Download as
Browse Code »

Commit f8ac85c9184747a8510839313cd9b299b7f5352e

Authored by Perry Werneck
1 parent 8af83f25
Exists in master and in 3 other branches develop, macos, network_module

Implementing OpenSSL network module

Showing 14 changed files with 341 additions and 259 deletions   Show diff stats
Makefile.in
  Diff comments   View file @f8ac85c
... ... @@ -32,7 +32,7 @@ LIBNAME=lib@LIB3270_NAME@
32 32 PRODUCT_NAME=@PRODUCT_NAME@
33 33 INSTALL_PACKAGES=@INSTALL_PACKAGES@
34 34  
35   -NETWORK_MODULES=default
  35 +NETWORK_MODULES=default openssl
36 36  
37 37 SOURCES= \
38 38 $(wildcard src/core/*.c) \
... ...
lib3270.cbp
  Diff comments   View file @f8ac85c
... ... @@ -311,6 +311,9 @@
311 311 <Option compilerVar="CC" />
312 312 </Unit>
313 313 <Unit filename="src/network_modules/default/private.h" />
  314 + <Unit filename="src/network_modules/openssl/context.c">
  315 + <Option compilerVar="CC" />
  316 + </Unit>
314 317 <Unit filename="src/network_modules/openssl/main.c">
315 318 <Option compilerVar="CC" />
316 319 </Unit>
... ...
src/core/linux/connect.c
  Diff comments   View file @f8ac85c
... ... @@ -59,6 +59,9 @@
59 59  
60 60 int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
61 61  
  62 + // Reset state
  63 + set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
  64 +
62 65 //
63 66 // Resolve hostname
64 67 //
... ... @@ -194,6 +197,8 @@
194 197 memset(&state,0,sizeof(state));
195 198  
196 199 // Initialize and connect to host
  200 + set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
  201 +
197 202 if(lib3270_run_task(hSession, (int(*)(H3270 *, void *)) hSession->network.module->connect, &state))
198 203 {
199 204 lib3270_autoptr(LIB3270_POPUP) popup =
... ...
src/core/session.c
  Diff comments   View file @f8ac85c
... ... @@ -286,8 +286,6 @@ void lib3270_reset_callbacks(H3270 *hSession)
286 286 // Default calls
287 287 memset(&hSession->cbk,0,sizeof(hSession->cbk));
288 288  
289   - hSession->cbk.write = lib3270_sock_send;
290   -// hSession->cbk.disconnect = lib3270_sock_disconnect;
291 289 hSession->cbk.update = update_char;
292 290 hSession->cbk.update_model = update_model;
293 291 hSession->cbk.update_cursor = update_cursor;
... ...
src/core/telnet.c
  Diff comments   View file @f8ac85c
... ... @@ -1548,7 +1548,7 @@ static void net_rawout(H3270 *hSession, unsigned const char *buf, size_t len)
1548 1548  
1549 1549 while (len)
1550 1550 {
1551   - int nw = hSession->cbk.write(hSession,buf,len);
  1551 + int nw = lib3270_sock_send(hSession,buf,len);
1552 1552  
1553 1553 if (nw > 0)
1554 1554 {
... ...
src/include/internals.h
  Diff comments   View file @f8ac85c
... ... @@ -735,7 +735,6 @@ LIB3270_INTERNAL void toggle_rectselect(H3270 *session, const struct lib3270_tog
735 735 LIB3270_INTERNAL void remove_input_calls(H3270 *session);
736 736  
737 737 LIB3270_INTERNAL int lib3270_sock_send(H3270 *hSession, unsigned const char *buf, int len);
738   -// LIB3270_INTERNAL void lib3270_sock_disconnect(H3270 *hSession);
739 738  
740 739 LIB3270_INTERNAL int lib3270_default_event_dispatcher(H3270 *hSession, int block);
741 740  
... ...
src/include/lib3270/session.h
  Diff comments   View file @f8ac85c
... ... @@ -48,9 +48,6 @@
48 48  
49 49 struct lib3270_session_callbacks
50 50 {
51   - int (*write)(H3270 *hSession, unsigned const char *buf, int len);
52   -// void (*disconnect)(H3270 *hSession);
53   -
54 51 void (*configure)(H3270 *session, unsigned short rows, unsigned short cols);
55 52 void (*update)(H3270 *session, int baddr, unsigned char c, unsigned short attr, unsigned char cursor);
56 53 void (*changed)(H3270 *session, int offset, int len);
... ...
src/include/networking.h
  Diff comments   View file @f8ac85c
... ... @@ -34,6 +34,9 @@
34 34 #include <lib3270/popup.h>
35 35 #include <sys/socket.h>
36 36  
  37 + typedef struct _lib3270_network_popup LIB3270_NETWORK_POPUP;
  38 + typedef struct _lib3270_net_context LIB3270_NET_CONTEXT;
  39 +
37 40 typedef struct lib3270_network_state {
38 41  
39 42 int syserror; ///< @brief System error (errno)
... ... @@ -43,12 +46,10 @@
43 46  
44 47 const char * error_message; /// @brief System error message.
