Implementing OpenSSL network module

Perry Werneck
1 parent 8af83f25
Showing 14 changed files with 341 additions and 259 deletions Show diff stats
Makefile.in
lib3270.cbp
src/core/linux/connect.c
src/core/session.c
src/core/telnet.c
src/include/internals.h
src/include/lib3270/session.h
src/include/networking.h
src/network_modules/default/main.c
src/network_modules/openssl/context.c
src/network_modules/openssl/main.c
src/network_modules/openssl/private.h
src/network_modules/openssl/states.c
src/ssl/linux/init.c
@@ -32,7 +32,7 @@ LIBNAME=lib@LIB3270_NAME@
 PRODUCT_NAME=@PRODUCT_NAME@
 INSTALL_PACKAGES=@INSTALL_PACKAGES@
-NETWORK_MODULES=default
+NETWORK_MODULES=default openssl
 SOURCES= \
 	$(wildcard src/core/*.c) \
@@ -311,6 +311,9 @@
 			<Option compilerVar="CC" />
 		</Unit>
 		<Unit filename="src/network_modules/default/private.h" />
+		<Unit filename="src/network_modules/openssl/context.c">
+			<Option compilerVar="CC" />
+		</Unit>
 		<Unit filename="src/network_modules/openssl/main.c">
 			<Option compilerVar="CC" />
 		</Unit>
@@ -59,6 +59,9 @@
  int lib3270_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
+	// Reset state
+	set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
+
 	//
 	// Resolve hostname
 	//
@@ -194,6 +197,8 @@
 	memset(&state,0,sizeof(state));
  	// Initialize and connect to host
+	set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
+
 	if(lib3270_run_task(hSession, (int(*)(H3270 *, void *)) hSession->network.module->connect, &state))
 	{
 		lib3270_autoptr(LIB3270_POPUP) popup =
@@ -286,8 +286,6 @@ void lib3270_reset_callbacks(H3270 *hSession)
 	// Default calls
 	memset(&hSession->cbk,0,sizeof(hSession->cbk));
-	hSession->cbk.write					= lib3270_sock_send;
-//	hSession->cbk.disconnect			= lib3270_sock_disconnect;
 	hSession->cbk.update 				= update_char;
 	hSession->cbk.update_model			= update_model;
 	hSession->cbk.update_cursor			= update_cursor;
@@ -1548,7 +1548,7 @@ static void net_rawout(H3270 *hSession, unsigned const char *buf, size_t len)
 	while (len)
 	{
-		int nw = hSession->cbk.write(hSession,buf,len);
+		int nw = lib3270_sock_send(hSession,buf,len);
 		if (nw > 0)
 		{
@@ -735,7 +735,6 @@ LIB3270_INTERNAL void	toggle_rectselect(H3270 *session, const struct lib3270_tog
 LIB3270_INTERNAL void	remove_input_calls(H3270 *session);
 LIB3270_INTERNAL int	lib3270_sock_send(H3270 *hSession, unsigned const char *buf, int len);
-// LIB3270_INTERNAL void	lib3270_sock_disconnect(H3270 *hSession);
 LIB3270_INTERNAL int	lib3270_default_event_dispatcher(H3270 *hSession, int block);
@@ -48,9 +48,6 @@
 	struct lib3270_session_callbacks
 	{
-		int	 (*write)(H3270 *hSession, unsigned const char *buf, int len);
-//		void (*disconnect)(H3270 *hSession);
-
 		void (*configure)(H3270 *session, unsigned short rows, unsigned short cols);
 		void (*update)(H3270 *session, int baddr, unsigned char c, unsigned short attr, unsigned char cursor);
 		void (*changed)(H3270 *session, int offset, int len);
@@ -34,6 +34,9 @@
 	#include <lib3270/popup.h>
 	#include <sys/socket.h>
+	typedef struct _lib3270_network_popup LIB3270_NETWORK_POPUP;
+	typedef struct _lib3270_net_context LIB3270_NET_CONTEXT;
+
 	typedef struct lib3270_network_state {
 		int syserror;				///< @brief System error (errno)
@@ -43,12 +46,10 @@
 		const char * error_message;	/// @brief System error message.
-		const LIB3270_POPUP *popup;	/// @brief Detailed info for popup.
+		const LIB3270_NETWORK_POPUP *popup;	/// @brief Detailed info for popup.
 	} LIB3270_NETWORK_STATE;
-	typedef struct _lib3270_net_context LIB3270_NET_CONTEXT;
-
 	typedef struct lib3270_net_module {
 		/// @brief Protocol name for URL.
@@ -157,5 +158,7 @@
 	 */
 	LIB3270_INTERNAL void	  lib3270_set_default_network_module(H3270 *hSession);
+	LIB3270_INTERNAL int	  lib3270_activate_ssl_network_module(H3270 *hSession, int sock, LIB3270_NETWORK_STATE *state);
+
 #endif // LIB3270_NETWORKING_H_INCLUDED
@@ -50,9 +50,13 @@
 	debug("%s",__FUNCTION__);
-	if(hSession->network.context->sock >= 0) {
+	if(hSession->network.context->sock > 0) {
 		shutdown(hSession->network.context->sock, 2);
+#ifdef _WIN32
+		sockclose(hSession->network.context->sock);
+#else
 		close(hSession->network.context->sock);
+#endif // _WIN32
 		hSession->network.context->sock = -1;
 	}
@@ -244,10 +248,18 @@ static int unsecure_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *stat
 	return 0;
 }
-static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETWORK_STATE *msg) {
+static int unsecure_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *msg) {
 	if(hSession->ssl.host) {
+		// TLS/SSL is required, replace network module with the OpenSSL one.
