Commit f9c1b06e4e548b55fd2db89a67d2fb39d589bcfe

Authored by perry.werneck@gmail.com
1 parent ce669b8a

Melhorando tratamento de erros SSL

Showing 1 changed file with 54 additions and 73 deletions   Show diff stats
@@ -136,7 +136,7 @@ static void check_in3270(H3270 *session); @@ -136,7 +136,7 @@ static void check_in3270(H3270 *session);
136 static void store3270in(H3270 *hSession, unsigned char c); 136 static void store3270in(H3270 *hSession, unsigned char c);
137 static void check_linemode(H3270 *hSession, Boolean init); 137 static void check_linemode(H3270 *hSession, Boolean init);
138 static int non_blocking(H3270 *session, Boolean on); 138 static int non_blocking(H3270 *session, Boolean on);
139 -static void net_connected(H3270 *session); 139 +static int net_connected(H3270 *session);
140 #if defined(X3270_TN3270E) /*[*/ 140 #if defined(X3270_TN3270E) /*[*/
141 static int tn3270e_negotiate(H3270 *hSession); 141 static int tn3270e_negotiate(H3270 *hSession);
142 #endif /*]*/ 142 #endif /*]*/
@@ -595,7 +595,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo @@ -595,7 +595,6 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
595 595
596 /* init ssl */ 596 /* init ssl */
597 #if defined(HAVE_LIBSSL) 597 #if defined(HAVE_LIBSSL)
598 - session->last_ssl_error = !0;  
599 if (session->ssl_host) 598 if (session->ssl_host)
600 ssl_init(session); 599 ssl_init(session);
601 #endif 600 #endif
@@ -607,7 +606,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo @@ -607,7 +606,8 @@ int net_connect(H3270 *session, const char *host, char *portname, Boolean ls, Bo
607 if(!rc) 606 if(!rc)
608 { 607 {
609 trace_dsn(session,"Connected.\n"); 608 trace_dsn(session,"Connected.\n");
610 - net_connected(session); 609 + if(net_connected(session))
  610 + return -1;
611 } 611 }
612 else 612 else
613 { 613 {
@@ -729,10 +729,12 @@ static void setup_lus(H3270 *hSession) @@ -729,10 +729,12 @@ static void setup_lus(H3270 *hSession)
729 } 729 }
730 730
731 #if defined(HAVE_LIBSSL) 731 #if defined(HAVE_LIBSSL)
732 -static void ssl_negotiate(H3270 *hSession) 732 +static int ssl_negotiate(H3270 *hSession)
733 { 733 {
734 int rv; 734 int rv;
735 735
  736 + trace("%s",__FUNCTION__);
  737 +
736 set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING); 738 set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);
737 non_blocking(hSession,False); 739 non_blocking(hSession,False);
738 740
@@ -743,7 +745,7 @@ static void ssl_negotiate(H3270 *hSession) @@ -743,7 +745,7 @@ static void ssl_negotiate(H3270 *hSession)
743 /* Failed. */ 745 /* Failed. */
744 popup_an_error(hSession,_( "SSL init failed!")); 746 popup_an_error(hSession,_( "SSL init failed!"));
745 net_disconnect(hSession); 747 net_disconnect(hSession);
746 - return; 748 + return -1;
747 } 749 }
748 750
749 /* Set up the TLS/SSL connection. */ 751 /* Set up the TLS/SSL connection. */
@@ -752,7 +754,7 @@ static void ssl_negotiate(H3270 *hSession) @@ -752,7 +754,7 @@ static void ssl_negotiate(H3270 *hSession)
752 trace_dsn(hSession,"SSL_set_fd failed!\n"); 754 trace_dsn(hSession,"SSL_set_fd failed!\n");
753 popup_an_error(hSession,_( "SSL_set_fd failed!")); 755 popup_an_error(hSession,_( "SSL_set_fd failed!"));
754 net_disconnect(hSession); 756 net_disconnect(hSession);
755 - return; 757 + return -1;
756 } 758 }
757 759
758 trace("%s: Running SSL_connect",__FUNCTION__); 760 trace("%s: Running SSL_connect",__FUNCTION__);
@@ -761,13 +763,34 @@ static void ssl_negotiate(H3270 *hSession) @@ -761,13 +763,34 @@ static void ssl_negotiate(H3270 *hSession)
761 763
762 if (rv != 1) 764 if (rv != 1)
763 { 765 {
764 - trace_dsn(hSession,"continue_tls: SSL_connect failed\n");  
765 - popup_an_error(hSession,_( "SSL connect failed!")); 766 + int ssl_error = SSL_get_error(hSession->ssl_con,rv);
  767 +
  768 + if(ssl_error == SSL_ERROR_SYSCALL)
  769 + {
  770 + if(!hSession->ssl_error)
  771 + {