45 48  
46   - const LIB3270_POPUP *popup; /// @brief Detailed info for popup.
  49 + const LIB3270_NETWORK_POPUP *popup; /// @brief Detailed info for popup.
47 50  
48 51 } LIB3270_NETWORK_STATE;
49 52  
50   - typedef struct _lib3270_net_context LIB3270_NET_CONTEXT;
51   -
52 53 typedef struct lib3270_net_module {
53 54  
54 55 /// @brief Protocol name for URL.
... ... @@ -157,5 +158,7 @@
157 158 */
158 159 LIB3270_INTERNAL void lib3270_set_default_network_module(H3270 *hSession);
159 160  
  161 + LIB3270_INTERNAL int lib3270_activate_ssl_network_module(H3270 *hSession, int sock, LIB3270_NETWORK_STATE *state);
  162 +
160 163 #endif // LIB3270_NETWORKING_H_INCLUDED
161 164  
... ...
src/network_modules/default/main.c
  Diff comments   View file @f8ac85c
... ... @@ -50,9 +50,13 @@
50 50  
51 51 debug("%s",__FUNCTION__);
52 52  
53   - if(hSession->network.context->sock >= 0) {
  53 + if(hSession->network.context->sock > 0) {
54 54 shutdown(hSession->network.context->sock, 2);
  55 +#ifdef _WIN32
  56 + sockclose(hSession->network.context->sock);
  57 +#else
55 58 close(hSession->network.context->sock);
  59 +#endif // _WIN32
56 60 hSession->network.context->sock = -1;
57 61 }
58 62  
... ... @@ -244,10 +248,18 @@ static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *stat
244 248 return 0;
245 249 }
246 250  
247   -static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) {
  251 +static int unsecure_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) {
248 252  
249 253 if(hSession->ssl.host) {
250 254  
  255 + // TLS/SSL is required, replace network module with the OpenSSL one.
  256 + int rc = lib3270_activate_ssl_network_module(hSession, hSession->network.context->sock, msg);
  257 +
  258 + if(!rc)
  259 + rc = hSession->network.module->start_tls(hSession,msg);
  260 +
  261 + return rc;
  262 +/*
251 263 // TODO: Replace network module with the openssl version, initialize and execute start_tls on it.
252 264  
253 265 static const LIB3270_POPUP popup = {
... ... @@ -259,6 +271,7 @@ static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETW
259 271 msg->popup = &popup;
260 272  
261 273 return ENOTSUP;
  274 +*/
262 275  
263 276 }
264 277  
... ...
src/network_modules/openssl/context.c 0 → 100644
  Diff comments   View file @f8ac85c
... ... @@ -0,0 +1,203 @@
  1 +/*
  2 + * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
  3 + * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
  4 + * aplicativos mainframe. Registro no INPI sob o nome G3270.
  5 + *
  6 + * Copyright (C) <2008> <Banco do Brasil S.A.>
  7 + *
  8 + * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
  9 + * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
  10 + * Free Software Foundation.
  11 + *
  12 + * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
  13 + * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
  14 + * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
  15 + * obter mais detalhes.
  16 + *
  17 + * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
  18 + * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
  19 + * St, Fifth Floor, Boston, MA 02110-1301 USA
  20 + *
  21 + * Este programa está nomeado como - e possui - linhas de código.
  22 + *
  23 + * Contatos:
  24 + *
  25 + * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
  26 + * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
  27 + *
  28 + *
  29 + * References:
  30 + *
  31 + * http://www.openssl.org/docs/ssl/
  32 + * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
  33 + *
  34 + */
  35 +
  36 +/**
  37 + * @brief OpenSSL initialization for linux.
  38 + */
  39 +
  40 +#include "private.h"
  41 +
  42 +#include <openssl/err.h>
  43 +#include <openssl/x509_vfy.h>
  44 +
  45 +#ifndef SSL_ST_OK
  46 + #define SSL_ST_OK 3
  47 +#endif // !SSL_ST_OK
  48 +
  49 +#if OPENSSL_VERSION_NUMBER >= 0x00907000L
  50 + #define INFO_CONST const
  51 +#else
  52 + #define INFO_CONST
  53 +#endif
  54 +
  55 +/*--[ Implement ]------------------------------------------------------------------------------------*/
  56 +
  57 +// @brief Index of h3270 handle in SSL session.
  58 +static int ssl_ex_index = 0;
  59 +
  60 +/// @brief Callback for tracing protocol negotiation.
