Commit f9c1b06e4e548b55fd2db89a67d2fb39d589bcfe
1 parent
ce669b8a
Exists in
master
and in
3 other branches
Melhorando tratamento de erros SSL
Showing
1 changed file
with
54 additions
and
73 deletions
Show diff stats
telnet.c
| @@ -136,7 +136,7 @@ static void check_in3270(H3270 *session); | @@ -136,7 +136,7 @@ static void check_in3270(H3270 *session); | ||
| 136 | static void store3270in(H3270 *hSession, unsigned char c); | 136 | static void store3270in(H3270 *hSession, unsigned char c); |
| 137 | static void check_linemode(H3270 *hSession, Boolean init); | 137 | static void check_linemode(H3270 *hSession, Boolean init); |
| 138 | static int non_blocking(H3270 *session, Boolean on); | 138 | static int non_blocking(H3270 *session, Boolean on); |
| 139 | -static void net_connected(H3270 *session); | 139 | +static int net_connected(H3270 *session); |
| 140 | #if defined(X3270_TN3270E) /*[*/ | 140 | #if defined(X3270_TN3270E) /*[*/ |
| 141 | static int tn3270e_negotiate(H3270 *hSession); | 141 | static int tn3270e_negotiate(H3270 *hSession); |
| 142 | #endif /*]*/ | 142 | #endif /*]*/ |
| @@ -595,7 +595,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | @@ -595,7 +595,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | ||
| 595 | 595 | ||
| 596 | /* init ssl */ | 596 | /* init ssl */ |
| 597 | #if defined(HAVE_LIBSSL) | 597 | #if defined(HAVE_LIBSSL) |
| 598 | - session->last_ssl_error = !0; | ||
| 599 | if (session->ssl_host) | 598 | if (session->ssl_host) |
| 600 | ssl_init(session); | 599 | ssl_init(session); |
| 601 | #endif | 600 | #endif |
| @@ -607,7 +606,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | @@ -607,7 +606,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | ||
| 607 | if(!rc) | 606 | if(!rc) |
| 608 | { | 607 | { |
| 609 | trace_dsn(session,"Connected.\n"); | 608 | trace_dsn(session,"Connected.\n"); |
| 610 | - net_connected(session); | 609 | + if(net_connected(session)) |
| 610 | + return -1; | ||
| 611 | } | 611 | } |
| 612 | else | 612 | else |
| 613 | { | 613 | { |
| @@ -729,10 +729,12 @@ static void setup_lus(H3270 *hSession) | @@ -729,10 +729,12 @@ static void setup_lus(H3270 *hSession) | ||
| 729 | } | 729 | } |
| 730 | 730 | ||
| 731 | #if defined(HAVE_LIBSSL) | 731 | #if defined(HAVE_LIBSSL) |
| 732 | -static void ssl_negotiate(H3270 *hSession) | 732 | +static int ssl_negotiate(H3270 *hSession) |
| 733 | { | 733 | { |
| 734 | int rv; | 734 | int rv; |
| 735 | 735 | ||
| 736 | + trace("%s",__FUNCTION__); | ||
| 737 | + | ||
| 736 | set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | 738 | set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); |
| 737 | non_blocking(hSession,False); | 739 | non_blocking(hSession,False); |
| 738 | 740 | ||
| @@ -743,7 +745,7 @@ static void ssl_negotiate(H3270 *hSession) | @@ -743,7 +745,7 @@ static void ssl_negotiate(H3270 *hSession) | ||
| 743 | /* Failed. */ | 745 | /* Failed. */ |
| 744 | popup_an_error(hSession,_( "SSL init failed!")); | 746 | popup_an_error(hSession,_( "SSL init failed!")); |
| 745 | net_disconnect(hSession); | 747 | net_disconnect(hSession); |
| 746 | - return; | 748 | + return -1; |
| 747 | } | 749 | } |
| 748 | 750 | ||
| 749 | /* Set up the TLS/SSL connection. */ | 751 | /* Set up the TLS/SSL connection. */ |
| @@ -752,7 +754,7 @@ static void ssl_negotiate(H3270 *hSession) | @@ -752,7 +754,7 @@ static void ssl_negotiate(H3270 *hSession) | ||