+		int rc = lib3270_activate_ssl_network_module(hSession, hSession->network.context->sock, msg);
+
+		if(!rc)
+			rc = hSession->network.module->start_tls(hSession,msg);
+
+		return rc;
+/*
 		// TODO: Replace network module with the openssl version, initialize and execute start_tls on it.
 		static const LIB3270_POPUP popup = {
@@ -259,6 +271,7 @@ static int unsecure_network_start_tls(H3270 GNUC_UNUSED(*hSession), LIB3270_NETW
 		msg->popup = &popup;
 		return ENOTSUP;
+*/
 	}
@@ -0,0 +1,203 @@
+/*
+ * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270  e X3270
+ * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
+ * aplicativos mainframe. Registro no INPI sob o nome G3270.
+ *
+ * Copyright (C) <2008> <Banco do Brasil S.A.>
+ *
+ * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
+ * os termos da GPL v.2 - Licença Pública Geral  GNU,  conforme  publicado  pela
+ * Free Software Foundation.
+ *
+ * Este programa é distribuído na expectativa de  ser  útil,  mas  SEM  QUALQUER
+ * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou  de  ADEQUAÇÃO
+ * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
+ * obter mais detalhes.
+ *
+ * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
+ * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
+ * St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * Este programa está nomeado como - e possui - linhas de código.
+ *
+ * Contatos:
+ *
+ * perry.werneck@gmail.com	(Alexandre Perry de Souza Werneck)
+ * erico.mendonca@gmail.com	(Erico Mascarenhas Mendonça)
+ *
+ *
+ * References:
+ *
+ * http://www.openssl.org/docs/ssl/
+ * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
+ *
+ */
+
+/**
+ * @brief OpenSSL initialization for linux.
+ */
+
+#include "private.h"
+
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+
+#ifndef SSL_ST_OK
+	#define SSL_ST_OK 3
+#endif // !SSL_ST_OK
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+	#define INFO_CONST const
+#else
+	#define INFO_CONST
+#endif
+
+/*--[ Implement ]------------------------------------------------------------------------------------*/
+
+// @brief Index of h3270 handle in SSL session.
+static int ssl_ex_index = 0;
+
+/// @brief Callback for tracing protocol negotiation.
+static void info_callback(INFO_CONST SSL *s, int where, int ret)
+{
+	H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index);
+	LIB3270_NET_CONTEXT * context = hSession->network.context;
+
+	switch(where)
+	{
+	case SSL_CB_CONNECT_LOOP:
+		trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
+		break;
+
+	case SSL_CB_CONNECT_EXIT:
+
+		trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
+
+		if (ret == 0)
+		{
+			context->state.message = SSL_state_string_long(s);
+			trace_ssl(hSession,"SSL_connect: failed in %s\n",context->state.message);
+		}
+		else if (ret < 0)
+		{
+			unsigned long e = ERR_get_error();
+			context->state.message = NULL;
+
+			char err_buf[1024];
+
+			if(e != 0)
+			{
+				context->state.error = e;
+				(void) ERR_error_string_n(e, err_buf, 1023);
+			}
+#if defined(_WIN32)
+			else if (GetLastError() != 0)
+			{
+				strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
+			}
+#else
+			else if (errno != 0)
+			{
+				strncpy(err_buf, strerror(errno),1023);
+			}
+#endif
+			else
+			{
+				err_buf[0] = '\0';
+			}
+
+			trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
+							ret,
+							err_buf,
+							SSL_state_string_long(s),
+							SSL_alert_type_string_long(ret)
+						);
+
+		}
+		break;
+
+	default:
+		context->state.message = SSL_state_string_long(s);
+		trace_ssl(hSession,"SSL Current state is \"%s\"\n",context->state.message);
+	}
+
+#ifdef DEBUG
+	if(where & SSL_CB_EXIT)
+	{
+		trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
+	}
+#endif
+
+	if(where & SSL_CB_ALERT)
+	{
+		context->state.alert = SSL_alert_type_string_long(ret);
+		trace_ssl(hSession,"SSL ALERT: %s\n",context->state.alert);
+	}
+
+	if(where & SSL_CB_HANDSHAKE_DONE)
+	{
+		trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
+		if(SSL_get_state(s) == SSL_ST_OK)
+			set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
+		else
+			set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
+	}
+}
+
+SSL_CTX * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
+
+	static SSL_CTX * context = NULL;
+
+	if(context)
+		return context;
+
+	trace_ssl(hSession,"Initializing SSL context.\n");
+
+	SSL_load_error_strings();
+	SSL_library_init();
+
+	context = SSL_CTX_new(SSLv23_method());
+	if(context == NULL)
+	{
+		static const LIB3270_NETWORK_POPUP popup = {
+			.type = LIB3270_NOTIFY_SECURE,
+			.icon = "dialog-error",
+			.summary = N_( "Can't initialize the TLS/SSL context." ),
+		};
+
+		hSession->network.context->state.popup = state->popup = &popup;
+		hSession->network.context->state.error = ERR_get_error();
+		return NULL;
+	}
+
+	SSL_CTX_set_options(context, SSL_OP_ALL);
+	SSL_CTX_set_info_callback(context, info_callback);
+
+	SSL_CTX_set_default_verify_paths(context);
+
+	ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
+
+#ifdef SSL_ENABLE_CRL_CHECK
+
+	// Enable CRL check
+	X509_STORE *store = SSL_CTX_get_cert_store(context);
+	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+	X509_STORE_set1_param(store, param);
+	X509_VERIFY_PARAM_free(param);
+
+	trace_ssl(hSession,"OpenSSL state context initialized with CRL check.\n");
+
+#else
+
+	trace_ssl(hSession,"OpenSSL state context initialized without CRL check.\n");
+
+#endif // SSL_ENABLE_CRL_CHECK
+
+	return context;
+
+}
+
+int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
+	return ssl_ex_index;
+}
@@ -46,7 +46,6 @@ static void openssl_network_finalize(H3270 *hSession) {
 	debug("%s",__FUNCTION__);
-
 	if(hSession->network.context) {
 		// Cleanupp
@@ -63,6 +62,23 @@ static void openssl_network_finalize(H3270 *hSession) {
 static int openssl_network_disconnect(H3270 *hSession) {
+	LIB3270_NET_CONTEXT * context = hSession->network.context;
+
+	if(context->con) {
+		SSL_shutdown(context->con);
+		SSL_free(context->con);
+		context->con = NULL;
+	}
+
+	if(context->sock > 0) {
+		shutdown(context->sock, 2);
+#ifdef _WIN32
+		sockclose(context->sock);
+#else
+		close(context->sock);
+#endif // _WIN32
+		context->sock = -1;
+	}
 }
@@ -97,7 +113,7 @@ static int openssl_network_setsockopt(H3270 *hSession, int level, int optname, c
 static int openssl_network_getsockopt(H3270 *hSession, int level, int optname, void *optval, socklen_t *optlen) {
 }
-static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
+static int openssl_network_init(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
 	set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
@@ -106,13 +122,19 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
 		return -1;
 	//
-	// Prepare for connection
+	// Create SSL context.