  61 +static void info_callback(INFO_CONST SSL *s, int where, int ret)
  62 +{
  63 + H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index);
  64 + LIB3270_NET_CONTEXT * context = hSession->network.context;
  65 +
  66 + switch(where)
  67 + {
  68 + case SSL_CB_CONNECT_LOOP:
  69 + trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
  70 + break;
  71 +
  72 + case SSL_CB_CONNECT_EXIT:
  73 +
  74 + trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
  75 +
  76 + if (ret == 0)
  77 + {
  78 + context->state.message = SSL_state_string_long(s);
  79 + trace_ssl(hSession,"SSL_connect: failed in %s\n",context->state.message);
  80 + }
  81 + else if (ret < 0)
  82 + {
  83 + unsigned long e = ERR_get_error();
  84 + context->state.message = NULL;
  85 +
  86 + char err_buf[1024];
  87 +
  88 + if(e != 0)
  89 + {
  90 + context->state.error = e;
  91 + (void) ERR_error_string_n(e, err_buf, 1023);
  92 + }
  93 +#if defined(_WIN32)
  94 + else if (GetLastError() != 0)
  95 + {
  96 + strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
  97 + }
  98 +#else
  99 + else if (errno != 0)
  100 + {
  101 + strncpy(err_buf, strerror(errno),1023);
  102 + }
  103 +#endif
  104 + else
  105 + {
  106 + err_buf[0] = '\0';
  107 + }
  108 +
  109 + trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
  110 + ret,
  111 + err_buf,
  112 + SSL_state_string_long(s),
  113 + SSL_alert_type_string_long(ret)
  114 + );
  115 +
  116 + }
  117 + break;
  118 +
  119 + default:
  120 + context->state.message = SSL_state_string_long(s);
  121 + trace_ssl(hSession,"SSL Current state is \"%s\"\n",context->state.message);
  122 + }
  123 +
  124 +#ifdef DEBUG
  125 + if(where & SSL_CB_EXIT)
  126 + {
  127 + trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
  128 + }
  129 +#endif
  130 +
  131 + if(where & SSL_CB_ALERT)
  132 + {
  133 + context->state.alert = SSL_alert_type_string_long(ret);
  134 + trace_ssl(hSession,"SSL ALERT: %s\n",context->state.alert);
  135 + }
  136 +
  137 + if(where & SSL_CB_HANDSHAKE_DONE)
  138 + {
  139 + trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
  140 + if(SSL_get_state(s) == SSL_ST_OK)
  141 + set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
  142 + else
  143 + set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
  144 + }
  145 +}
  146 +
  147 +SSL_CTX * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  148 +
  149 + static SSL_CTX * context = NULL;
  150 +
  151 + if(context)
  152 + return context;
  153 +
  154 + trace_ssl(hSession,"Initializing SSL context.\n");
  155 +
  156 + SSL_load_error_strings();
  157 + SSL_library_init();
  158 +
  159 + context = SSL_CTX_new(SSLv23_method());
  160 + if(context == NULL)
  161 + {
  162 + static const LIB3270_NETWORK_POPUP popup = {
  163 + .type = LIB3270_NOTIFY_SECURE,
  164 + .icon = "dialog-error",
  165 + .summary = N_( "Can't initialize the TLS/SSL context." ),
  166 + };
  167 +
  168 + hSession->network.context->state.popup = state->popup = &popup;
  169 + hSession->network.context->state.error = ERR_get_error();
  170 + return NULL;
  171 + }
  172 +
  173 + SSL_CTX_set_options(context, SSL_OP_ALL);
  174 + SSL_CTX_set_info_callback(context, info_callback);
  175 +
  176 + SSL_CTX_set_default_verify_paths(context);
  177 +
  178 + ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
  179 +
  180 +#ifdef SSL_ENABLE_CRL_CHECK
  181 +
  182 + // Enable CRL check
  183 + X509_STORE *store = SSL_CTX_get_cert_store(context);
  184 + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
  185 + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
  186 + X509_STORE_set1_param(store, param);
  187 + X509_VERIFY_PARAM_free(param);
  188 +
  189 + trace_ssl(hSession,"OpenSSL state context initialized with CRL check.\n");
  190 +
  191 +#else
  192 +
  193 + trace_ssl(hSession,"OpenSSL state context initialized without CRL check.\n");
  194 +
  195 +#endif // SSL_ENABLE_CRL_CHECK
  196 +
  197 + return context;
  198 +
  199 +}
  200 +
  201 +int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
  202 + return ssl_ex_index;
  203 +}
... ...
src/network_modules/openssl/main.c
  Diff comments   View file @f8ac85c
... ... @@ -46,7 +46,6 @@ static void openssl_network_finalize(H3270 *hSession) {
46 46  
47 47 debug("%s",__FUNCTION__);
48 48  
49   -
50 49 if(hSession->network.context) {
51 50  
52 51 // Cleanupp
... ... @@ -63,6 +62,23 @@ static void openssl_network_finalize(H3270 *hSession) {
63 62  
64 63 static int openssl_network_disconnect(H3270 *hSession) {
65 64  
  65 + LIB3270_NET_CONTEXT * context = hSession->network.context;
  66 +
  67 + if(context->con) {
  68 + SSL_shutdown(context->con);
  69 + SSL_free(context->con);
  70 + context->con = NULL;
  71 + }
  72 +
  73 + if(context->sock > 0) {
  74 + shutdown(context->sock, 2);
  75 +#ifdef _WIN32
  76 + sockclose(context->sock);
  77 +#else
  78 + close(context->sock);
  79 +#endif // _WIN32
  80 + context->sock = -1;
  81 + }
66 82  
67 83 }
68 84  
... ... @@ -97,7 +113,7 @@ static int openssl_network_setsockopt(H3270 *hSession, int level, int optname, c
97 113 static int openssl_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) {
98 114 }
99 115  
100   -static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  116 +static int openssl_network_init(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
101 117  
102 118 set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
103 119  
... ... @@ -106,13 +122,19 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
106 122 return -1;
107 123  
108 124 //
109   - // Prepare for connection
  125 + // Create SSL context.