| 752 | trace_dsn(hSession,"SSL_set_fd failed!\n"); | 754 | trace_dsn(hSession,"SSL_set_fd failed!\n"); |
| 753 | popup_an_error(hSession,_( "SSL_set_fd failed!")); | 755 | popup_an_error(hSession,_( "SSL_set_fd failed!")); |
| 754 | net_disconnect(hSession); | 756 | net_disconnect(hSession); |
| 755 | - return; | 757 | + return -1; |
| 756 | } | 758 | } |
| 757 | 759 | ||
| 758 | trace("%s: Running SSL_connect",__FUNCTION__); | 760 | trace("%s: Running SSL_connect",__FUNCTION__); |
| @@ -761,13 +763,34 @@ static void ssl_negotiate(H3270 *hSession) | @@ -761,13 +763,34 @@ static void ssl_negotiate(H3270 *hSession) | ||
| 761 | 763 | ||
| 762 | if (rv != 1) | 764 | if (rv != 1) |
| 763 | { | 765 | { |
| 764 | - trace_dsn(hSession,"continue_tls: SSL_connect failed\n"); | ||
| 765 | - popup_an_error(hSession,_( "SSL connect failed!")); | 766 | + int ssl_error = SSL_get_error(hSession->ssl_con,rv); |
| 767 | + | ||
| 768 | + if(ssl_error == SSL_ERROR_SYSCALL) | ||
| 769 | + { | ||
| 770 | + if(!hSession->ssl_error) | ||
| 771 | + { | ||
| 772 | + trace_dsn(hSession,"SSL_connect failed (ssl_error=%lu)\n",hSession->ssl_error); | ||
| 773 | + popup_an_error(hSession,_( "SSL connect failed!")); | ||
| 774 | + } | ||
| 775 | + else | ||
| 776 | + { | ||
| 777 | + trace_dsn(hSession,"SSL_connect failed: %s %s\n", | ||
| 778 | + ERR_lib_error_string(hSession->ssl_error), | ||
| 779 | + ERR_reason_error_string(hSession->ssl_error)); | ||
| 780 | + popup_an_error(hSession,_( ERR_reason_error_string(hSession->ssl_error) )); | ||
| 781 | + } | ||
| 782 | + | ||
| 783 | + } | ||
| 784 | + else | ||
| 785 | + { | ||
| 786 | + trace_dsn(hSession,"SSL_connect failed (ssl_error=%d errno=%d)\n",ssl_error,errno); | ||
| 787 | + popup_an_error(hSession,_( "SSL connect failed!")); | ||
| 788 | + } | ||
| 789 | + | ||
| 766 | net_disconnect(hSession); | 790 | net_disconnect(hSession); |
| 767 | - return; | 791 | + return -1; |
| 768 | } | 792 | } |
| 769 | 793 | ||
| 770 | -// hSession->secure_connection = True; | ||
| 771 | non_blocking(hSession,True); | 794 | non_blocking(hSession,True); |
| 772 | 795 | ||
| 773 | /* Success. */ | 796 | /* Success. */ |
| @@ -816,10 +839,11 @@ static void ssl_negotiate(H3270 *hSession) | @@ -816,10 +839,11 @@ static void ssl_negotiate(H3270 *hSession) | ||
| 816 | 839 | ||
| 817 | /* Tell the world that we are (still) connected, now in secure mode. */ | 840 | /* Tell the world that we are (still) connected, now in secure mode. */ |
| 818 | lib3270_set_connected(hSession); | 841 | lib3270_set_connected(hSession); |
| 842 | + return 0; | ||
| 819 | } | 843 | } |
| 820 | #endif // HAVE_LIBSSL | 844 | #endif // HAVE_LIBSSL |
| 821 | 845 | ||
| 822 | -static void net_connected(H3270 *hSession) | 846 | +static int net_connected(H3270 *hSession) |
| 823 | { | 847 | { |
| 824 | if(hSession->proxy_type > 0) | 848 | if(hSession->proxy_type > 0) |
| 825 | { | 849 | { |
| @@ -829,62 +853,24 @@ static void net_connected(H3270 *hSession) | @@ -829,62 +853,24 @@ static void net_connected(H3270 *hSession) | ||
| 829 | if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0) | 853 | if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0) |
| 830 | { | 854 | { |
| 831 | host_disconnect(hSession,True); | 855 | host_disconnect(hSession,True); |
| 832 | - return; | 856 | + return -1; |
