Merge branch 'develop' into network_module

Perry Werneck
2 parents 90182b09 17656d6c
Showing 2 changed files with 5 additions and 18 deletions Show diff stats
src/include/lib3270/ssl.h
src/network_modules/openssl/start.c
@@ -51,6 +51,7 @@
 		LIB3270_SSL_SECURE,				/**< @brief Connection secure with CA check */
 		LIB3270_SSL_NEGOTIATED,			/**< @brief Connection secure, no CA, self-signed or expired CRL */
 		LIB3270_SSL_NEGOTIATING,		/**< @brief Negotiating SSL */
+		LIB3270_SSL_VERIFYING,			/**< @brief Verifying SSL (Getting CRL) */
 		LIB3270_SSL_UNDEFINED			/**< @brief Undefined */
 	} LIB3270_SSL_STATE;
  
@@ -274,6 +274,8 @@
 		// CRL download is enabled and verification has failed; look for CRL file.
  
 		trace_ssl(hSession,"CRL Validation has failed, requesting CRL download\n");
+		set_ssl_state(hSession,LIB3270_SSL_VERIFYING);
+
 		if(context->crl.url) {
 			import_crl(hSession, ctx_context,context,context->crl.url);
 		} else {
@@ -306,29 +308,13 @@
 	}
  
 	// Check results.
-	/*
-	switch(verify_result) {
-	case X509_V_OK:
-		trace_ssl(hSession,"TLS/SSL negotiated connection complete. Peer certificate %s presented.\n", peer ? "was" : "was not");
-		break;
-
-#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-		trace_ssl(hSession,"TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n");
-		set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
-		return EACCES;
-#endif
-
-	default:
-		set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
-	}
-	*/
-
 	if(hSession->ssl.message)
 		trace_ssl(hSession,"%s",hSession->ssl.message->summary);
 	else
 		trace_ssl(hSession,"TLS/SSL verify result was %ld\n", verify_result);
  
+	set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
+
 	return 0;
  
 }
...	...	@@ -51,6 +51,7 @@
51	51	LIB3270_SSL_SECURE, /*< @brief Connection secure with CA check /
52	52	LIB3270_SSL_NEGOTIATED, /*< @brief Connection secure, no CA, self-signed or expired CRL /
53	53	LIB3270_SSL_NEGOTIATING, /*< @brief Negotiating SSL /
	54	+ LIB3270_SSL_VERIFYING, /*< @brief Verifying SSL (Getting CRL) /
54	55	LIB3270_SSL_UNDEFINED /*< @brief Undefined /
55	56	} LIB3270_SSL_STATE;
56	57
...	...
...	...	@@ -274,6 +274,8 @@
274	274	// CRL download is enabled and verification has failed; look for CRL file.
275	275
276	276	trace_ssl(hSession,"CRL Validation has failed, requesting CRL download\n");
	277	+ set_ssl_state(hSession,LIB3270_SSL_VERIFYING);
	278	+
277	279	if(context->crl.url) {
278	280	import_crl(hSession, ctx_context,context,context->crl.url);
279	281	} else {
...	...	@@ -306,29 +308,13 @@
306	308	}
307	309
308	310	// Check results.
309		- /*
310		- switch(verify_result) {
311		- case X509_V_OK:
312		- trace_ssl(hSession,"TLS/SSL negotiated connection complete. Peer certificate %s presented.\n", peer ? "was" : "was not");
313		- break;
314		-
315		-#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
316		- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
317		- trace_ssl(hSession,"TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n");
318		- set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
319		- return EACCES;
320		-#endif
321		-
322		- default:
323		- set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
324		- }
325		- */
326		-
327	311	if(hSession->ssl.message)
328	312	trace_ssl(hSession,"%s",hSession->ssl.message->summary);
329	313	else
330	314	trace_ssl(hSession,"TLS/SSL verify result was %ld\n", verify_result);
331	315
	316	+ set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
	317	+
332	318	return 0;
333	319
334	320	}
...	...