message = lib3270_strdup_printf("%s (rc=%d)",strerror(rc),rc); + else + message = lib3270_strdup_printf("rc=%d",rc); + + lib3270_write_log( + hSession, + "SSL", + "%s - %s - %s", + title, + summary, + message + ); + + + return 0; +#endif // SSL_ENABLE_NOTIFICATION_WHEN_FAILED + +} -- libgit2 0.21.2