 	//
-	LIB3270_NET_CONTEXT *context = hSession->network.context;
+	LIB3270_NET_CONTEXT * context = hSession->network.context;
+
+}
+
+static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
+
+	LIB3270_NET_CONTEXT * context = hSession->network.context;
 	if(context->crl.cert) {
-		// Release CRL if expired.
+		// Has CRL, release if expired.
 		// https://stackoverflow.com/questions/23407376/testing-x509-certificate-expiry-date-with-c
 		// X509_CRL_get_nextUpdate is deprecated in openssl 1.1.0
@@ -147,6 +169,8 @@ static int openssl_network_connect(H3270 *hSession, LIB3270_NETWORK_STATE *state
 	//
 	// Enable SSL & Connect to host.
 	//
+	set_ssl_state(hSession,LIB3270_SSL_UNDEFINED);
+
 	hSession->ssl.host = 1;
 	context->sock = lib3270_network_connect(hSession, state);
@@ -185,7 +209,7 @@ static int openssl_network_start_tls(H3270 *hSession, LIB3270_NETWORK_STATE *sta
 	{
 		trace_ssl(hSession,"%s","SSL_set_fd failed!\n");
-		static const LIB3270_POPUP popup = {
+		static const LIB3270_NETWORK_POPUP popup = {
 			.summary = N_( "SSL negotiation failed" ),
 			.body = N_( "Cant set the file descriptor for the input/output facility for the TLS/SSL (encrypted) side of ssl." )
 		};
@@ -254,7 +278,19 @@ void lib3270_set_openssl_network_module(H3270 *hSession) {
 	hSession->network.context = lib3270_malloc(sizeof(LIB3270_NET_CONTEXT));
 	memset(hSession->network.context,0,sizeof(LIB3270_NET_CONTEXT));
-
+	hSession->network.context->sock = -1;
 	hSession->network.module = &module;
 }
+
+int lib3270_activate_ssl_network_module(H3270 *hSession, int sock, LIB3270_NETWORK_STATE *state) {
+
+	lib3270_set_openssl_network_module(hSession);
+
+	int rc = openssl_network_init(hSession, state);
+
+	hSession->network.context->sock = sock;
+
+	return rc;
+
+}
@@ -43,11 +43,20 @@
 	#include <lib3270.h>
  	#include <lib3270/log.h>
+ 	#include <lib3270/popup.h>
  	#include <internals.h>
+	#include <networking.h>
+	#include <trace_dsc.h>
 	#include <openssl/ssl.h>
 	#include <openssl/x509.h>
+	struct _lib3270_network_popup {
+		LIB3270_POPUP_HEAD
+		long                      id;
+		const char              * icon;             ///< @brief Icon name from https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
+	};
+
 	struct _lib3270_net_context {
 		int sock;						///< @brief Session socket.
@@ -61,9 +70,18 @@
 			X509_CRL 		* cert;		///< @brief Loaded CRL (can be null).
 		} crl;
+		struct {
+			const LIB3270_NETWORK_POPUP	* popup;	///< @brief The active popup for the session.
+			unsigned long	  error;				///< @brief The last OpenSSL error code.
+			const char 		* message;				///< @brief The last OpenSSL state message.
+			const char		* alert;				///< @brief The last OpenSSL alert message.
+		} state;
+
 	};
-	LIB3270_INTERNAL void	* lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
-	LIB3270_INTERNAL int	  lib3270_openssl_get_ex_index(H3270 *hSession);
+	LIB3270_INTERNAL SSL_CTX * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state);
+	LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession);
+	LIB3270_INTERNAL const LIB3270_NETWORK_POPUP * lib3270_openssl_get_popup_from_error_code(long id);
+
 #endif // !LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED
@@ -35,15 +35,17 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include "private.h"
+
 /*--[ Implement ]------------------------------------------------------------------------------------*/
-static const struct ssl_status_msg status_msg[] =
+static const LIB3270_NETWORK_POPUP popups[] =
 {
 	// http://www.openssl.org/docs/apps/verify.html
 	{
 		.id = X509_V_OK,
 		.type = LIB3270_NOTIFY_SECURE,
-		.iconName = "security-high",
+		.icon = "security-high",
 		.summary = N_( "Secure connection was successful." ),
 		.body = N_( "The connection is secure and the host identity was confirmed." )
 	},
@@ -51,7 +53,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Unable to get issuer certificate" ),
 		.body = N_( "The issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete." )
 	},
@@ -60,7 +62,7 @@ static const struct ssl_status_msg status_msg[] =
 		.id = X509_V_ERR_UNABLE_TO_GET_CRL,
 		.name = "X509_V_ERR_UNABLE_TO_GET_CRL",
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Unable to get certificate CRL." ),
 		.body = N_( "The Certificate revocation list (CRL) of a certificate could not be found." )
 	},
@@ -68,7 +70,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Unable to decrypt certificate's signature" ),
 		.body = N_( "The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys." )
 	},
@@ -76,7 +78,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Unable to decrypt CRL's signature" ),
 		.body = N_( "The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused." )
 	},
@@ -84,7 +86,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Unable to decode issuer public key" ),
 		.body = N_( "The public key in the certificate SubjectPublicKeyInfo could not be read." )
 	},
@@ -92,7 +94,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CERT_SIGNATURE_FAILURE,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Certificate signature failure" ),
 		.body = N_( "The signature of the certificate is invalid." )
 	},
@@ -100,7 +102,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CRL_SIGNATURE_FAILURE,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "CRL signature failure" ),
 		.body = N_( "The signature of the certificate is invalid." )
 	},
@@ -108,7 +110,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CERT_NOT_YET_VALID,
 		.type = LIB3270_NOTIFY_WARNING,
-		.iconName = "dialog-warning",
+		.icon = "dialog-warning",
 		.summary = N_( "Certificate is not yet valid" ),
 		.body = N_( "The certificate is not yet valid: the notBefore date is after the current time." )
 	},
@@ -116,7 +118,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CERT_HAS_EXPIRED,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Certificate has expired" ),
 		.body = N_( "The certificate has expired: that is the notAfter date is before the current time." )
 	},
@@ -124,7 +126,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CRL_NOT_YET_VALID,
 		.type = LIB3270_NOTIFY_WARNING,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "The CRL is not yet valid." ),
 		.body = N_( "The Certificate revocation list (CRL) is not yet valid." )
 	},
@@ -136,7 +138,7 @@ static const struct ssl_status_msg status_msg[] =
 #else
 		.type = LIB3270_NOTIFY_WARNING,
 #endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
-		.iconName = "security-medium",
+		.icon = "security-medium",
 		.summary = N_( "The CRL has expired." ),
 		.body = N_( "The Certificate revocation list (CRL) has expired.")