110 126 //
111   - LIB3270_NET_CONTEXT *context = hSession->network.context;
  127 + LIB3270_NET_CONTEXT * context = hSession->network.context;
  128 +
  129 +}
  130 +
  131 +static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
  132 +
  133 + LIB3270_NET_CONTEXT * context = hSession->network.context;
112 134  
113 135 if(context->crl.cert) {
114 136  
115   - // Release CRL if expired.
  137 + // Has CRL, release if expired.
116 138 // https://stackoverflow.com/questions/23407376/testing-x509-certificate-expiry-date-with-c
117 139 // X509_CRL_get_nextUpdate is deprecated in openssl 1.1.0
118 140  
... ... @@ -147,6 +169,8 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
147 169 //
148 170 // Enable SSL & Connect to host.
149 171 //
  172 + set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
  173 +
150 174 hSession->ssl.host = 1;
151 175 context->sock = lib3270_network_connect(hSession, state);
152 176  
... ... @@ -185,7 +209,7 @@ static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *sta
185 209 {
186 210 trace_ssl(hSession,"%s","SSL_set_fd failed!\n");
187 211  
188   - static const LIB3270_POPUP popup = {
  212 + static const LIB3270_NETWORK_POPUP popup = {
189 213 .summary = N_( "SSL negotiation failed" ),
190 214 .body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." )
191 215 };
... ... @@ -254,7 +278,19 @@ void lib3270_set_openssl_network_module(H3270 *hSession) {
254 278 hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT));
255 279 memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT));
256 280  
257   -
  281 + hSession->network.context->sock = -1;
258 282  
259 283 hSession->network.module = &module;
260 284 }
  285 +
  286 +int lib3270_activate_ssl_network_module(H3270 *hSession, int sock, LIB3270_NETWORK_STATE *state) {
  287 +
  288 + lib3270_set_openssl_network_module(hSession);
  289 +
  290 + int rc = openssl_network_init(hSession, state);
  291 +
  292 + hSession->network.context->sock = sock;
  293 +
  294 + return rc;
  295 +
  296 +}
... ...
src/network_modules/openssl/private.h
  Diff comments   View file @f8ac85c
... ... @@ -43,11 +43,20 @@
43 43  
44 44 #include <lib3270.h>
45 45 #include <lib3270/log.h>
  46 + #include <lib3270/popup.h>
46 47 #include <internals.h>
  48 + #include <networking.h>
  49 + #include <trace_dsc.h>
47 50  
48 51 #include <openssl/ssl.h>
49 52 #include <openssl/x509.h>
50 53  
  54 + struct _lib3270_network_popup {
  55 + LIB3270_POPUP_HEAD
  56 + long id;
  57 + const char * icon; ///< @brief Icon name from https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
  58 + };
  59 +
51 60 struct _lib3270_net_context {
52 61  
53 62 int sock; ///< @brief Session socket.
... ... @@ -61,9 +70,18 @@
61 70 X509_CRL * cert; ///< @brief Loaded CRL (can be null).
62 71 } crl;
63 72  
  73 + struct {
  74 + const LIB3270_NETWORK_POPUP * popup; ///< @brief The active popup for the session.
  75 + unsigned long error; ///< @brief The last OpenSSL error code.
  76 + const char * message; ///< @brief The last OpenSSL state message.
  77 + const char * alert; ///< @brief The last OpenSSL alert message.
  78 + } state;
  79 +
64 80 };
65 81  
66   - LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
67   - LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession);
  82 + LIB3270_INTERNAL SSL_CTX * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
  83 + LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession);
  84 + LIB3270_INTERNAL const LIB3270_NETWORK_POPUP * lib3270_openssl_get_popup_from_error_code(long id);
  85 +
68 86  
69 87 #endif // !LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED
... ...
