Commit f9c1b06e4e548b55fd2db89a67d2fb39d589bcfe
1 parent
ce669b8a
Exists in
master
and in
3 other branches
Melhorando tratamento de erros SSL
Showing
1 changed file
with
54 additions
and
73 deletions
Show diff stats
telnet.c
@@ -136,7 +136,7 @@ static void check_in3270(H3270 *session); | @@ -136,7 +136,7 @@ static void check_in3270(H3270 *session); | ||
136 | static void store3270in(H3270 *hSession, unsigned char c); | 136 | static void store3270in(H3270 *hSession, unsigned char c); |
137 | static void check_linemode(H3270 *hSession, Boolean init); | 137 | static void check_linemode(H3270 *hSession, Boolean init); |
138 | static int non_blocking(H3270 *session, Boolean on); | 138 | static int non_blocking(H3270 *session, Boolean on); |
139 | -static void net_connected(H3270 *session); | 139 | +static int net_connected(H3270 *session); |
140 | #if defined(X3270_TN3270E) /*[*/ | 140 | #if defined(X3270_TN3270E) /*[*/ |
141 | static int tn3270e_negotiate(H3270 *hSession); | 141 | static int tn3270e_negotiate(H3270 *hSession); |
142 | #endif /*]*/ | 142 | #endif /*]*/ |
@@ -595,7 +595,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | @@ -595,7 +595,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | ||
595 | 595 | ||
596 | /* init ssl */ | 596 | /* init ssl */ |
597 | #if defined(HAVE_LIBSSL) | 597 | #if defined(HAVE_LIBSSL) |
598 | - session->last_ssl_error = !0; | ||
599 | if (session->ssl_host) | 598 | if (session->ssl_host) |
600 | ssl_init(session); | 599 | ssl_init(session); |
601 | #endif | 600 | #endif |
@@ -607,7 +606,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | @@ -607,7 +606,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo | ||
607 | if(!rc) | 606 | if(!rc) |
608 | { | 607 | { |
609 | trace_dsn(session,"Connected.\n"); | 608 | trace_dsn(session,"Connected.\n"); |
610 | - net_connected(session); | 609 | + if(net_connected(session)) |
610 | + return -1; | ||
611 | } | 611 | } |
612 | else | 612 | else |
613 | { | 613 | { |
@@ -729,10 +729,12 @@ static void setup_lus(H3270 *hSession) | @@ -729,10 +729,12 @@ static void setup_lus(H3270 *hSession) | ||
729 | } | 729 | } |
730 | 730 | ||
731 | #if defined(HAVE_LIBSSL) | 731 | #if defined(HAVE_LIBSSL) |
732 | -static void ssl_negotiate(H3270 *hSession) | 732 | +static int ssl_negotiate(H3270 *hSession) |
733 | { | 733 | { |
734 | int rv; | 734 | int rv; |
735 | 735 | ||
736 | + trace("%s",__FUNCTION__); | ||
737 | + | ||
736 | set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | 738 | set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); |
737 | non_blocking(hSession,False); | 739 | non_blocking(hSession,False); |
738 | 740 | ||
@@ -743,7 +745,7 @@ static void ssl_negotiate(H3270 *hSession) | @@ -743,7 +745,7 @@ static void ssl_negotiate(H3270 *hSession) | ||
743 | /* Failed. */ | 745 | /* Failed. */ |
744 | popup_an_error(hSession,_( "SSL init failed!")); | 746 | popup_an_error(hSession,_( "SSL init failed!")); |
745 | net_disconnect(hSession); | 747 | net_disconnect(hSession); |
746 | - return; | 748 | + return -1; |
747 | } | 749 | } |
748 | 750 | ||
749 | /* Set up the TLS/SSL connection. */ | 751 | /* Set up the TLS/SSL connection. */ |
