Refactoring popup engine.

Perry Werneck
1 parent 36a2078d
Showing 9 changed files with 270 additions and 157 deletions Show diff stats
src/core/connect.c
src/include/internals.h
src/include/lib3270/popup.h
src/ssl/crl.c
src/ssl/linux/getcrl.c
src/ssl/linux/init.c
src/ssl/linux/url.c
src/ssl/negotiate.c
src/ssl/notify.c
@@ -126,7 +126,7 @@
 		set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);
 		int rc = lib3270_run_task(hSession, background_ssl_init, &ssl_error);
-		if(rc && notify_ssl_error(hSession, rc, &ssl_error))
+		if(rc && popup_ssl_error(hSession, rc, &ssl_error))
 			return errno = rc;
 		set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
@@ -780,25 +780,25 @@ LIB3270_INTERNAL int	non_blocking(H3270 *session, Boolean on);
 #if defined(HAVE_LIBSSL)
+	typedef struct ssl_status_msg
+	{
+		LIB3270_POPUP_HEAD
+
+		long			  id;
+		const char		* iconName;		///< @brief Icon name from https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
+	} SSL_STATUS_MSG;
+
 	typedef struct _ssl_error_message
 	{
-		int			  error;
-		const char	* id;			///< @brief Message identifier.
-		const char	* title;		///< @brief Title for popup window.
-		const char	* text;			///< @brief Message text.
-		const char	* description;	///< @brief Message description.
+		int code;
 #ifdef _WIN32
-		DWORD		  lasterror;
+		DWORD	lasterror;
 #endif // _WIN32
-	} SSL_ERROR_MESSAGE;
-	struct ssl_status_msg
-	{
-		LIB3270_POPUP_HEAD
+		const LIB3270_POPUP_DESCRIPTOR *popup;	/// @brief Pointer to popup message.
+
+	} SSL_ERROR_MESSAGE;
-		long			  id;
-		const char		* iconName;		///< @brief Icon name from https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
-	};
 	LIB3270_INTERNAL int							  ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE *message);
 	LIB3270_INTERNAL int							  ssl_init(H3270 *session);
@@ -831,13 +831,15 @@ LIB3270_INTERNAL int	non_blocking(H3270 *session, Boolean on);
 	 * @brief Emit popup on ssl error.
 	 *
 	 */
-	LIB3270_INTERNAL int popup_ssl_error(H3270 *session, int rc, const char *title, const char *summary, const char *body);
+	LIB3270_INTERNAL int popup_ssl_error(H3270 *session, int rc, const SSL_ERROR_MESSAGE *message);
 	/**
-	 * @brief Emite popup on SSL error.
+	 * @brief Emits SSL popup.
+	 *
 	 *
 	 */
-	LIB3270_INTERNAL int notify_ssl_error(H3270 *hSession, int rc, const SSL_ERROR_MESSAGE *message);
+	LIB3270_INTERNAL void ssl_popup_message(H3270 *hSession, const SSL_ERROR_MESSAGE *msg);
+
 #endif
@@ -88,6 +88,20 @@
 	LIB3270_EXPORT LIB3270_NOTIFY	lib3270_get_ssl_state_icon(const H3270 *hSession);
 	LIB3270_EXPORT const char *		lib3270_get_ssl_state_icon_name(const H3270 *hSession);
+	/**
+	 * @brief Emit popup message.
+	 *
+	 * @param hSession	TN3270 Session handle.
+	 * @param popup		Popup descriptor.
+	 * @param wait		If non zero waits for user response.
+	 *
+	 * @return User action.
+	 *
+	 * @retval 0			User has confirmed, continue action.
+	 * @retval ECANCELED	Operation was cancelled.