src/network_modules/openssl/states.c
  Diff comments   View file @f8ac85c
... ... @@ -35,15 +35,17 @@
35 35 #include <openssl/ssl.h>
36 36 #include <openssl/err.h>
37 37  
  38 +#include "private.h"
  39 +
38 40 /*--[ Implement ]------------------------------------------------------------------------------------*/
39 41  
40   -static const struct ssl_status_msg status_msg[] =
  42 +static const LIB3270_NETWORK_POPUP popups[] =
41 43 {
42 44 // http://www.openssl.org/docs/apps/verify.html
43 45 {
44 46 .id = X509_V_OK,
45 47 .type = LIB3270_NOTIFY_SECURE,
46   - .iconName = "security-high",
  48 + .icon = "security-high",
47 49 .summary = N_( "Secure connection was successful." ),
48 50 .body = N_( "The connection is secure and the host identity was confirmed." )
49 51 },
... ... @@ -51,7 +53,7 @@ static const struct ssl_status_msg status_msg[] =
51 53 {
52 54 .id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
53 55 .type = LIB3270_NOTIFY_ERROR,
54   - .iconName = "dialog-error",
  56 + .icon = "dialog-error",
55 57 .summary = N_( "Unable to get issuer certificate" ),
56 58 .body = N_( "The issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete." )
57 59 },
... ... @@ -60,7 +62,7 @@ static const struct ssl_status_msg status_msg[] =
60 62 .id = X509_V_ERR_UNABLE_TO_GET_CRL,
61 63 .name = "X509_V_ERR_UNABLE_TO_GET_CRL",
62 64 .type = LIB3270_NOTIFY_ERROR,
63   - .iconName = "dialog-error",
  65 + .icon = "dialog-error",
64 66 .summary = N_( "Unable to get certificate CRL." ),
65 67 .body = N_( "The Certificate revocation list (CRL) of a certificate could not be found." )
66 68 },
... ... @@ -68,7 +70,7 @@ static const struct ssl_status_msg status_msg[] =
68 70 {
69 71 .id = X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
70 72 .type = LIB3270_NOTIFY_ERROR,
71   - .iconName = "dialog-error",
  73 + .icon = "dialog-error",
72 74 .summary = N_( "Unable to decrypt certificate's signature" ),
73 75 .body = N_( "The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys." )
74 76 },
... ... @@ -76,7 +78,7 @@ static const struct ssl_status_msg status_msg[] =
76 78 {
77 79 .id = X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
78 80 .type = LIB3270_NOTIFY_ERROR,
79   - .iconName = "dialog-error",
  81 + .icon = "dialog-error",
80 82 .summary = N_( "Unable to decrypt CRL's signature" ),
81 83 .body = N_( "The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused." )
82 84 },
... ... @@ -84,7 +86,7 @@ static const struct ssl_status_msg status_msg[] =
84 86 {
85 87 .id = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
86 88 .type = LIB3270_NOTIFY_ERROR,
87   - .iconName = "dialog-error",
  89 + .icon = "dialog-error",
88 90 .summary = N_( "Unable to decode issuer public key" ),
89 91 .body = N_( "The public key in the certificate SubjectPublicKeyInfo could not be read." )
90 92 },
... ... @@ -92,7 +94,7 @@ static const struct ssl_status_msg status_msg[] =
92 94 {
93 95 .id = X509_V_ERR_CERT_SIGNATURE_FAILURE,
94 96 .type = LIB3270_NOTIFY_ERROR,
95   - .iconName = "dialog-error",
  97 + .icon = "dialog-error",
96 98 .summary = N_( "Certificate signature failure" ),
97 99 .body = N_( "The signature of the certificate is invalid." )
98 100 },
... ... @@ -100,7 +102,7 @@ static const struct ssl_status_msg status_msg[] =
100 102 {
101 103 .id = X509_V_ERR_CRL_SIGNATURE_FAILURE,
102 104 .type = LIB3270_NOTIFY_ERROR,
103   - .iconName = "dialog-error",
  105 + .icon = "dialog-error",
104 106 .summary = N_( "CRL signature failure" ),
105 107 .body = N_( "The signature of the certificate is invalid." )
106 108 },
... ... @@ -108,7 +110,7 @@ static const struct ssl_status_msg status_msg[] =
108 110 {
109 111 .id = X509_V_ERR_CERT_NOT_YET_VALID,
110 112 .type = LIB3270_NOTIFY_WARNING,
111   - .iconName = "dialog-warning",
  113 + .icon = "dialog-warning",
112 114 .summary = N_( "Certificate is not yet valid" ),
113 115 .body = N_( "The certificate is not yet valid: the notBefore date is after the current time." )
114 116 },
... ... @@ -116,7 +118,7 @@ static const struct ssl_status_msg status_msg[] =
116 118 {
117 119 .id = X509_V_ERR_CERT_HAS_EXPIRED,
118 120 .type = LIB3270_NOTIFY_ERROR,
119   - .iconName = "dialog-error",
  121 + .icon = "dialog-error",
120 122 .summary = N_( "Certificate has expired" ),
121 123 .body = N_( "The certificate has expired: that is the notAfter date is before the current time." )
122 124 },
... ... @@ -124,7 +126,7 @@ static const struct ssl_status_msg status_msg[] =
124 126 {
125 127 .id = X509_V_ERR_CRL_NOT_YET_VALID,
126 128 .type = LIB3270_NOTIFY_WARNING,
127   - .iconName = "dialog-error",
  129 + .icon = "dialog-error",
128 130 .summary = N_( "The CRL is not yet valid." ),
129 131 .body = N_( "The Certificate revocation list (CRL) is not yet valid." )
130 132 },
... ... @@ -136,7 +138,7 @@ static const struct ssl_status_msg status_msg[] =
136 138 #else
137 139 .type = LIB3270_NOTIFY_WARNING,
138 140 #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
139   - .iconName = "security-medium",
  141 + .icon = "security-medium",
140 142 .summary = N_( "The CRL has expired." ),
141 143 .body = N_( "The Certificate revocation list (CRL) has expired.")