 	},
@@ -144,7 +146,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Format error in certificate's notBefore field" ),
 		.body = N_( "The certificate notBefore field contains an invalid time." )
 	},
@@ -152,7 +154,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Format error in certificate's notAfter field" ),
 		.body = N_( "The certificate notAfter field contains an invalid time." )
 	},
@@ -160,7 +162,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Format error in CRL's lastUpdate field" ),
 		.body = N_( "The CRL lastUpdate field contains an invalid time." )
 	},
@@ -168,7 +170,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Format error in CRL's nextUpdate field" ),
 		.body = N_( "The CRL nextUpdate field contains an invalid time." )
 	},
@@ -176,7 +178,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_OUT_OF_MEM,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Out of memory" ),
 		.body = N_( "An error occurred trying to allocate memory. This should never happen." )
 	},
@@ -184,7 +186,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
 		.type = LIB3270_NOTIFY_WARNING,
-		.iconName = "security-medium",
+		.icon = "security-medium",
 		.summary = N_( "Self signed certificate" ),
 		.body = N_( "The passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates." )
 	},
@@ -196,7 +198,7 @@ static const struct ssl_status_msg status_msg[] =
 #else
 		.type = LIB3270_NOTIFY_WARNING,
 #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
-		.iconName = "security-medium",
+		.icon = "security-medium",
 		.summary = N_( "Self signed certificate in certificate chain" ),
 		.body = N_( "The certificate chain could be built up using the untrusted certificates but the root could not be found locally." )
 	},
@@ -204,7 +206,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
 		.type = LIB3270_NOTIFY_WARNING,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Unable to get local issuer certificate" ),
 		.body = N_( "The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found." )
 	},
@@ -212,7 +214,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Unable to verify the first certificate" ),
 		.body = N_( "No signatures could be verified because the chain contains only one certificate and it is not self signed." )
 	},
@@ -220,7 +222,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CERT_REVOKED,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Certificate revoked" ),
 		.body = N_( "The certificate has been revoked." )
 	},
@@ -228,7 +230,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_INVALID_CA,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Invalid CA certificate" ),
 		.body = N_( "A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose." )
 	},
@@ -236,7 +238,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_PATH_LENGTH_EXCEEDED,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Path length constraint exceeded" ),
 		.body = N_( "The basicConstraints pathlength parameter has been exceeded." ),
 	},
@@ -244,7 +246,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_INVALID_PURPOSE,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Unsupported certificate purpose" ),
 		.body = N_( "The supplied certificate cannot be used for the specified purpose." )
 	},
@@ -252,7 +254,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CERT_UNTRUSTED,
 		.type = LIB3270_NOTIFY_WARNING,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Certificate not trusted" ),
 		.body = N_( "The root CA is not marked as trusted for the specified purpose." )
 	},
@@ -260,7 +262,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_CERT_REJECTED,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Certificate rejected" ),
 		.body = N_( "The root CA is marked to reject the specified purpose." )
 	},
@@ -268,7 +270,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_SUBJECT_ISSUER_MISMATCH,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "security-low",
+		.icon = "security-low",
 		.summary = N_( "Subject issuer mismatch" ),
 		.body = N_( "The current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set." )
 	},
@@ -276,7 +278,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_AKID_SKID_MISMATCH,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Authority and subject key identifier mismatch" ),
 		.body = N_( "The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the -issuer_checks option is set." )
 	},
@@ -284,7 +286,7 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Authority and issuer serial number mismatch" ),
 		.body = N_( "The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only displayed when the -issuer_checks option is set." )
 	},
@@ -292,30 +294,33 @@ static const struct ssl_status_msg status_msg[] =
 	{
 		.id = X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
 		.type = LIB3270_NOTIFY_ERROR,
-		.iconName = "dialog-error",
+		.icon = "dialog-error",
 		.summary = N_( "Key usage does not include certificate signing" ),
 		.body = N_( "The current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing." )
 	}
  };
- const struct ssl_status_msg * ssl_get_status_from_error_code(long id)
+ const LIB3270_NETWORK_POPUP * lib3270_openssl_get_popup_from_error_code(long id)
  {
  	size_t f;
-	for(f=0;f < (sizeof(status_msg)/sizeof(status_msg[0]));f++)
+	for(f=0;f < (sizeof(popups)/sizeof(popups[0]));f++)
 	{
-		if(status_msg[f].id == id)
-			return status_msg+f;
+		if(popups[f].id == id)
+			return popups+f;
 	}
 	return NULL;
  }
- static const struct ssl_status_msg * get_ssl_status_msg(const H3270 *hSession)
+ /*
+ static const struct LIB3270_NETWORK_POPUP * get_ssl_status_msg(const H3270 *hSession)
  {
- 	return ssl_get_status_from_error_code(lib3270_get_SSL_verify_result(hSession));
+ 	return openssl_get_status_from_error_code(lib3270_get_SSL_verify_result(hSession));
  }
+ */
+ /*
  const char	* lib3270_get_ssl_state_message(const H3270 *hSession)
  {
 	if(lib3270_get_ssl_state(hSession) != LIB3270_SSL_UNSECURE)
@@ -392,5 +397,5 @@ static const struct ssl_status_msg status_msg[] =
  {
  	return "dialog-error";
  }
-
+*/
@@ -1,198 +0,0 @@
-/*
- * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270  e X3270
- * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
- * aplicativos mainframe. Registro no INPI sob o nome G3270.