+	 */
+	LIB3270_EXPORT int lib3270_emit_popup(H3270 *hSession, const LIB3270_POPUP_DESCRIPTOR *popup, unsigned char wait);
+
 #ifdef __cplusplus
 	}
 #endif
@@ -161,10 +161,14 @@ int lib3270_crl_new_from_x509(H3270 *hSession, void *ssl_error, X509 *cert)
 	if(!dist_points)
 	{
-		((SSL_ERROR_MESSAGE *) ssl_error)->id = "NODISTPOINTS";
-		((SSL_ERROR_MESSAGE *) ssl_error)->title = _( "Security error" );
-		((SSL_ERROR_MESSAGE *) ssl_error)->text = _( "Can't verify." );
-		((SSL_ERROR_MESSAGE *) ssl_error)->description = _( "The host certificate doesn't have CRL distribution points" );
+		static const LIB3270_POPUP_DESCRIPTOR popup = {
+			.name = "SSL-NoDistPoints",
+			.type = LIB3270_NOTIFY_SECURE,
+			.summary = N_("Can't verify"),
+			.body = N_( "The host certificate doesn't have CRL distribution points" )
+		};
+
+		((SSL_ERROR_MESSAGE *) ssl_error)->popup = &popup;
 		return EACCES;
 	}
@@ -51,11 +51,15 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
 	if(!(consturl && *consturl))
 	{
-		message->error = hSession->ssl.error = 0;
-		message->id = "CRLINVURL";
-		message->title = _( "Security error" );
-		message->text = _( "Can't open CRL File" );
-		message->description = _("The URL for the CRL is undefined or empty");
+		static const LIB3270_POPUP_DESCRIPTOR popup = {
+			.type = LIB3270_NOTIFY_SECURE,
+			.name = "SSL-INVCRLURL",
+			.summary = N_( "Can't open CRL File" ),
+			.body = N_("The URL for the CRL is undefined or empty")
+		};
+
+		message->code = hSession->ssl.error = 0;
+		message->popup = &popup;
 		errno = ENOENT;
 		return NULL;
 	}
@@ -69,12 +73,17 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
 			// Can't open CRL File.
 			int err = errno;
-			message->error = hSession->ssl.error = 0;
-			message->id = "CRLOPEN";
-			message->title = _( "Security error" );
-			message->text = _( "Can't open CRL File" );
-			message->description = strerror(err);
-			trace_ssl(hSession,"Can't open %s: %s\n",consturl,message->description);
+			static const LIB3270_POPUP_DESCRIPTOR popup = {
+				.type = LIB3270_NOTIFY_SECURE,
+				.name = "SSL-CRLOPEN",
+				.summary = N_( "Can't open CRL File" )
+			};
+
+			message->code = hSession->ssl.error = 0;
+			message->popup = &popup;
+
+			trace_ssl(hSession,"Can't open %s: %s\n",consturl,strerror(err));
+
 			return NULL;
 		}
@@ -82,16 +91,17 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
 		trace_ssl(hSession,"Loading CRL from %s\n",consturl+7);
 		if(d2i_X509_CRL_fp(hCRL, &x509_crl))
 		{
-			message->id = "CRLDECODE";
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Can't decode CRL" );
-			lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
+			static const LIB3270_POPUP_DESCRIPTOR popup = {
+				.type = LIB3270_NOTIFY_SECURE,
+				.name = "SSL-CRLDECODE",
+				.summary = N_( "Can't decode CRL" )
+			};
+			message->code = hSession->ssl.error = ERR_get_error();
+			message->popup = &popup;
+			lib3270_write_log(hSession,"ssl","%s: %s",consturl, popup.summary);
 			return NULL;
 		}
-
-
 	}
 #ifdef HAVE_LDAP
 	else if(strncasecmp(consturl,"ldap://",7) == 0 && strlen(consturl) > 8)
@@ -85,10 +85,14 @@ int ssl_ctx_init(H3270 *hSession, SSL_ERROR_MESSAGE * message)
 	ssl_ctx = SSL_CTX_new(SSLv23_method());
 	if(ssl_ctx == NULL)
 	{
-		message->error = hSession->ssl.error = ERR_get_error();
-		message->id = "SSLCTXERR";
-		message->title = _( "Security error" );
-		message->text = _( "Cant initialize the SSL context." );
+		static const LIB3270_POPUP_DESCRIPTOR popup = {
