Commit ddf48c522b973ee8363e5f3ef56fcb42c62073d5
1 parent
4d11746a
Exists in
master
and in
3 other branches
Adding property to enable/disable the CRL download.
Showing
3 changed files
with
36 additions
and
0 deletions
Show diff stats
src/core/properties/boolean.c
| ... | ... | @@ -52,11 +52,21 @@ |
| 52 | 52 | hSession->ssl.crl.download = enabled ? 1 : 0; |
| 53 | 53 | return 0; |
| 54 | 54 | } |
| 55 | + | |
| 56 | +LIB3270_EXPORT int lib3270_ssl_get_crl_download(const H3270 *hSession) | |
| 57 | +{ | |
| 58 | + return hSession->ssl.crl.download; | |
| 59 | +} | |
| 55 | 60 | #else |
| 56 | 61 | LIB3270_EXPORT int lib3270_ssl_set_crl_download(H3270 GNUC_UNUSED(*hSession), int GNUC_UNUSED(enabled)) |
| 57 | 62 | { |
| 58 | 63 | return errno = ENOTSUP; |
| 59 | 64 | } |
| 65 | + | |
| 66 | + LIB3270_EXPORT int lib3270_ssl_get_crl_download(H3270 GNUC_UNUSED(*hSession)) | |
| 67 | + { | |
| 68 | + return 0; | |
| 69 | + } | |
| 60 | 70 | #endif // SSL_ENABLE_CRL_CHECK |
| 61 | 71 | |
| 62 | 72 | const LIB3270_INT_PROPERTY * lib3270_get_boolean_properties_list(void) |
| ... | ... | @@ -199,6 +209,13 @@ |
| 199 | 209 | }, |
| 200 | 210 | |
| 201 | 211 | { |
| 212 | + .name = "crlget", // Property name. | |
| 213 | + .description = N_( "Non zero if the download of CRL is enabled" ), // Property description. | |
| 214 | + .get = lib3270_ssl_get_crl_download, // Get value. | |
| 215 | + .set = lib3270_ssl_set_crl_download // Set value. | |
| 216 | + }, | |
| 217 | + | |
| 218 | + { | |
| 202 | 219 | .name = NULL, |
| 203 | 220 | .description = NULL, |
| 204 | 221 | .get = NULL, | ... | ... |
src/include/lib3270/properties.h
src/ssl/negotiate.c
| ... | ... | @@ -57,6 +57,7 @@ |
| 57 | 57 | #include <lib3270/trace.h> |
| 58 | 58 | #include <lib3270/log.h> |
| 59 | 59 | #include <lib3270/toggle.h> |
| 60 | +#include <lib3270/properties.h> | |
| 60 | 61 | #include "hostc.h" // host_disconnect |
| 61 | 62 | #include "trace_dsc.h" |
| 62 | 63 | |
| ... | ... | @@ -412,6 +413,22 @@ static int background_ssl_negotiation(H3270 *hSession, void *message) |
| 412 | 413 | break; |
| 413 | 414 | #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK |
| 414 | 415 | |
| 416 | + case X509_V_ERR_UNABLE_TO_GET_CRL: | |
| 417 | + | |
| 418 | + trace_ssl(hSession,"TLS/SSL verify result was %d (%s)\n", rv, msg->body); | |
| 419 | + | |
| 420 | + ((SSL_ERROR_MESSAGE *) message)->popup = (LIB3270_POPUP *) msg; | |
| 421 | + | |
| 422 | + debug("message: %s",((SSL_ERROR_MESSAGE *) message)->popup->summary); | |
| 423 | + debug("description: %s",((SSL_ERROR_MESSAGE *) message)->popup->body); | |
| 424 | + | |
| 425 | + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED); | |
| 426 | + | |
| 427 | + if(msg->type == LIB3270_NOTIFY_ERROR && lib3270_ssl_get_crl_download(hSession)) | |
| 428 | + return EACCES; | |
| 429 | + | |
| 430 | + break; | |
| 431 | + | |
| 415 | 432 | default: |
| 416 | 433 | trace_ssl(hSession,"TLS/SSL verify result was %d (%s)\n", rv, msg->body); |
| 417 | 434 | ... | ... |