- *
- * Copyright (C) <2008> <Banco do Brasil S.A.>
- *
- * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
- * os termos da GPL v.2 - Licença Pública Geral  GNU,  conforme  publicado  pela
- * Free Software Foundation.
- *
- * Este programa é distribuído na expectativa de  ser  útil,  mas  SEM  QUALQUER
- * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou  de  ADEQUAÇÃO
- * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
- * obter mais detalhes.
- *
- * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
- * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
- * St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- * Este programa está nomeado como - e possui - linhas de código.
- *
- * Contatos:
- *
- * perry.werneck@gmail.com	(Alexandre Perry de Souza Werneck)
- * erico.mendonca@gmail.com	(Erico Mascarenhas Mendonça)
- *
- *
- * References:
- *
- * http://www.openssl.org/docs/ssl/
- * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
- *
- */
-
-/**
- * @brief OpenSSL initialization for linux.
- */
-
-#include <config.h>
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/x509_vfy.h>
-
-#ifndef SSL_ST_OK
-	#define SSL_ST_OK 3
-#endif // !SSL_ST_OK
-
-#include <internals.h>
-#include <networking.h>
-#include <lib3270/log.h>
-
-#ifdef SSL_ENABLE_CRL_CHECK
-#endif // SSL_ENABLE_CRL_CHECK
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-	#define INFO_CONST const
-#else
-	#define INFO_CONST
-#endif
-
-/*--[ Implement ]------------------------------------------------------------------------------------*/
-
-// @brief Index of h3270 handle in SSL session.
-static int ssl_ex_index = 0;
-
-/// @brief Callback for tracing protocol negotiation.
-static void info_callback(INFO_CONST SSL *s, int where, int ret)
-{
-	H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index);
-
-	switch(where)
-	{
-	case SSL_CB_CONNECT_LOOP:
-		trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
-		break;
-
-	case SSL_CB_CONNECT_EXIT:
-
-		trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
-
-		if (ret == 0)
-		{
-			trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));
-		}
-		else if (ret < 0)
-		{
-			unsigned long e = ERR_get_error();
-			char err_buf[1024];
-
-			if(e != 0)
-			{
-				hSession->ssl.error = e;
-				(void) ERR_error_string_n(e, err_buf, 1023);
-			}
-#if defined(_WIN32)
-			else if (GetLastError() != 0)
-			{
-				strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
-			}
-#else
-			else if (errno != 0)
-			{
-				strncpy(err_buf, strerror(errno),1023);
-			}
-#endif
-			else
-			{
-				err_buf[0] = '\0';
-			}
-
-			trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
-							ret,
-							err_buf,
-							SSL_state_string_long(s),
-							SSL_alert_type_string_long(ret)
-						);
-
-		}
-		break;
-
-	default:
-		trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));
-	}
-
-#ifdef DEBUG
-	if(where & SSL_CB_EXIT)
-	{
-		trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
-	}
-#endif
-
-	if(where & SSL_CB_ALERT)
-		trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));
-
-	if(where & SSL_CB_HANDSHAKE_DONE)
-	{
-		trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
-		if(SSL_get_state(s) == SSL_ST_OK)
-			set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
-		else
-			set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
-	}
-}
-
-void * lib3270_openssl_get_context(H3270 *hSession, LIB3270_NETWORK_STATE *state) {
-
-	static SSL_CTX * context = NULL;
-
-	if(context)
-		return context;
-
-	trace_ssl(hSession,"Initializing SSL context.\n");
-
-	SSL_load_error_strings();
-	SSL_library_init();
-
-	context = SSL_CTX_new(SSLv23_method());
-	if(context == NULL)
-	{
-		static const LIB3270_POPUP popup = {
-			.type = LIB3270_NOTIFY_SECURE,
-			.summary = N_( "Can't initialize the SSL context." )
-		};
-
-//		message->code = hSession->ssl.error = ERR_get_error();
-		state->popup = &popup;
-		return -1;
-	}
-
-	SSL_CTX_set_options(context, SSL_OP_ALL);
-	SSL_CTX_set_info_callback(context, info_callback);
-
-	SSL_CTX_set_default_verify_paths(context);
-
-	ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
-
-#ifdef SSL_ENABLE_CRL_CHECK
-
-	// Enable CRL check
-	X509_STORE *store = SSL_CTX_get_cert_store(context);
-	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
-	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-	X509_STORE_set1_param(store, param);
-	X509_VERIFY_PARAM_free(param);
-
-	trace_ssl(hSession,"CRL CHECK was enabled\n");
-
-#endif // SSL_ENABLE_CRL_CHECK
-
-	return context;
-
-}
-
-int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
-	return ssl_ex_index;
-}
	@@ -32,7 +32,7 @@ LIBNAME=lib@LIB3270_NAME@		@@ -32,7 +32,7 @@ LIBNAME=lib@LIB3270_NAME@
32	PRODUCT_NAME=@PRODUCT_NAME@	32	PRODUCT_NAME=@PRODUCT_NAME@
33	INSTALL_PACKAGES=@INSTALL_PACKAGES@	33	INSTALL_PACKAGES=@INSTALL_PACKAGES@
34		34
35	-NETWORK_MODULES=default	35	+NETWORK_MODULES=default openssl
36		36
37	SOURCES= \	37	SOURCES= \
38	$(wildcard src/core/*.c) \	38	$(wildcard src/core/*.c) \