@@ -752,7 +754,7 @@ static void ssl_negotiate(H3270 *hSession) | @@ -752,7 +754,7 @@ static void ssl_negotiate(H3270 *hSession) | ||
752 | trace_dsn(hSession,"SSL_set_fd failed!\n"); | 754 | trace_dsn(hSession,"SSL_set_fd failed!\n"); |
753 | popup_an_error(hSession,_( "SSL_set_fd failed!")); | 755 | popup_an_error(hSession,_( "SSL_set_fd failed!")); |
754 | net_disconnect(hSession); | 756 | net_disconnect(hSession); |
755 | - return; | 757 | + return -1; |
756 | } | 758 | } |
757 | 759 | ||
758 | trace("%s: Running SSL_connect",__FUNCTION__); | 760 | trace("%s: Running SSL_connect",__FUNCTION__); |
@@ -761,13 +763,34 @@ static void ssl_negotiate(H3270 *hSession) | @@ -761,13 +763,34 @@ static void ssl_negotiate(H3270 *hSession) | ||
761 | 763 | ||
762 | if (rv != 1) | 764 | if (rv != 1) |
763 | { | 765 | { |
764 | - trace_dsn(hSession,"continue_tls: SSL_connect failed\n"); | ||
765 | - popup_an_error(hSession,_( "SSL connect failed!")); | 766 | + int ssl_error = SSL_get_error(hSession->ssl_con,rv); |
767 | + | ||
768 | + if(ssl_error == SSL_ERROR_SYSCALL) | ||
769 | + { | ||
770 | + if(!hSession->ssl_error) | ||
771 | + { | ||
772 | + trace_dsn(hSession,"SSL_connect failed (ssl_error=%lu)\n",hSession->ssl_error); | ||
773 | + popup_an_error(hSession,_( "SSL connect failed!")); | ||
774 | + } | ||
775 | + else | ||
776 | + { | ||
777 | + trace_dsn(hSession,"SSL_connect failed: %s %s\n", | ||
778 | + ERR_lib_error_string(hSession->ssl_error), | ||
779 | + ERR_reason_error_string(hSession->ssl_error)); | ||
780 | + popup_an_error(hSession,_( ERR_reason_error_string(hSession->ssl_error) )); | ||
781 | + } | ||
782 | + | ||
783 | + } | ||
784 | + else | ||
785 | + { | ||
786 | + trace_dsn(hSession,"SSL_connect failed (ssl_error=%d errno=%d)\n",ssl_error,errno); | ||
787 | + popup_an_error(hSession,_( "SSL connect failed!")); | ||
788 | + } | ||
789 | + | ||
766 | net_disconnect(hSession); | 790 | net_disconnect(hSession); |
767 | - return; | 791 | + return -1; |
768 | } | 792 | } |
769 | 793 | ||
770 | -// hSession->secure_connection = True; | ||
771 | non_blocking(hSession,True); | 794 | non_blocking(hSession,True); |
772 | 795 | ||
773 | /* Success. */ | 796 | /* Success. */ |
@@ -816,10 +839,11 @@ static void ssl_negotiate(H3270 *hSession) | @@ -816,10 +839,11 @@ static void ssl_negotiate(H3270 *hSession) | ||
816 | 839 | ||
817 | /* Tell the world that we are (still) connected, now in secure mode. */ | 840 | /* Tell the world that we are (still) connected, now in secure mode. */ |
818 | lib3270_set_connected(hSession); | 841 | lib3270_set_connected(hSession); |
842 | + return 0; | ||
819 | } | 843 | } |
820 | #endif // HAVE_LIBSSL | 844 | #endif // HAVE_LIBSSL |
821 | 845 | ||
822 | -static void net_connected(H3270 *hSession) | 846 | +static int net_connected(H3270 *hSession) |
823 | { | 847 | { |
824 | if(hSession->proxy_type > 0) | 848 | if(hSession->proxy_type > 0) |
825 | { | 849 | { |
@@ -829,62 +853,24 @@ static void net_connected(H3270 *hSession) | @@ -829,62 +853,24 @@ static void net_connected(H3270 *hSession) | ||
829 | if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0) | 853 | if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0) |
830 | { | 854 | { |
831 | host_disconnect(hSession,True); | 855 | host_disconnect(hSession,True); |