+			.name = "SSL-CTXERROR",
+			.type = LIB3270_NOTIFY_SECURE,
+			.summary = N_( "Cant initialize the SSL context." )
+		};
+
+		message->code = hSession->ssl.error = ERR_get_error();
+		message->popup = &popup;
 		return -1;
 	}
@@ -58,12 +58,18 @@ LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE
 	X509_CRL * x509_crl = NULL;
 	size_t szText = 0;
-	lib3270_autoptr(char) httpText = lib3270_get_from_url(hSession, consturl, &szText, &message->description);
+	const char * error_message = NULL;
+	lib3270_autoptr(char) httpText = lib3270_get_from_url(hSession, consturl, &szText, &error_message);
 	if(!httpText)
 	{
-		message->title			= _( "Security error" );
-		message->text			= _( "Error getting certificate revocation list" );
+		LIB3270_POPUP_DESCRIPTOR popup = {
+			.type = LIB3270_NOTIFY_SECURE,
+			.name = "SSL-CantGetCRL",
+			.summary = N_( "Error getting certificate revocation list" ),
+			.body = error_message
+		};
+		message->popup = &popup;
 		return NULL;
 	}
@@ -76,9 +82,13 @@ LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE
 		char * data = strstr((char *) httpText,":: ");
 		if(!data)
 		{
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
+			static const LIB3270_POPUP_DESCRIPTOR popup = {
+				.type = LIB3270_NOTIFY_SECURE,
+				.summary = N_( "Got a bad formatted certificate revocation list from LDAP server" )
+			};
+
+			message->code = hSession->ssl.error = ERR_get_error();
+			message->popup = &popup;
 			lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n", consturl, httpText);
 			errno = EINVAL;
 			return NULL;
@@ -94,10 +104,15 @@ LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE
 		if(!d2i_X509_CRL_bio(bio, &x509_crl))
 		{
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Can't decode certificate revocation list got from LDAP server" );
-			lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
+			static const LIB3270_POPUP_DESCRIPTOR popup = {
+				.type = LIB3270_NOTIFY_SECURE,
+				.summary = N_( "Can't decode certificate revocation list got from LDAP server" )
+			};
+
+			message->code = hSession->ssl.error = ERR_get_error();
+			message->popup = &popup;
+
+			lib3270_write_log(hSession,"ssl","%s: %s",consturl, popup.summary);
 			errno = EINVAL;
 			return NULL;
 		}
@@ -111,10 +126,14 @@ LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE
 		if(!d2i_X509_CRL(&x509_crl, &crl_data, szText))
 		{
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Can't decode certificate revocation list" );
-			lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
+			static const LIB3270_POPUP_DESCRIPTOR popup = {
+				.type = LIB3270_NOTIFY_SECURE,
+				.summary = N_( "Can't decode certificate revocation list" )
+			};
+
+			message->code = hSession->ssl.error = ERR_get_error();
+			message->popup = &popup;
+			lib3270_write_log(hSession,"ssl","%s: %s",consturl, popup.summary);
 			return NULL;
 		}
@@ -103,9 +103,13 @@ static int background_ssl_init(H3270 *hSession, void *message)
 	hSession->ssl.con = SSL_new(ssl_ctx);
 	if(hSession->ssl.con == NULL)
 	{
-		((SSL_ERROR_MESSAGE *) message)->error = hSession->ssl.error = ERR_get_error();
-		((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
-		((SSL_ERROR_MESSAGE *) message)->text = _( "Cant create a new SSL structure for current connection." );
+		static const LIB3270_POPUP_DESCRIPTOR popup = {
+			.type = LIB3270_NOTIFY_SECURE,
+			.summary = N_( "Cant create a new SSL structure for current connection." )