  772 + trace_dsn(hSession,"SSL_connect failed (ssl_error=%lu)\n",hSession->ssl_error);
  773 + popup_an_error(hSession,_( "SSL connect failed!"));
  774 + }
  775 + else
  776 + {
  777 + trace_dsn(hSession,"SSL_connect failed: %s %s\n",
  778 + ERR_lib_error_string(hSession->ssl_error),
  779 + ERR_reason_error_string(hSession->ssl_error));
  780 + popup_an_error(hSession,_( ERR_reason_error_string(hSession->ssl_error) ));
  781 + }
  782 +
  783 + }
  784 + else
  785 + {
  786 + trace_dsn(hSession,"SSL_connect failed (ssl_error=%d errno=%d)\n",ssl_error,errno);
  787 + popup_an_error(hSession,_( "SSL connect failed!"));
  788 + }
  789 +
766 net_disconnect(hSession); 790 net_disconnect(hSession);
767 - return; 791 + return -1;
768 } 792 }
769 793
770 -// hSession->secure_connection = True;  
771 non_blocking(hSession,True); 794 non_blocking(hSession,True);
772 795
773 /* Success. */ 796 /* Success. */
@@ -816,10 +839,11 @@ static void ssl_negotiate(H3270 *hSession) @@ -816,10 +839,11 @@ static void ssl_negotiate(H3270 *hSession)
816 839
817 /* Tell the world that we are (still) connected, now in secure mode. */ 840 /* Tell the world that we are (still) connected, now in secure mode. */
818 lib3270_set_connected(hSession); 841 lib3270_set_connected(hSession);
  842 + return 0;
819 } 843 }
820 #endif // HAVE_LIBSSL 844 #endif // HAVE_LIBSSL
821 845
822 -static void net_connected(H3270 *hSession) 846 +static int net_connected(H3270 *hSession)
823 { 847 {
824 if(hSession->proxy_type > 0) 848 if(hSession->proxy_type > 0)
825 { 849 {
@@ -829,62 +853,24 @@ static void net_connected(H3270 *hSession) @@ -829,62 +853,24 @@ static void net_connected(H3270 *hSession)
829 if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0) 853 if (proxy_negotiate(hSession, hSession->proxy_type, hSession->sock, hSession->hostname,hSession->current_port) < 0)
830 { 854 {
831 host_disconnect(hSession,True); 855 host_disconnect(hSession,True);
832 - return; 856 + return -1;
833 } 857 }
834 } 858 }
835 859
836 trace_dsn(hSession,"Connected to %s, port %u%s.\n", hSession->hostname, hSession->current_port,hSession->ssl_host? " via SSL": ""); 860 trace_dsn(hSession,"Connected to %s, port %u%s.\n", hSession->hostname, hSession->current_port,hSession->ssl_host? " via SSL": "");
837 861
838 -#if defined(HAVE_LIBSSL) /*[*/ 862 +#if defined(HAVE_LIBSSL)
839 /* Set up SSL. */ 863 /* Set up SSL. */
840 if(hSession->ssl_con && hSession->secure == LIB3270_SSL_UNDEFINED) 864 if(hSession->ssl_con && hSession->secure == LIB3270_SSL_UNDEFINED)
841 { 865 {
842 - ssl_negotiate(hSession);  
843 -/*  
844 - int rc;  
845 -  
846 - set_ssl_state(hSession,LIB3270_SSL_NEGOTIATING);  
847 -  
848 - if (SSL_set_fd(hSession->ssl_con, hSession->sock) != 1)  
849 - {  
850 - trace_dsn(hSession,"Can't set fd!\n");  
851 - popup_system_error(hSession,_( "Connection failed" ), _( "Can't set SSL socket file descriptor" ), "%s", SSL_state_string_long(hSession->ssl_con));  
852 - set_ssl_state(hSession,LIB3270_SSL_UNSECURE);  
853 - }  
854 - else  
855 - {  
856 - rc = SSL_connect(hSession->ssl_con);  
857 -  
858 - if(rc != 1)  
859 - {  
860 - unsigned long e = ERR_get_error();  
861 - const char * state = SSL_state_string_long(hSession->ssl_con);  
862 -  
863 - trace_dsn(hSession,"TLS/SSL tunneled connection failed with error %ld, rc=%d and state=%s",e,rc,state);  
864 -  
865 - host_disconnect(hSession,True);  
866 -  
867 - if(e != hSession->last_ssl_error)  
868 - {  
869 - hSession->message(hSession,LIB3270_NOTIFY_ERROR,_( "Connection failed" ),_( "SSL negotiation failed" ),state);  
870 - hSession->last_ssl_error = e;  
871 - }  
872 - return;  
873 -  
874 - }  
875 - }  
876 -  
877 -// hSession->secure_connection = True;  
878 - trace_dsn(hSession,"TLS/SSL tunneled connection complete. Connection is now secure.\n");  
879 -  
880 - // Tell everyone else again.  