	@@ -1548,7 +1548,7 @@ static void net_rawout(H3270 hSession, unsigned const char buf, size_t len)		@@ -1548,7 +1548,7 @@ static void net_rawout(H3270 hSession, unsigned const char buf, size_t len)
1548		1548
1549	while (len)	1549	while (len)
1550	{	1550	{
1551	- int nw = hSession->cbk.write(hSession,buf,len);	1551	+ int nw = lib3270_sock_send(hSession,buf,len);
1552		1552
1553	if (nw > 0)	1553	if (nw > 0)
1554	{	1554	{
	@@ -735,7 +735,6 @@ LIB3270_INTERNAL void toggle_rectselect(H3270 *session, const struct lib3270_tog		@@ -735,7 +735,6 @@ LIB3270_INTERNAL void toggle_rectselect(H3270 *session, const struct lib3270_tog
735	LIB3270_INTERNAL void remove_input_calls(H3270 *session);	735	LIB3270_INTERNAL void remove_input_calls(H3270 *session);
736		736
737	LIB3270_INTERNAL int lib3270_sock_send(H3270 hSession, unsigned const char buf, int len);	737	LIB3270_INTERNAL int lib3270_sock_send(H3270 hSession, unsigned const char buf, int len);
738	-// LIB3270_INTERNAL void lib3270_sock_disconnect(H3270 *hSession);
739		738
740	LIB3270_INTERNAL int lib3270_default_event_dispatcher(H3270 *hSession, int block);	739	LIB3270_INTERNAL int lib3270_default_event_dispatcher(H3270 *hSession, int block);
741		740
@@ -0,0 +1,203 @@		@@ -0,0 +1,203 @@
	1	+/*
	2	+ * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
	3	+ * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
	4	+ * aplicativos mainframe. Registro no INPI sob o nome G3270.
	5	+ *
	6	+ * Copyright (C) <2008> <Banco do Brasil S.A.>
	7	+ *
	8	+ * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
	9	+ * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
	10	+ * Free Software Foundation.
	11	+ *
	12	+ * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
	13	+ * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
	14	+ * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
	15	+ * obter mais detalhes.
	16	+ *
	17	+ * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
	18	+ * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
	19	+ * St, Fifth Floor, Boston, MA 02110-1301 USA
	20	+ *
	21	+ * Este programa está nomeado como - e possui - linhas de código.
	22	+ *
	23	+ * Contatos:
	24	+ *
	25	+ * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
	26	+ * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
	27	+ *
	28	+ *
	29	+ * References:
	30	+ *
	31	+ * http://www.openssl.org/docs/ssl/
	32	+ * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
	33	+ *
	34	+ */
	35	+
	36	+/**
	37	+ * @brief OpenSSL initialization for linux.
	38	+ */
	39	+
	40	+#include "private.h"
	41	+
	42	+#include <openssl/err.h>
	43	+#include <openssl/x509_vfy.h>
	44	+
	45	+#ifndef SSL_ST_OK
	46	+ #define SSL_ST_OK 3
	47	+#endif // !SSL_ST_OK
	48	+
	49	+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
	50	+ #define INFO_CONST const
	51	+#else
	52	+ #define INFO_CONST
	53	+#endif
	54	+
	55	+/--[ Implement ]------------------------------------------------------------------------------------/
	56	+
	57	+// @brief Index of h3270 handle in SSL session.
	58	+static int ssl_ex_index = 0;
	59	+
	60	+/// @brief Callback for tracing protocol negotiation.
	61	+static void info_callback(INFO_CONST SSL *s, int where, int ret)
	62	+{
	63	+ H3270 hSession = (H3270 ) SSL_get_ex_data(s,ssl_ex_index);
	64	+ LIB3270_NET_CONTEXT * context = hSession->network.context;
	65	+
	66	+ switch(where)
	67	+ {
	68	+ case SSL_CB_CONNECT_LOOP:
	69	+ trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
	70	+ break;
	71	+
	72	+ case SSL_CB_CONNECT_EXIT:
	73	+
	74	+ trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
	75	+
	76	+ if (ret == 0)
	77	+ {
	78	+ context->state.message = SSL_state_string_long(s);
	79	+ trace_ssl(hSession,"SSL_connect: failed in %s\n",context->state.message);
	80	+ }
	81	+ else if (ret < 0)
	82	+ {
	83	+ unsigned long e = ERR_get_error();
	84	+ context->state.message = NULL;
	85	+
	86	+ char err_buf[1024];
	87	+
	88	+ if(e != 0)
	89	+ {
	90	+ context->state.error = e;
	91	+ (void) ERR_error_string_n(e, err_buf, 1023);
	92	+ }
	93	+#if defined(_WIN32)
	94	+ else if (GetLastError() != 0)
	95	+ {
	96	+ strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
	97	+ }
	98	+#else
	99	+ else if (errno != 0)
	100	+ {
	101	+ strncpy(err_buf, strerror(errno),1023);
	102	+ }
	103	+#endif
	104	+ else
	105	+ {
	106	+ err_buf[0] = '\0';
	107	+ }
	108	+
	109	+ trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
	110	+ ret,
	111	+ err_buf,
	112	+ SSL_state_string_long(s),
	113	+ SSL_alert_type_string_long(ret)
	114	+ );
	115	+
	116	+ }
	117	+ break;
	118	+
	119	+ default:
	120	+ context->state.message = SSL_state_string_long(s);
	121	+ trace_ssl(hSession,"SSL Current state is \"%s\"\n",context->state.message);
	122	+ }
	123	+
	124	+#ifdef DEBUG
	125	+ if(where & SSL_CB_EXIT)
	126	+ {
	127	+ trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
	128	+ }
	129	+#endif
	130	+
	131	+ if(where & SSL_CB_ALERT)
	132	+ {
	133	+ context->state.alert = SSL_alert_type_string_long(ret);
	134	+ trace_ssl(hSession,"SSL ALERT: %s\n",context->state.alert);