832 | - return; | 856 | + return -1; |
833 | } | 857 | } |
834 | } | 858 | } |
835 | 859 | ||
836 | trace_dsn(hSession,"Connected to %s, port %u%s.\n", hSession->hostname, hSession->current_port,hSession->ssl_host? " via SSL": ""); | 860 | trace_dsn(hSession,"Connected to %s, port %u%s.\n", hSession->hostname, hSession->current_port,hSession->ssl_host? " via SSL": ""); |
837 | 861 | ||
838 | -#if defined(HAVE_LIBSSL) /*[*/ | 862 | +#if defined(HAVE_LIBSSL) |
839 | /* Set up SSL. */ | 863 | /* Set up SSL. */ |
840 | if(hSession->ssl_con && hSession->secure == LIB3270_SSL_UNDEFINED) | 864 | if(hSession->ssl_con && hSession->secure == LIB3270_SSL_UNDEFINED) |
841 | { | 865 | { |
842 | - ssl_negotiate(hSession); | ||
843 | -/* | ||
844 | - int rc; | ||
845 | - | ||
846 | - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); | ||
847 | - | ||
848 | - if (SSL_set_fd(hSession->ssl_con, hSession->sock) != 1) | ||
849 | - { | ||
850 | - trace_dsn(hSession,"Can't set fd!\n"); | ||
851 | - popup_system_error(hSession,_( "Connection failed" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(hSession->ssl_con)); | ||
852 | - set_ssl_state(hSession,LIB3270_SSL_UNSECURE); | ||
853 | - } | ||
854 | - else | ||
855 | - { | ||
856 | - rc = SSL_connect(hSession->ssl_con); | ||
857 | - | ||
858 | - if(rc != 1) | ||
859 | - { | ||
860 | - unsigned long e = ERR_get_error(); | ||
861 | - const char * state = SSL_state_string_long(hSession->ssl_con); | ||
862 | - | ||
863 | - trace_dsn(hSession,"TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state); | ||
864 | - | ||
865 | - host_disconnect(hSession,True); | ||
866 | - | ||
867 | - if(e != hSession->last_ssl_error) | ||
868 | - { | ||
869 | - hSession->message(hSession,LIB3270_NOTIFY_ERROR,_( "Connection failed" ),_( "SSL negotiation failed" ),state); | ||
870 | - hSession->last_ssl_error = e; | ||
871 | - } | ||
872 | - return; | ||
873 | - | ||
874 | - } | ||
875 | - } | ||
876 | - | ||
877 | -// hSession->secure_connection = True; | ||
878 | - trace_dsn(hSession,"TLS/SSL tunneled connection complete. Connection is now secure.\n"); | ||
879 | - | ||
880 | - // Tell everyone else again. | ||
881 | - lib3270_set_connected(hSession); | ||
882 | -*/ | 866 | + if(ssl_negotiate(hSession)) |
867 | + return -1; | ||
883 | } | 868 | } |
884 | -#endif /*]*/ | 869 | +#endif |
885 | 870 | ||
886 | lib3270_setup_session(hSession); | 871 | lib3270_setup_session(hSession); |
887 | 872 | ||
873 | + return 0; | ||
888 | } | 874 | } |
889 | 875 | ||
890 | /** | 876 | /** |
@@ -1120,7 +1106,8 @@ void net_input(H3270 *hSession) | @@ -1120,7 +1106,8 @@ void net_input(H3270 *hSession) | ||
1120 | 1106 | ||
1121 | host_disconnect(hSession,True); | 1107 | host_disconnect(hSession,True); |
1122 | return; | 1108 | return; |
1123 | - } else if (nr == 0) | 1109 | + } |
1110 | + else if (nr == 0) | ||
1124 | { | 1111 | { |
1125 | /* Host disconnected. */ | 1112 | /* Host disconnected. */ |
1126 | trace_dsn(hSession,"RCVD disconnect\n"); | 1113 | trace_dsn(hSession,"RCVD disconnect\n"); |
@@ -1137,7 +1124,8 @@ void net_input(H3270 *hSession) | @@ -1137,7 +1124,8 @@ void net_input(H3270 *hSession) | ||
1137 | return; | 1124 | return; |
1138 | } | 1125 | } |