| 833 | } | 857 | } |
| 834 | } | 858 | } |
| 835 | 859 | ||
| 836 | trace_dsn(hSession,"Connected to %s, port %u%s.\n", hSession->hostname, hSession->current_port,hSession->ssl_host? " via SSL": ""); | 860 | trace_dsn(hSession,"Connected to %s, port %u%s.\n", hSession->hostname, hSession->current_port,hSession->ssl_host? " via SSL": ""); |
| 837 | 861 | ||
| 838 | -#if defined(HAVE_LIBSSL) /*[*/ | 862 | +#if defined(HAVE_LIBSSL) |
| 839 | /* Set up SSL. */ | 863 | /* Set up SSL. */ |
| 840 | if(hSession->ssl_con && hSession->secure == LIB3270_SSL_UNDEFINED) | 864 | if(hSession->ssl_con && hSession->secure == LIB3270_SSL_UNDEFINED) |
| 841 | { | 865 | { |
| 842 | - ssl_negotiate(hSession); | ||
| 843 | -/* | ||
| 844 | - int rc; | ||
| 845 | - | ||
| 846 | - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | ||
| 847 | - | ||
| 848 | - if (SSL_set_fd(hSession->ssl_con, hSession->sock) != 1) | ||
| 849 | - { | ||
| 850 | - trace_dsn(hSession,"Can't set fd!\n"); | ||
| 851 | - popup_system_error(hSession,_( "Connection failed" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(hSession->ssl_con)); | ||
| 852 | - set_ssl_state(hSession,LIB3270_SSL_UNSECURE); | ||
| 853 | - } | ||
| 854 | - else | ||
| 855 | - { | ||
| 856 | - rc = SSL_connect(hSession->ssl_con); | ||
| 857 | - | ||
| 858 | - if(rc != 1) | ||
| 859 | - { | ||
| 860 | - unsigned long e = ERR_get_error(); | ||
| 861 | - const char * state = SSL_state_string_long(hSession->ssl_con); | ||
| 862 | - | ||
| 863 | - trace_dsn(hSession,"TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state); | ||
| 864 | - | ||
| 865 | - host_disconnect(hSession,True); | ||
| 866 | - | ||
| 867 | - if(e != hSession->last_ssl_error) | ||
| 868 | - { | ||
| 869 | - hSession->message(hSession,LIB3270_NOTIFY_ERROR,_( "Connection failed" ),_( "SSL negotiation failed" ),state); | ||
| 870 | - hSession->last_ssl_error = e; | ||
| 871 | - } | ||
| 872 | - return; | ||
| 873 | - | ||
| 874 | - } | ||
| 875 | - } | ||
| 876 | - | ||
| 877 | -// hSession->secure_connection = True; | ||
| 878 | - trace_dsn(hSession,"TLS/SSL tunneled connection complete. Connection is now secure.\n"); | ||
| 879 | - | ||
| 880 | - // Tell everyone else again. | ||
| 881 | - lib3270_set_connected(hSession); | ||
| 882 | -*/ | 866 | + if(ssl_negotiate(hSession)) |
| 867 | + return -1; | ||
| 883 | } | 868 | } |
| 884 | -#endif /*]*/ | 869 | +#endif |
| 885 | 870 | ||
| 886 | lib3270_setup_session(hSession); | 871 | lib3270_setup_session(hSession); |
| 887 | 872 | ||
| 873 | + return 0; | ||
| 888 | } | 874 | } |
| 889 | 875 | ||
| 890 | /** | 876 | /** |
| @@ -1120,7 +1106,8 @@ void net_input(H3270 *hSession) | @@ -1120,7 +1106,8 @@ void net_input(H3270 *hSession) | ||
| 1120 | 1106 | ||
| 1121 | host_disconnect(hSession,True); | 1107 | host_disconnect(hSession,True); |
| 1122 | return; | 1108 | return; |
| 1123 | - } else if (nr == 0) | 1109 | + } |
| 1110 | + else if (nr == 0) | ||
| 1124 | { | 1111 | { |
| 1125 | /* Host disconnected. */ | 1112 | /* Host disconnected. */ |
| 1126 | trace_dsn(hSession,"RCVD disconnect\n"); | 1113 | trace_dsn(hSession,"RCVD disconnect\n"); |
| @@ -1137,7 +1124,8 @@ void net_input(H3270 *hSession) | @@ -1137,7 +1124,8 @@ void net_input(H3270 *hSession) | ||
| 1137 | return; | 1124 | return; |
| 1138 | } | 1125 | } |