+		};
+
+		((SSL_ERROR_MESSAGE *) message)->code = hSession->ssl.error = ERR_get_error();
+		((SSL_ERROR_MESSAGE *) message)->popup = &popup;
 		return -1;
 	}
@@ -238,9 +242,12 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 	{
 		trace_ssl(hSession,"%s","SSL_set_fd failed!\n");
-		((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
-		((SSL_ERROR_MESSAGE *) message)->text = _( "SSL negotiation failed" );
-		((SSL_ERROR_MESSAGE *) message)->description = _( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." );
+		static const LIB3270_POPUP_DESCRIPTOR popup = {
+			.summary = N_( "SSL negotiation failed" ),
+			.body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." )
+		};
+
+		((SSL_ERROR_MESSAGE *) message)->popup = &popup;
 		return -1;
 	}
@@ -262,18 +269,20 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 	if (rv != 1)
 	{
-		const char * msg = "";
+		((SSL_ERROR_MESSAGE *) message)->code = SSL_get_error(hSession->ssl.con,rv);
+		if(((SSL_ERROR_MESSAGE *) message)->code == SSL_ERROR_SYSCALL && hSession->ssl.error)
+			((SSL_ERROR_MESSAGE *) message)->code = hSession->ssl.error;
-		((SSL_ERROR_MESSAGE *) message)->error = SSL_get_error(hSession->ssl.con,rv);
-		if(((SSL_ERROR_MESSAGE *) message)->error == SSL_ERROR_SYSCALL && hSession->ssl.error)
-			((SSL_ERROR_MESSAGE *) message)->error = hSession->ssl.error;
-
-		msg = ERR_lib_error_string(((SSL_ERROR_MESSAGE *) message)->error);
+		const char * msg = ERR_lib_error_string(((SSL_ERROR_MESSAGE *) message)->code);
 		trace_ssl(hSession,"SSL_connect failed: %s %s\n",msg,ERR_reason_error_string(hSession->ssl.error));
-		((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
-		((SSL_ERROR_MESSAGE *) message)->text = _( "SSL Connect failed" );
+		static const LIB3270_POPUP_DESCRIPTOR popup = {
+			.type = LIB3270_NOTIFY_ERROR,
+			.summary = N_( "SSL Connect failed" ),
+		};
+
+		((SSL_ERROR_MESSAGE *) message)->popup = &popup;
 		return -1;
@@ -366,9 +375,12 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 		trace_ssl(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
 		set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
-		((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
-		((SSL_ERROR_MESSAGE *) message)->text = _( "Can't verify." );
-		((SSL_ERROR_MESSAGE *) message)->description = _( "Unexpected or invalid TLS/SSL verify result" );
+		static LIB3270_POPUP_DESCRIPTOR popup = {
+			.summary = N_( "Can't verify." ),
+			.body = N_( "Unexpected or invalid TLS/SSL verify result" )
+		};
+
+		((SSL_ERROR_MESSAGE *) message)->popup = &popup;
 		return EACCES;
 	}
@@ -388,9 +400,13 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 			set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
 #ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
-			((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
-			((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." );
-			((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." );
+			static const LIB3270_POPUP_DESCRIPTOR popup = {
+				.name = "SelfSignedCert",
+				.type = LIB3270_NOTIFY_SECURE,
+				.summary = N_( "The SSL certificate for this host is not trusted." ),
+				.body = N_( "The security certificate presented by this host was not issued by a trusted certificate authority." )
+			}
+			((SSL_ERROR_MESSAGE *) message)->popup = &popup;
 			return EACCES;
 #else
 			break;
@@ -399,21 +415,15 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 		default:
 			trace_ssl(hSession,"TLS/SSL verify result was %d (%s)\n", rv, msg->body);
-			debug("message: %s",msg->summary);
-			debug("description: %s",msg->body);
+			((SSL_ERROR_MESSAGE *) message)->popup = (LIB3270_POPUP_DESCRIPTOR *) msg;
-			((SSL_ERROR_MESSAGE *) message)->text = gettext(msg->summary);
-			((SSL_ERROR_MESSAGE *) message)->description = gettext(msg->body);
+			debug("message: %s",((SSL_ERROR_MESSAGE *) message)->popup->summary);
+			debug("description: %s",((SSL_ERROR_MESSAGE *) message)->popup->body);
 			set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
 			if(msg->type == LIB3270_NOTIFY_ERROR)
-			{
-				((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
 				return EACCES;
-			}
-
-			((SSL_ERROR_MESSAGE *) message)->title = _( "Security warning" );
 		}
@@ -448,45 +458,41 @@ int ssl_negotiate(H3270 *hSession)
 	rc = lib3270_run_task(hSession, background_ssl_negotiation, &msg);
-	if(rc == EACCES)
+	if(rc && msg.popup)
 	{
-		// SSL validation has failed
-
-		int abort = -1;
-
-		if(msg.description)
-			abort = popup_ssl_error(hSession,rc,msg.title,msg.text,msg.description);
-		else
-			abort = popup_ssl_error(hSession,rc,msg.title,msg.text,ERR_reason_error_string(msg.error));
+		// SSL Negotiation has failed.
+		host_disconnect(hSession,1); // Disconnect with "failed" status.
-		if(abort)
+		if(popup_ssl_error(hSession,rc,&msg))
 		{
 			host_disconnect(hSession,1); // Disconnect with "failed" status.
 			return rc;
 		}
-	}
-	else if(rc)
-	{
-		// SSL Negotiation has failed.
-		host_disconnect(hSession,1); // Disconnect with "failed" status.
+	} else if(rc) {
-		if(msg.description)
-			lib3270_popup_dialog(hSession, LIB3270_NOTIFY_ERROR, msg.title, msg.text, "%s", msg.description);
-		else
-			lib3270_popup_dialog(hSession, LIB3270_NOTIFY_ERROR, msg.title, msg.text, "%s", ERR_reason_error_string(msg.error));
+		// SSL Negotiation has failed, no popup to present.
+		const LIB3270_POPUP_DESCRIPTOR popup = {
+			.summary = N_("SSL negotiation has failed")
+		};
-		return rc;
+		msg.popup = &popup;
+		if(popup_ssl_error(hSession,rc,&msg))
+		{
+			host_disconnect(hSession,1); // Disconnect with "failed" status.
+			return rc;
+		}
 	}
-	/* Tell the world that we are (still) connected, now in secure mode. */
+	// Tell the world that we are (still) connected, now in secure mode.
 	lib3270_set_connected_initial(hSession);
 	non_blocking(hSession,True);
 	return 0;
 }
+
 int	ssl_init(H3270 *hSession) {
 	int rc;
@@ -502,10 +508,25 @@ int	ssl_init(H3270 *hSession) {
 		// SSL init has failed.
 		host_disconnect(hSession,1); // Disconnect with "failed" status.
-		if(msg.description)
-			lib3270_popup_dialog(hSession, LIB3270_NOTIFY_ERROR, msg.title, msg.text, "%s", msg.description);
+		if(msg.popup)
+		{
+			ssl_popup_message(hSession,&msg);
+		}
 		else
-			lib3270_popup_dialog(hSession, LIB3270_NOTIFY_ERROR, msg.title, msg.text, "%s", ERR_reason_error_string(msg.error));
+		{
+			LIB3270_POPUP_DESCRIPTOR popup = {
+				.summary = N_("Unexpected error on SSL initialization")
+			};
+
+			lib3270_autoptr(char) body = lib3270_strdup_printf("%s (rc=%d)",strerror(rc),rc);
+			popup.body = body;
+
+			msg.popup = &popup;
+			ssl_popup_message(hSession,&msg);
+			msg.popup = NULL;
+
+		}
+
 	}
@@ -43,16 +43,76 @@
 #include <openssl/err.h>
-int popup_ssl_error(H3270 GNUC_UNUSED(*hSession), int rc, const char GNUC_UNUSED(*title), const char *summary, const char *body)
+/**
+ * @brief Translate strings from ssl error message.