1139 | lib3270_set_connected(hSession); | 1126 | lib3270_set_connected(hSession); |
1140 | - net_connected(hSession); | 1127 | + if(net_connected(hSession)) |
1128 | + return; | ||
1141 | } | 1129 | } |
1142 | 1130 | ||
1143 | lib3270_data_recv(hSession, nr, buffer); | 1131 | lib3270_data_recv(hSession, nr, buffer); |
@@ -3094,6 +3082,7 @@ static void ssl_init(H3270 *session) | @@ -3094,6 +3082,7 @@ static void ssl_init(H3270 *session) | ||
3094 | { | 3082 | { |
3095 | static SSL_CTX *ssl_ctx = NULL; | 3083 | static SSL_CTX *ssl_ctx = NULL; |
3096 | 3084 | ||
3085 | + session->ssl_error = 0; | ||
3097 | set_ssl_state(session,LIB3270_SSL_UNDEFINED); | 3086 | set_ssl_state(session,LIB3270_SSL_UNDEFINED); |
3098 | 3087 | ||
3099 | if(ssl_ctx == NULL) | 3088 | if(ssl_ctx == NULL) |
@@ -3129,6 +3118,7 @@ static void ssl_init(H3270 *session) | @@ -3129,6 +3118,7 @@ static void ssl_init(H3270 *session) | ||
3129 | 3118 | ||
3130 | SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session); | 3119 | SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session); |
3131 | 3120 | ||
3121 | +// SSL_set_verify(session->ssl_con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); | ||
3132 | SSL_set_verify(session->ssl_con, 0, NULL); | 3122 | SSL_set_verify(session->ssl_con, 0, NULL); |
3133 | 3123 | ||
3134 | } | 3124 | } |
@@ -3164,14 +3154,9 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | @@ -3164,14 +3154,9 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | ||
3164 | unsigned long e = ERR_get_error(); | 3154 | unsigned long e = ERR_get_error(); |
3165 | char err_buf[1024]; | 3155 | char err_buf[1024]; |
3166 | 3156 | ||
3167 | - while(ERR_peek_error() == e) // Remove other messages with the same error | ||
3168 | - e = ERR_get_error(); | ||
3169 | - | ||
3170 | if(e != 0) | 3157 | if(e != 0) |
3171 | { | 3158 | { |
3172 | - if(e == hSession->last_ssl_error) | ||
3173 | - return; | ||
3174 | - hSession->last_ssl_error = e; | 3159 | + hSession->ssl_error = e; |
3175 | (void) ERR_error_string_n(e, err_buf, 1023); | 3160 | (void) ERR_error_string_n(e, err_buf, 1023); |
3176 | } | 3161 | } |
3177 | #if defined(_WIN32) | 3162 | #if defined(_WIN32) |
@@ -3190,16 +3175,12 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | @@ -3190,16 +3175,12 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) | ||
3190 | err_buf[0] = '\0'; | 3175 | err_buf[0] = '\0'; |
3191 | } | 3176 | } |
3192 | 3177 | ||
3193 | - trace_dsn(hSession,"SSL Connect error in %s\nState: %s\nAlert: %s\n",err_buf,SSL_state_string_long(s),SSL_alert_type_string_long(ret)); | ||
3194 | - | ||
3195 | - lib3270_popup_dialog( hSession, // H3270 *session, | ||
3196 | - PW3270_DIALOG_CRITICAL, // PW3270_DIALOG type, | ||
3197 | - _( "SSL Connect error" ), // Title | ||
3198 | - err_buf, // Message | ||
3199 | - _( "<b>Connection state:</b> %s\n<b>Alert message:</b> %s" ), | ||
3200 | - SSL_state_string_long(s), | ||
3201 | - SSL_alert_type_string_long(ret)); | ||
3202 | - | 3178 | + trace_dsn(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n", |
3179 | + ret, | ||
3180 | + err_buf, | ||
3181 | + SSL_state_string_long(s), | ||
3182 | + SSL_alert_type_string_long(ret) | ||
3183 | + ); | ||
3203 | 3184 | ||
3204 | } | 3185 | } |
3205 | 3186 |