	135	+ }
	136	+
	137	+ if(where & SSL_CB_HANDSHAKE_DONE)
	138	+ {
	139	+ trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
	140	+ if(SSL_get_state(s) == SSL_ST_OK)
	141	+ set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
	142	+ else
	143	+ set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
	144	+ }
	145	+}
	146	+
	147	+SSL_CTX * lib3270_openssl_get_context(H3270 hSession, LIB3270_NETWORK_STATE state) {
	148	+
	149	+ static SSL_CTX * context = NULL;
	150	+
	151	+ if(context)
	152	+ return context;
	153	+
	154	+ trace_ssl(hSession,"Initializing SSL context.\n");
	155	+
	156	+ SSL_load_error_strings();
	157	+ SSL_library_init();
	158	+
	159	+ context = SSL_CTX_new(SSLv23_method());
	160	+ if(context == NULL)
	161	+ {
	162	+ static const LIB3270_NETWORK_POPUP popup = {
	163	+ .type = LIB3270_NOTIFY_SECURE,
	164	+ .icon = "dialog-error",
	165	+ .summary = N_( "Can't initialize the TLS/SSL context." ),
	166	+ };
	167	+
	168	+ hSession->network.context->state.popup = state->popup = &popup;
	169	+ hSession->network.context->state.error = ERR_get_error();
	170	+ return NULL;
	171	+ }
	172	+
	173	+ SSL_CTX_set_options(context, SSL_OP_ALL);
	174	+ SSL_CTX_set_info_callback(context, info_callback);
	175	+
	176	+ SSL_CTX_set_default_verify_paths(context);
	177	+
	178	+ ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
	179	+
	180	+#ifdef SSL_ENABLE_CRL_CHECK
	181	+
	182	+ // Enable CRL check
	183	+ X509_STORE *store = SSL_CTX_get_cert_store(context);
	184	+ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
	185	+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
	186	+ X509_STORE_set1_param(store, param);
	187	+ X509_VERIFY_PARAM_free(param);
	188	+
	189	+ trace_ssl(hSession,"OpenSSL state context initialized with CRL check.\n");
	190	+
	191	+#else
	192	+
	193	+ trace_ssl(hSession,"OpenSSL state context initialized without CRL check.\n");
	194	+
	195	+#endif // SSL_ENABLE_CRL_CHECK
	196	+
	197	+ return context;
	198	+
	199	+}
	200	+
	201	+int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
	202	+ return ssl_ex_index;
	203	+}
	@@ -43,11 +43,20 @@		@@ -43,11 +43,20 @@
43		43
44	#include <lib3270.h>	44	#include <lib3270.h>
45	#include <lib3270/log.h>	45	#include <lib3270/log.h>
		46	+ #include <lib3270/popup.h>
46	#include <internals.h>	47	#include <internals.h>
		48	+ #include <networking.h>
		49	+ #include <trace_dsc.h>
47		50
48	#include <openssl/ssl.h>	51	#include <openssl/ssl.h>
49	#include <openssl/x509.h>	52	#include <openssl/x509.h>
50		53
		54	+ struct _lib3270_network_popup {
		55	+ LIB3270_POPUP_HEAD
		56	+ long id;
		57	+ const char * icon; ///< @brief Icon name from https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
		58	+ };
		59	+
51	struct _lib3270_net_context {	60	struct _lib3270_net_context {
52		61
53	int sock; ///< @brief Session socket.	62	int sock; ///< @brief Session socket.
	@@ -61,9 +70,18 @@		@@ -61,9 +70,18 @@
61	X509_CRL * cert; ///< @brief Loaded CRL (can be null).	70	X509_CRL * cert; ///< @brief Loaded CRL (can be null).
62	} crl;	71	} crl;
63		72
		73	+ struct {
		74	+ const LIB3270_NETWORK_POPUP * popup; ///< @brief The active popup for the session.
		75	+ unsigned long error; ///< @brief The last OpenSSL error code.
		76	+ const char * message; ///< @brief The last OpenSSL state message.
		77	+ const char * alert; ///< @brief The last OpenSSL alert message.
		78	+ } state;
		79	+
64	};	80	};
65		81
66	- LIB3270_INTERNAL void * lib3270_openssl_get_context(H3270 hSession, LIB3270_NETWORK_STATE state);
67	- LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession);	82	+ LIB3270_INTERNAL SSL_CTX * lib3270_openssl_get_context(H3270 hSession, LIB3270_NETWORK_STATE state);
		83	+ LIB3270_INTERNAL int lib3270_openssl_get_ex_index(H3270 *hSession);
		84	+ LIB3270_INTERNAL const LIB3270_NETWORK_POPUP * lib3270_openssl_get_popup_from_error_code(long id);
		85	+
68		86
69	#endif // !LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED	87	#endif // !LIB3270_OPENSSL_MODULE_PRIVATE_H_INCLUDED
	@@ -1,198 +0,0 @@	@@ -1,198 +0,0 @@
1	-/*
2	- * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270 e X3270
3	- * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
4	- * aplicativos mainframe. Registro no INPI sob o nome G3270.
5	- *
6	- * Copyright (C) <2008> <Banco do Brasil S.A.>
7	- *
8	- * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
9	- * os termos da GPL v.2 - Licença Pública Geral GNU, conforme publicado pela
10	- * Free Software Foundation.
11	- *
12	- * Este programa é distribuído na expectativa de ser útil, mas SEM QUALQUER
13	- * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou de ADEQUAÇÃO
14	- * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
15	- * obter mais detalhes.
16	- *
17	- * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
18	- * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
19	- * St, Fifth Floor, Boston, MA 02110-1301 USA
20	- *
21	- * Este programa está nomeado como - e possui - linhas de código.