+ *
+ * @param msg	SSL error message descriptor.
+ * @param rc	Value of errno.
+ *
+ * @return Dynamically allocated popup description.
+ *
+ */
+static LIB3270_POPUP_DESCRIPTOR * translate_ssl_error_message(const SSL_ERROR_MESSAGE *msg, int rc)
 {
+	LIB3270_POPUP_DESCRIPTOR * popup;
+
+	if(msg->popup->body)
+	{
+		popup = lib3270_malloc(sizeof(LIB3270_POPUP_DESCRIPTOR));
+		memcpy(popup,msg->popup,sizeof(LIB3270_POPUP_DESCRIPTOR));
+		popup->body = dgettext(GETTEXT_PACKAGE,msg->popup->body);
+	}
+	else
+	{
+		lib3270_autoptr(char) body = NULL;
+		if(msg->code)
+		{
+			body = lib3270_strdup_printf(_( "%s (SSL error %d)" ),ERR_reason_error_string(msg->code),msg->code);
+		}
+#ifdef _WIN32
+		else if(msg->lasterror)
+		{
+			lib3270_autoptr(char) windows_error = lib3270_win32_translate_error_code(msg->lasterror);
+			body = lib3270_strdup_printf(_( "Windows error was \"%s\" (%u)" ), windows_error,(unsigned int) msg->lasterror);
+		}
+#endif
+		else if(rc) {
+			body = lib3270_strdup_printf(_( "%s (rc=%d)" ),strerror(rc),rc);
+		}
+
+		popup = lib3270_malloc(sizeof(LIB3270_POPUP_DESCRIPTOR)+strlen(body)+1);
+		memcpy(popup,msg->popup,sizeof(LIB3270_POPUP_DESCRIPTOR));
+		popup->body = (char *) (popup+1);
+		strcpy((char *) (popup+1),body);
+
+	}
+
+	if(popup->summary)
+		popup->summary = dgettext(GETTEXT_PACKAGE,popup->summary);
+
+	if(popup->title)
+		popup->title = dgettext(GETTEXT_PACKAGE,popup->title);
+	else
+		popup->title = _("Security alert");
+
+	return popup;
+}
+
+
+int popup_ssl_error(H3270 GNUC_UNUSED(*hSession), int rc, const SSL_ERROR_MESSAGE *msg)
+{
+	int response = 0;
+
+	LIB3270_POPUP_DESCRIPTOR * popup = translate_ssl_error_message(msg,0);
+
 #ifdef _WIN32
 	lib3270_autoptr(char) rcMessage = lib3270_strdup_printf("The error code was %d",rc);
 	const char *outMsg[] = {
-		title,
-		summary,
-		(body ? body : ""),
+		popup->title,
+		popup->summary,
+		(popup->body ? popup->body : ""),
 		rcMessage
 	};
@@ -70,63 +130,42 @@ int popup_ssl_error(H3270 GNUC_UNUSED(*hSession), int rc, const char GNUC_UNUSED
 #else
-	lib3270_write_log(hSession, "SSL", "%s %s (rc=%d)", summary, (body ? body : ""), rc);
+	lib3270_write_log(hSession, "SSL", "%s %s (rc=%d)", popup->summary, (popup->body ? popup->body : ""), rc);
 #endif // _WIN32
 #ifdef SSL_ENABLE_NOTIFICATION_WHEN_FAILED
-	return hSession->cbk.popup_ssl_error(hSession,rc,title,summary,body);
-
-#else
+	response = hSession->cbk.popup_ssl_error(
+							hSession,
+							rc,
+							popup->title,
+							popup->summary,
+							popup->body
+						);
-	return 0;
 #endif // SSL_ENABLE_NOTIFICATION_WHEN_FAILED
-}
-int notify_ssl_error(H3270 *hSession, int rc, const SSL_ERROR_MESSAGE *message)
-{
-	lib3270_write_log(
-		hSession,
-		"SSL-CRL-GET",
-		"CRL GET error: %s (rc=%d ssl_error=%d)",
-			message->title,
-			rc,
-			message->error
-	);
+	lib3270_free(popup);
+	return response;