142 144 },
... ... @@ -144,7 +146,7 @@ static const struct ssl_status_msg status_msg[] =
144 146 {
145 147 .id = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD,
146 148 .type = LIB3270_NOTIFY_ERROR,
147   - .iconName = "dialog-error",
  149 + .icon = "dialog-error",
148 150 .summary = N_( "Format error in certificate's notBefore field" ),
149 151 .body = N_( "The certificate notBefore field contains an invalid time." )
150 152 },
... ... @@ -152,7 +154,7 @@ static const struct ssl_status_msg status_msg[] =
152 154 {
153 155 .id = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD,
154 156 .type = LIB3270_NOTIFY_ERROR,
155   - .iconName = "dialog-error",
  157 + .icon = "dialog-error",
156 158 .summary = N_( "Format error in certificate's notAfter field" ),
157 159 .body = N_( "The certificate notAfter field contains an invalid time." )
158 160 },
... ... @@ -160,7 +162,7 @@ static const struct ssl_status_msg status_msg[] =
160 162 {
161 163 .id = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
162 164 .type = LIB3270_NOTIFY_ERROR,
163   - .iconName = "dialog-error",
  165 + .icon = "dialog-error",
164 166 .summary = N_( "Format error in CRL's lastUpdate field" ),
165 167 .body = N_( "The CRL lastUpdate field contains an invalid time." )
166 168 },
... ... @@ -168,7 +170,7 @@ static const struct ssl_status_msg status_msg[] =
168 170 {
169 171 .id = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD,
170 172 .type = LIB3270_NOTIFY_ERROR,
171   - .iconName = "dialog-error",
  173 + .icon = "dialog-error",
172 174 .summary = N_( "Format error in CRL's nextUpdate field" ),
173 175 .body = N_( "The CRL nextUpdate field contains an invalid time." )
174 176 },
... ... @@ -176,7 +178,7 @@ static const struct ssl_status_msg status_msg[] =
176 178 {
177 179 .id = X509_V_ERR_OUT_OF_MEM,
178 180 .type = LIB3270_NOTIFY_ERROR,
179   - .iconName = "dialog-error",
  181 + .icon = "dialog-error",
180 182 .summary = N_( "Out of memory" ),
181 183 .body = N_( "An error occurred trying to allocate memory. This should never happen." )
182 184 },
... ... @@ -184,7 +186,7 @@ static const struct ssl_status_msg status_msg[] =
184 186 {
185 187 .id = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
186 188 .type = LIB3270_NOTIFY_WARNING,
187   - .iconName = "security-medium",
  189 + .icon = "security-medium",
188 190 .summary = N_( "Self signed certificate" ),
189 191 .body = N_( "The passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates." )
190 192 },
... ... @@ -196,7 +198,7 @@ static const struct ssl_status_msg status_msg[] =
196 198 #else
197 199 .type = LIB3270_NOTIFY_WARNING,
198 200 #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
199   - .iconName = "security-medium",
  201 + .icon = "security-medium",
200 202 .summary = N_( "Self signed certificate in certificate chain" ),
201 203 .body = N_( "The certificate chain could be built up using the untrusted certificates but the root could not be found locally." )
202 204 },
... ... @@ -204,7 +206,7 @@ static const struct ssl_status_msg status_msg[] =
204 206 {
205 207 .id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
206 208 .type = LIB3270_NOTIFY_WARNING,
207   - .iconName = "security-low",
  209 + .icon = "security-low",
208 210 .summary = N_( "Unable to get local issuer certificate" ),
209 211 .body = N_( "The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found." )
210 212 },
... ... @@ -212,7 +214,7 @@ static const struct ssl_status_msg status_msg[] =
212 214 {
213 215 .id = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
214 216 .type = LIB3270_NOTIFY_ERROR,
215   - .iconName = "security-low",
  217 + .icon = "security-low",
216 218 .summary = N_( "Unable to verify the first certificate" ),
217 219 .body = N_( "No signatures could be verified because the chain contains only one certificate and it is not self signed." )
218 220 },
... ... @@ -220,7 +222,7 @@ static const struct ssl_status_msg status_msg[] =
220 222 {
221 223 .id = X509_V_ERR_CERT_REVOKED,
222 224 .type = LIB3270_NOTIFY_ERROR,
223   - .iconName = "security-low",
  225 + .icon = "security-low",
224 226 .summary = N_( "Certificate revoked" ),
225 227 .body = N_( "The certificate has been revoked." )
226 228 },
... ... @@ -228,7 +230,7 @@ static const struct ssl_status_msg status_msg[] =
228 230 {
229 231 .id = X509_V_ERR_INVALID_CA,
230 232 .type = LIB3270_NOTIFY_ERROR,
231   - .iconName = "security-low",
  233 + .icon = "security-low",
232 234 .summary = N_( "Invalid CA certificate" ),
233 235 .body = N_( "A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose." )
234 236 },
... ... @@ -236,7 +238,7 @@ static const struct ssl_status_msg status_msg[] =
236 238 {
237 239 .id = X509_V_ERR_PATH_LENGTH_EXCEEDED,