881 - lib3270_set_connected(hSession);  
882 -*/ 866 + if(ssl_negotiate(hSession))
  867 + return -1;
883 } 868 }
884 -#endif /*]*/ 869 +#endif
885 870
886 lib3270_setup_session(hSession); 871 lib3270_setup_session(hSession);
887 872
  873 + return 0;
888 } 874 }
889 875
890 /** 876 /**
@@ -1120,7 +1106,8 @@ void net_input(H3270 *hSession) @@ -1120,7 +1106,8 @@ void net_input(H3270 *hSession)
1120 1106
1121 host_disconnect(hSession,True); 1107 host_disconnect(hSession,True);
1122 return; 1108 return;
1123 - } else if (nr == 0) 1109 + }
  1110 + else if (nr == 0)
1124 { 1111 {
1125 /* Host disconnected. */ 1112 /* Host disconnected. */
1126 trace_dsn(hSession,"RCVD disconnect\n"); 1113 trace_dsn(hSession,"RCVD disconnect\n");
@@ -1137,7 +1124,8 @@ void net_input(H3270 *hSession) @@ -1137,7 +1124,8 @@ void net_input(H3270 *hSession)
1137 return; 1124 return;
1138 } 1125 }
1139 lib3270_set_connected(hSession); 1126 lib3270_set_connected(hSession);
1140 - net_connected(hSession); 1127 + if(net_connected(hSession))
  1128 + return;
1141 } 1129 }
1142 1130
1143 lib3270_data_recv(hSession, nr, buffer); 1131 lib3270_data_recv(hSession, nr, buffer);
@@ -3094,6 +3082,7 @@ static void ssl_init(H3270 *session) @@ -3094,6 +3082,7 @@ static void ssl_init(H3270 *session)
3094 { 3082 {
3095 static SSL_CTX *ssl_ctx = NULL; 3083 static SSL_CTX *ssl_ctx = NULL;
3096 3084
  3085 + session->ssl_error = 0;
3097 set_ssl_state(session,LIB3270_SSL_UNDEFINED); 3086 set_ssl_state(session,LIB3270_SSL_UNDEFINED);
3098 3087
3099 if(ssl_ctx == NULL) 3088 if(ssl_ctx == NULL)
@@ -3129,6 +3118,7 @@ static void ssl_init(H3270 *session) @@ -3129,6 +3118,7 @@ static void ssl_init(H3270 *session)
3129 3118
3130 SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session); 3119 SSL_set_ex_data(session->ssl_con,ssl_3270_ex_index,(char *) session);
3131 3120
  3121 +// SSL_set_verify(session->ssl_con, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
3132 SSL_set_verify(session->ssl_con, 0, NULL); 3122 SSL_set_verify(session->ssl_con, 0, NULL);
3133 3123
3134 } 3124 }
@@ -3164,14 +3154,9 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) @@ -3164,14 +3154,9 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret)
3164 unsigned long e = ERR_get_error(); 3154 unsigned long e = ERR_get_error();
3165 char err_buf[1024]; 3155 char err_buf[1024];
3166 3156
3167 - while(ERR_peek_error() == e) // Remove other messages with the same error  
3168 - e = ERR_get_error();  
3169 -  
3170 if(e != 0) 3157 if(e != 0)
3171 { 3158 {
3172 - if(e == hSession->last_ssl_error)  
3173 - return;  
3174 - hSession->last_ssl_error = e; 3159 + hSession->ssl_error = e;
3175 (void) ERR_error_string_n(e, err_buf, 1023); 3160 (void) ERR_error_string_n(e, err_buf, 1023);
3176 } 3161 }
3177 #if defined(_WIN32) 3162 #if defined(_WIN32)
@@ -3190,16 +3175,12 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret) @@ -3190,16 +3175,12 @@ static void ssl_info_callback(INFO_CONST SSL *s, int where, int ret)
3190 err_buf[0] = '\0'; 3175 err_buf[0] = '\0';
3191 } 3176 }
3192 3177
3193 - trace_dsn(hSession,"SSL Connect error in %s\nState: %s\nAlert: %s\n",err_buf,SSL_state_string_long(s),SSL_alert_type_string_long(ret));  
3194 -  
3195 - lib3270_popup_dialog( hSession, // H3270 *session,  
3196 - PW3270_DIALOG_CRITICAL, // PW3270_DIALOG type,  
3197 - _( "SSL Connect error" ), // Title  
3198 - err_buf, // Message  
3199 - _( "<b>Connection state:</b> %s\n<b>Alert message:</b> %s" ),  
3200 - SSL_state_string_long(s),  
3201 - SSL_alert_type_string_long(ret));  
3202 - 3178 + trace_dsn(hSession,"SSL Connect error %d\nMessage: %s\nState: %s\nAlert: %s\n",
  3179 + ret,
  3180 + err_buf,
  3181 + SSL_state_string_long(s),
  3182 + SSL_alert_type_string_long(ret)
  3183 + );
3203 3184
3204 } 3185 }
3205 3186