22	- *
23	- * Contatos:
24	- *
25	- * perry.werneck@gmail.com (Alexandre Perry de Souza Werneck)
26	- * erico.mendonca@gmail.com (Erico Mascarenhas Mendonça)
27	- *
28	- *
29	- * References:
30	- *
31	- * http://www.openssl.org/docs/ssl/
32	- * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
33	- *
34	- */
35	-
36	-/**
37	- * @brief OpenSSL initialization for linux.
38	- */
39	-
40	-#include <config.h>
41	-
42	-#include <openssl/ssl.h>
43	-#include <openssl/err.h>
44	-#include <openssl/x509_vfy.h>
45	-
46	-#ifndef SSL_ST_OK
47	- #define SSL_ST_OK 3
48	-#endif // !SSL_ST_OK
49	-
50	-#include <internals.h>
51	-#include <networking.h>
52	-#include <lib3270/log.h>
53	-
54	-#ifdef SSL_ENABLE_CRL_CHECK
55	-#endif // SSL_ENABLE_CRL_CHECK
56	-
57	-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
58	- #define INFO_CONST const
59	-#else
60	- #define INFO_CONST
61	-#endif
62	-
63	-/--[ Implement ]------------------------------------------------------------------------------------/
64	-
65	-// @brief Index of h3270 handle in SSL session.
66	-static int ssl_ex_index = 0;
67	-
68	-/// @brief Callback for tracing protocol negotiation.
69	-static void info_callback(INFO_CONST SSL *s, int where, int ret)
70	-{
71	- H3270 hSession = (H3270 ) SSL_get_ex_data(s,ssl_ex_index);
72	-
73	- switch(where)
74	- {
75	- case SSL_CB_CONNECT_LOOP:
76	- trace_ssl(hSession,"SSL_connect: %s %s\n",SSL_state_string(s), SSL_state_string_long(s));
77	- break;
78	-
79	- case SSL_CB_CONNECT_EXIT:
80	-
81	- trace_ssl(hSession,"%s: SSL_CB_CONNECT_EXIT\n",__FUNCTION__);
82	-
83	- if (ret == 0)
84	- {
85	- trace_ssl(hSession,"SSL_connect: failed in %s\n",SSL_state_string_long(s));
86	- }
87	- else if (ret < 0)
88	- {
89	- unsigned long e = ERR_get_error();
90	- char err_buf[1024];
91	-
92	- if(e != 0)
93	- {
94	- hSession->ssl.error = e;
95	- (void) ERR_error_string_n(e, err_buf, 1023);
96	- }
97	-#if defined(_WIN32)
98	- else if (GetLastError() != 0)
99	- {
100	- strncpy(err_buf,lib3270_win32_strerror(GetLastError()),1023);
101	- }
102	-#else
103	- else if (errno != 0)
104	- {
105	- strncpy(err_buf, strerror(errno),1023);
106	- }
107	-#endif
108	- else
109	- {
110	- err_buf[0] = '\0';
111	- }
112	-
113	- trace_ssl(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
114	- ret,
115	- err_buf,
116	- SSL_state_string_long(s),
117	- SSL_alert_type_string_long(ret)
118	- );
119	-
120	- }
121	- break;
122	-
123	- default:
124	- trace_ssl(hSession,"SSL Current state is \"%s\"\n",SSL_state_string_long(s));
125	- }
126	-
127	-#ifdef DEBUG
128	- if(where & SSL_CB_EXIT)
129	- {
130	- trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
131	- }
132	-#endif
133	-
134	- if(where & SSL_CB_ALERT)
135	- trace_ssl(hSession,"SSL ALERT: %s\n",SSL_alert_type_string_long(ret));
136	-
137	- if(where & SSL_CB_HANDSHAKE_DONE)
138	- {
139	- trace_ssl(hSession,"%s: SSL_CB_HANDSHAKE_DONE state=%04x\n",__FUNCTION__,SSL_get_state(s));
140	- if(SSL_get_state(s) == SSL_ST_OK)
141	- set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
142	- else
143	- set_ssl_state(hSession,LIB3270_SSL_UNSECURE);
144	- }
145	-}
146	-
147	-void * lib3270_openssl_get_context(H3270 hSession, LIB3270_NETWORK_STATE state) {
148	-
149	- static SSL_CTX * context = NULL;
150	-
151	- if(context)
152	- return context;
153	-
154	- trace_ssl(hSession,"Initializing SSL context.\n");
155	-
156	- SSL_load_error_strings();
157	- SSL_library_init();
158	-
159	- context = SSL_CTX_new(SSLv23_method());
160	- if(context == NULL)
161	- {
162	- static const LIB3270_POPUP popup = {
163	- .type = LIB3270_NOTIFY_SECURE,
164	- .summary = N_( "Can't initialize the SSL context." )
165	- };
166	-
167	-// message->code = hSession->ssl.error = ERR_get_error();
168	- state->popup = &popup;
169	- return -1;
170	- }
171	-
172	- SSL_CTX_set_options(context, SSL_OP_ALL);
173	- SSL_CTX_set_info_callback(context, info_callback);
174	-
175	- SSL_CTX_set_default_verify_paths(context);
176	-
177	- ssl_ex_index = SSL_get_ex_new_index(0,NULL,NULL,NULL,NULL);
178	-
179	-#ifdef SSL_ENABLE_CRL_CHECK
180	-
181	- // Enable CRL check
182	- X509_STORE *store = SSL_CTX_get_cert_store(context);
183	- X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
184	- X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
185	- X509_STORE_set1_param(store, param);
186	- X509_VERIFY_PARAM_free(param);
187	-
188	- trace_ssl(hSession,"CRL CHECK was enabled\n");
189	-
190	-#endif // SSL_ENABLE_CRL_CHECK
191	-
192	- return context;
193	-
194	-}
195	-
196	-int lib3270_openssl_get_ex_index(H3270 GNUC_UNUSED(*hSession)) {
197	- return ssl_ex_index;
198	-}