238 240 .type = LIB3270_NOTIFY_ERROR,
239   - .iconName = "dialog-error",
  241 + .icon = "dialog-error",
240 242 .summary = N_( "Path length constraint exceeded" ),
241 243 .body = N_( "The basicConstraints pathlength parameter has been exceeded." ),
242 244 },
... ... @@ -244,7 +246,7 @@ static const struct ssl_status_msg status_msg[] =
244 246 {
245 247 .id = X509_V_ERR_INVALID_PURPOSE,
246 248 .type = LIB3270_NOTIFY_ERROR,
247   - .iconName = "dialog-error",
  249 + .icon = "dialog-error",
248 250 .summary = N_( "Unsupported certificate purpose" ),
249 251 .body = N_( "The supplied certificate cannot be used for the specified purpose." )
250 252 },
... ... @@ -252,7 +254,7 @@ static const struct ssl_status_msg status_msg[] =
252 254 {
253 255 .id = X509_V_ERR_CERT_UNTRUSTED,
254 256 .type = LIB3270_NOTIFY_WARNING,
255   - .iconName = "security-low",
  257 + .icon = "security-low",
256 258 .summary = N_( "Certificate not trusted" ),
257 259 .body = N_( "The root CA is not marked as trusted for the specified purpose." )
258 260 },
... ... @@ -260,7 +262,7 @@ static const struct ssl_status_msg status_msg[] =
260 262 {
261 263 .id = X509_V_ERR_CERT_REJECTED,
262 264 .type = LIB3270_NOTIFY_ERROR,
263   - .iconName = "security-low",
  265 + .icon = "security-low",
264 266 .summary = N_( "Certificate rejected" ),
265 267 .body = N_( "The root CA is marked to reject the specified purpose." )
266 268 },
... ... @@ -268,7 +270,7 @@ static const struct ssl_status_msg status_msg[] =
268 270 {
269 271 .id = X509_V_ERR_SUBJECT_ISSUER_MISMATCH,
270 272 .type = LIB3270_NOTIFY_ERROR,
271   - .iconName = "security-low",
  273 + .icon = "security-low",
272 274 .summary = N_( "Subject issuer mismatch" ),
273 275 .body = N_( "The current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set." )
274 276 },
... ... @@ -276,7 +278,7 @@ static const struct ssl_status_msg status_msg[] =
276 278 {
277 279 .id = X509_V_ERR_AKID_SKID_MISMATCH,
278 280 .type = LIB3270_NOTIFY_ERROR,
279   - .iconName = "dialog-error",
  281 + .icon = "dialog-error",
280 282 .summary = N_( "Authority and subject key identifier mismatch" ),
281 283 .body = N_( "The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the -issuer_checks option is set." )
282 284 },
... ... @@ -284,7 +286,7 @@ static const struct ssl_status_msg status_msg[] =
284 286 {
285 287 .id = X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
286 288 .type = LIB3270_NOTIFY_ERROR,
287   - .iconName = "dialog-error",
  289 + .icon = "dialog-error",
288 290 .summary = N_( "Authority and issuer serial number mismatch" ),
289 291 .body = N_( "The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only displayed when the -issuer_checks option is set." )
290 292 },
... ... @@ -292,30 +294,33 @@ static const struct ssl_status_msg status_msg[] =
292 294 {
293 295 .id = X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
294 296 .type = LIB3270_NOTIFY_ERROR,
295   - .iconName = "dialog-error",
  297 + .icon = "dialog-error",
296 298 .summary = N_( "Key usage does not include certificate signing" ),
297 299 .body = N_( "The current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing." )
298 300 }
299 301  
300 302 };
301 303  
302   - const struct ssl_status_msg * ssl_get_status_from_error_code(long id)
  304 + const LIB3270_NETWORK_POPUP * lib3270_openssl_get_popup_from_error_code(long id)
303 305 {
304 306 size_t f;
305 307  
306   - for(f=0;f < (sizeof(status_msg)/sizeof(status_msg[0]));f++)
  308 + for(f=0;f < (sizeof(popups)/sizeof(popups[0]));f++)
307 309 {
308   - if(status_msg[f].id == id)
309   - return status_msg+f;
  310 + if(popups[f].id == id)
  311 + return popups+f;
310 312 }
311 313 return NULL;
312 314 }
313 315  
314   - static const struct ssl_status_msg * get_ssl_status_msg(const H3270 *hSession)
  316 + /*
  317 + static const struct LIB3270_NETWORK_POPUP * get_ssl_status_msg(const H3270 *hSession)
315 318 {
316   - return ssl_get_status_from_error_code(lib3270_get_SSL_verify_result(hSession));
  319 + return openssl_get_status_from_error_code(lib3270_get_SSL_verify_result(hSession));
317 320 }
  321 + */
318 322  
  323 + /*
319 324 const char * lib3270_get_ssl_state_message(const H3270 *hSession)
320 325 {
321 326 if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE)
... ... @@ -392,5 +397,5 @@ static const struct ssl_status_msg status_msg[] =
392 397 {
393 398 return "dialog-error";
394 399 }
395   -
  400 +*/
396 401  
... ...
src/ssl/linux/init.c
View file @8af83f2
... ... @@ -1,198 +0,0 @@
1   -/*
2   - * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
3   - * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
4   - * aplicativos mainframe. Registro no INPI sob o nome G3270.