-	if(message->description)
-	{
-		if(popup_ssl_error(hSession,rc,message->title,message->text,message->description))
-			return rc;
-	}
-#ifdef _WIN32
-	else if(message->lasterror)
-	{
-		lib3270_autoptr(char) windows_error = lib3270_win32_translate_error_code(message->lasterror);
-		lib3270_autoptr(char) formatted_error = lib3270_strdup_printf(_( "Windows error was \"%s\" (%u)" ), windows_error,(unsigned int) message->lasterror);
+}
-		if(popup_ssl_error(hSession,rc,message->title,message->text,formatted_error))
-			return rc;
+void ssl_popup_message(H3270 *hSession, const SSL_ERROR_MESSAGE *msg) {
-	}
-#endif // WIN32
-	else if(message->error)
-	{
-		lib3270_autoptr(char) formatted_error = lib3270_strdup_printf(_( "%s (SSL error %d)" ),ERR_reason_error_string(message->error),message->error);
-		lib3270_write_log(hSession,"SSL-CRL-GET","%s",formatted_error);
+	LIB3270_POPUP_DESCRIPTOR * popup = translate_ssl_error_message(msg,0);
-		if(popup_ssl_error(hSession,rc,message->title,message->text,formatted_error))
-			return rc;
-	}
-	else
-	{
-		if(popup_ssl_error(hSession,rc,message->title,message->text,""))
-			return rc;
-	}
+	lib3270_popup_dialog(
+		hSession,
+		popup->type,
+		popup->title,
+		popup->summary,
+		"%s", popup->body
+	);
+
+	lib3270_free(popup);
-	return 0;
 }
 #endif // defined(HAVE_LIBSSL)
	@@ -126,7 +126,7 @@		@@ -126,7 +126,7 @@
126	set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);	126	set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);
127	int rc = lib3270_run_task(hSession, background_ssl_init, &ssl_error);	127	int rc = lib3270_run_task(hSession, background_ssl_init, &ssl_error);
128		128
129	- if(rc && notify_ssl_error(hSession, rc, &ssl_error))	129	+ if(rc && popup_ssl_error(hSession, rc, &ssl_error))
130	return errno = rc;	130	return errno = rc;
131		131
132	set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);	132	set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
	@@ -88,6 +88,20 @@		@@ -88,6 +88,20 @@
88	LIB3270_EXPORT LIB3270_NOTIFY lib3270_get_ssl_state_icon(const H3270 *hSession);	88	LIB3270_EXPORT LIB3270_NOTIFY lib3270_get_ssl_state_icon(const H3270 *hSession);
89	LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(const H3270 *hSession);	89	LIB3270_EXPORT const char * lib3270_get_ssl_state_icon_name(const H3270 *hSession);
90		90
		91	+ /**
		92	+ * @brief Emit popup message.
		93	+ *
		94	+ * @param hSession TN3270 Session handle.
		95	+ * @param popup Popup descriptor.
		96	+ * @param wait If non zero waits for user response.
		97	+ *
		98	+ * @return User action.
		99	+ *
		100	+ * @retval 0 User has confirmed, continue action.
		101	+ * @retval ECANCELED Operation was cancelled.
		102	+ */
		103	+ LIB3270_EXPORT int lib3270_emit_popup(H3270 hSession, const LIB3270_POPUP_DESCRIPTOR popup, unsigned char wait);
		104	+
91	#ifdef __cplusplus	105	#ifdef __cplusplus
92	}	106	}
93	#endif	107	#endif