| 1139 | lib3270_set_connected(hSession); | 1126 | lib3270_set_connected(hSession); |
| 1140 | - net_connected(hSession); | 1127 | + if(net_connected(hSession)) |
| 1128 | + return; | ||
| 1141 | } | 1129 | } |
| 1142 | 1130 | ||
| 1143 | lib3270_data_recv(hSession, nr, buffer); | 1131 | lib3270_data_recv(hSession, nr, buffer); |
| @@ -3094,6 +3082,7 @@ static void ssl_init(H3270 *session) | @@ -3094,6 +3082,7 @@ static void ssl_init(H3270 *session) | ||
| 3094 | { | 3082 | { |
| 3095 | static SSL_CTX *ssl_ctx = NULL; | 3083 | static SSL_CTX *ssl_ctx = NULL; |
| 3096 | 3084 | ||
| 3085 | + session->ssl_error = 0; | ||
| 3097 | set_ssl_state(session,LIB3270_SSL_UNDEFINED); | 3086 | set_ssl_state(session,LIB3270_SSL_UNDEFINED); |
| 3098 | 3087 | ||
| 3099 | if(ssl_ctx == NULL) | 3088 | if(ssl_ctx == NULL) |
| @@ -3129,6 +3118,7 @@ static void ssl_init(H3270 *session) | @@ -3129,6 +3118,7 @@ static void ssl_init(H3270 *session) | ||
| 3129 | 3118 | ||
| 3130 | SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session); | 3119 | SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session); |
| 3131 | 3120 | ||
| 3121 | +// SSL_set_verify(session->ssl_con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); | ||
| 3132 | SSL_set_verify(session->ssl_con, 0, NULL); | 3122 | SSL_set_verify(session->ssl_con, 0, NULL); |
| 3133 | 3123 | ||
| 3134 | } | 3124 | } |
| @@ -3164,14 +3154,9 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | @@ -3164,14 +3154,9 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | ||
| 3164 | unsigned long e = ERR_get_error(); | 3154 | unsigned long e = ERR_get_error(); |
| 3165 | char err_buf[1024]; | 3155 | char err_buf[1024]; |
| 3166 | 3156 | ||
| 3167 | - while(ERR_peek_error() == e) // Remove other messages with the same error | ||
| 3168 | - e = ERR_get_error(); | ||
| 3169 | - | ||
| 3170 | if(e != 0) | 3157 | if(e != 0) |
| 3171 | { | 3158 | { |
| 3172 | - if(e == hSession->last_ssl_error) | ||
| 3173 | - return; | ||
| 3174 | - hSession->last_ssl_error = e; | 3159 | + hSession->ssl_error = e; |
| 3175 | (void) ERR_error_string_n(e, err_buf, 1023); | 3160 | (void) ERR_error_string_n(e, err_buf, 1023); |
| 3176 | } | 3161 | } |
| 3177 | #if defined(_WIN32) | 3162 | #if defined(_WIN32) |
| @@ -3190,16 +3175,12 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | @@ -3190,16 +3175,12 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | ||
| 3190 | err_buf[0] = '\0'; | 3175 | err_buf[0] = '\0'; |
| 3191 | } | 3176 | } |
| 3192 | 3177 | ||
| 3193 | - trace_dsn(hSession,"SSL Connect error in %s\nState: %s\nAlert: %s\n",err_buf,SSL_state_string_long(s),SSL_alert_type_string_long(ret)); | ||
| 3194 | - | ||
| 3195 | - lib3270_popup_dialog( hSession, // H3270 *session, | ||
| 3196 | - PW3270_DIALOG_CRITICAL, // PW3270_DIALOG type, | ||
| 3197 | - _( "SSL Connect error" ), // Title | ||
| 3198 | - err_buf, // Message | ||
| 3199 | - _( "<b>Connection state:</b> %s\n<b>Alert message:</b> %s" ), | ||
| 3200 | - SSL_state_string_long(s), | ||
| 3201 | - SSL_alert_type_string_long(ret)); | ||
| 3202 | - | 3178 | + trace_dsn(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n", |
| 3179 | + ret, | ||
| 3180 | + err_buf, | ||
| 3181 | + SSL_state_string_long(s), | ||
| 3182 | + SSL_alert_type_string_long(ret) | ||
| 3183 | + ); | ||
| 3203 | 3184 | ||
| 3204 | } | 3185 | } |
| 3205 | 3186 |