5   - *
6   - * Copyright (C) <2008> <Banco do Brasil S.A.>
7   - *
8   - * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
9   - * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
10   - * Free Software Foundation.
11   - *
12   - * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
13   - * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
14   - * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
15   - * obter mais detalhes.
16   - *
17   - * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
18   - * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
19   - * St, Fifth Floor, Boston, MA 02110-1301 USA
20   - *
21   - * Este programa está nomeado como - e possui - linhas de código.
22   - *
23   - * Contatos:
24   - *
25   - * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
26   - * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
27   - *
28   - *
29   - * References:
30   - *
31   - * http://www.openssl.org/docs/ssl/
32   - * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
33   - *
34   - */
35   -
36   -/**
37   - * @brief OpenSSL initialization for linux.
38   - */
39   -
40   -#include <config.h>
41   -
42   -#include <openssl/ssl.h>
43   -#include <openssl/err.h>
44   -#include <openssl/x509_vfy.h>
45   -
46   -#ifndef SSL_ST_OK
47   - #define SSL_ST_OK 3
48   -#endif // !SSL_ST_OK
49   -
50   -#include <internals.h>
51   -#include <networking.h>
52   -#include <lib3270/log.h>
53   -
54   -#ifdef SSL_ENABLE_CRL_CHECK
55   -#endif // SSL_ENABLE_CRL_CHECK
56   -
57   -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
58   - #define INFO_CONST const
59   -#else
60   - #define INFO_CONST
61   -#endif
62   -
63   -/*--[ Implement ]------------------------------------------------------------------------------------*/
64   -
65   -// @brief Index of h3270 handle in SSL session.
66   -static int ssl_ex_index = 0;
67   -
68   -/// @brief Callback for tracing protocol negotiation.
69   -static void info_callback(INFO_CONST SSL *s, int where, int ret)
70   -{
71   - H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index);
72   -
73   - switch(where)
74   - {
75   - case SSL_CB_CONNECT_LOOP:
76   - trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
77   - break;
78   -
79   - case SSL_CB_CONNECT_EXIT:
80   -
81   - trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
82   -
83   - if (ret == 0)
84   - {
85   - trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));
86   - }
87   - else if (ret < 0)
88   - {
89   - unsigned long e = ERR_get_error();
90   - char err_buf[1024];
91   -
92   - if(e != 0)
93   - {
94   - hSession->ssl.error = e;
95   - (void) ERR_error_string_n(e, err_buf, 1023);
96   - }
97   -#if defined(_WIN32)
98   - else if (GetLastError() != 0)
99   - {
100   - strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
101   - }
102   -#else
103   - else if (errno != 0)
104   - {
105   - strncpy(err_buf, strerror(errno),1023);
106   - }
107   -#endif
108   - else
109   - {
110   - err_buf[0] = '\0';
111   - }
112   -
113   - trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
114   - ret,
115   - err_buf,
116   - SSL_state_string_long(s),
117   - SSL_alert_type_string_long(ret)
118   - );
119   -
120   - }
121   - break;
122   -
123   - default:
124   - trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));
125   - }
126   -
127   -#ifdef DEBUG
128   - if(where & SSL_CB_EXIT)
129   - {
130   - trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
131   - }
132   -#endif
133   -
134   - if(where & SSL_CB_ALERT)
135   - trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));
136   -
137   - if(where & SSL_CB_HANDSHAKE_DONE)
138   - {
139   - trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
140   - if(SSL_get_state(s) == SSL_ST_OK)
141   - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
142   - else
143   - set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
144   - }
145   -}
146   -
147   -void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
148   -
149   - static SSL_CTX * context = NULL;
150   -
151   - if(context)
152   - return context;
153   -
154   - trace_ssl(hSession,"Initializing SSL context.\n");
155   -
156   - SSL_load_error_strings();
157   - SSL_library_init();
158   -
159   - context = SSL_CTX_new(SSLv23_method());
160   - if(context == NULL)
161   - {
162   - static const LIB3270_POPUP popup = {
163   - .type = LIB3270_NOTIFY_SECURE,
164   - .summary = N_( "Can't initialize the SSL context." )
165   - };
166   -
167   -// message->code = hSession->ssl.error = ERR_get_error();
168   - state->popup = &popup;
169   - return -1;
170   - }
171   -
172   - SSL_CTX_set_options(context, SSL_OP_ALL);
173   - SSL_CTX_set_info_callback(context, info_callback);
174   -
175   - SSL_CTX_set_default_verify_paths(context);
176   -
177   - ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
178   -
179   -#ifdef SSL_ENABLE_CRL_CHECK
180   -
181   - // Enable CRL check
182   - X509_STORE *store = SSL_CTX_get_cert_store(context);
183   - X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
184   - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
185   - X509_STORE_set1_param(store, param);
186   - X509_VERIFY_PARAM_free(param);
187   -
188   - trace_ssl(hSession,"CRL CHECK was enabled\n");
189   -
190   -#endif // SSL_ENABLE_CRL_CHECK
191   -
192   - return context;
193   -
194   -}
195   -
196   -int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
197   - return ssl_ex_index;
198   -}