options missing for c3270 on mac

[kevinkuhner]

I noticed that there are a couple of options missing/gone in the latest version of c3270 on Mac.

Specifically, -noverifycert and -cafile. The -noverifycert option was the in the utility on Mac on version 4.2.

If I use version v4.1ga10 on Ubuntu 22.04, both options are present. Wondering if this is specific to the OS or to just the version.

Is there a different method for establishing a secure 3270 connection using the utility? For example, how do I specify the CA root cert for the server cert returned from the secure connection?

[pmattes]

There were definitely some TLS-related changes in the Mac version between 4.2 and 4.3. But those should have resulted in there being more options in 4.3, not less. The change was to switch from macOS Secure Transport to OpenSSL (like on Linux) for TLS support. (Secure Transport is deprecated, and does not support TLS 1.3, among other things.)

It sounds more like you are using a binary that was built without any TLS support at all. Can you post the output of 'c3270 -v' here?

[bfabec]

Thanks @pmattes - I'm seeing the same thing on my system as well. Here is my output:

brew install x3270
Running `brew update --auto-update`...
==> Auto-updated Homebrew!
==> Updated Homebrew from fac3e9950 to 4.1.14 (7a2425f5a).
No changes to formulae or casks.

The 4.1.0 release notes are available on the Homebrew Blog:
  https://brew.sh/blog/4.1.0
The 4.1.14 changelog can be found at:
  https://github.com/Homebrew/brew/releases/tag/4.1.14
==> Downloading https://ghcr.io/v2/homebrew/core/x3270/manifests/4.3ga3
Already downloaded: /Users/bfabec/Library/Caches/Homebrew/downloads/c7649acfdbeac23f433f20528c25fa72fa5970de3e3bad224a416e8014914f21--x3270-4.3ga3.bottle_manifest.json
==> Fetching x3270
==> Downloading https://ghcr.io/v2/homebrew/core/x3270/blobs/sha256:66c420133f3273c8808d468402963160b5322706115fb04cf01ab8574e71c8c0
Already downloaded: /Users/bfabec/Library/Caches/Homebrew/downloads/022666989d4aa6ba70be9c79c1be20be53f896760609f4f25984124ab664ae7b--x3270--4.3ga3.arm64_ventura.bottle.tar.gz
==> Pouring x3270--4.3ga3.arm64_ventura.bottle.tar.gz
🍺  /opt/homebrew/Cellar/x3270/4.3ga3: 16 files, 2.8MB
==> Running `brew cleanup x3270`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).

c3270 --version
c3270 v4.3ga3 Thu Sep  7 18:16:40 UTC 2023 brew
Build options: --enable-local-process --with-readline --with-curses-wide --with-iconv via gcc Apple LLVM 14.0.3 (clang-1403.0.22.14.1) 64-bit
SBCS host code pages (with aliases):
cp037 (cp37, us, us-intl), cp273 (german), cp275 (brazilian), cp277 (norwegian), cp278 (finnish, swedish), cp280 (italian), cp284 (spanish), cp285 (uk), cp297 (french), cp424 (hebrew), cp500 (belgian), cp803 (hebrew-old), cp870 (polish, slovenian), cp871 (icelandic), cp875 (greek), cp880 (russian), cp1026 (turkish), cp1047, cp1140 (us-euro), cp1141 (german-euro), cp1142 (norwegian-euro), cp1143 (finnish-euro, swedish-euro), cp1144 (italian-euro), cp1145 (spanish-euro), cp1146 (uk-euro), cp1147 (french-euro), cp1148 (belgian-euro), cp1149 (icelandic-euro), cp1160 (thai), bracket (oldibm, bracket437)
DBCS host code pages (with aliases):
cp930 (japanese-kana), cp935 (simplified-chinese), cp937 (traditional-chinese), cp939 (japanese-latin), cp1388 (chinese-gb18030)

Copyright 1989-2023, Paul Mattes, GTRC and others.
See the source code or documentation for licensing details.
Distributed WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

c3270 --help
Usage: c3270 [options] [[prefix:][LUname@]hostname[:port]]
       c3270 [options] [<session-file>].c3270
Options:
  -4
     Prefer IPv4 host addresses
  -6
     Prefer IPv6 host addresses
  -?
     Display command-line help
  -alias <name>
     Define application alias for -xrm and session file suffix
  -allbold
     Display all text in bold
  -altscreen <string>
     String to switch terminal from 80-column mode to 132-column mode
  -cbreak
     Force terminal CBREAK mode
  -clear <resource>
     Set <resource> to false
  -codepage <name>
     Use host ECBDIC code page <name>
  -connecttimeout <seconds>
     Timeout for host connect requests
  -defaultfgbg
     Use terminal's default foreground and background colors
  -defscreen <string>
     String to switch terminal from 132-column mode to 80-column mode
  -devname <name>
     Device name (workstation ID) for RFC 4777
  -e <command> [<arg>...]
     Run <command> instead of making TELNET connection
  --help
     Display command-line help
  -hostsfile <filename>
     Use <hostname> as the ibm_hosts file
  -httpd [<addr>:]<port>
     TCP port to listen on for http requests
  -keymap <name>[,<name>...]
     Keyboard map name(s)
  -minversion <version>
     Fail unless at this version or greater
  -model [327{8,9}-]<n>
     Emulate a 3278 or 3279 model <n>
  -mono
     Do not use terminal color capabilities
  -noprompt
     Alias for -secure
  -nvt
     Begin in NVT mode
  -oversize <cols>x<rows>
     Larger screen dimensions
  -port <port>
     Default TELNET port
  -printerlu <luname>
     Automatically start a pr3287 printer session to <luname>
  -proxy <type>:<host>[:<port>]
     Proxy type and server
  -reconnect
     Reconnect to host as soon as it disconnects
  -rv
     Switch to black-on-white mode
  -scriptport [<addr>:]<port>
     TCP port to listen on for script commands
  -scriptportonce
     Accept one script connection, then exit
  -secure
     Restrict potentially-destructive user actions
  -set <resource>[=<value>]
     Set <resource> to true or <value>
  -sl <lines>
     Number of lines to save for scrolling
  -socket
     Create socket for script control
  -tn <name>
     Send <name> as TELNET terminal name
  -trace
     Enable tracing
  -tracefile <file>
     Write traces to <file>
  -tracefilesize <n>[KM]
     Limit trace file to <n> bytes
  -user <name>
     User name for RFC 4777
  -utf8
     Force local codeset to be UTF-8
  -v
     Display build options and character sets
  --version
     Display build options and character sets
  -xrm 'c3270.<resource>: <value>'
     Set <resource> to <value>
  --
     Terminate argument list

[bfabec]

Note, if I install the previous version (4.2ga10), the missing options exist. https://github.com/Homebrew/homebrew-core/blob/0b78d3cb94c5335c9a79555b431af392aa335eda/Formula/x3270.rb

[pmattes]

I need one final thing to confirm what is going on: start c3270 4.3, and run the action 'show tlsprovider'. I will wager that it displays 'None'. This means that the build system did not find the OpenSSL library when c3270 was built.

It sounds like when homebrew updated x3270 to 4.3, they did not realize that there was an added dependency on the OpenSSL package. It should be an easy fix in the Brew formula. You can also build the code from source to get a TLS-enabled executable.

[bfabec]

@pmattes - that looks to be the case!

c3270> show tlsprovider
None

[pmattes]

That explains what you are seeing, then.

I use Homebrew, but I haven't monkeyed with any of their formulae. I can certainly take a stab at correcting the one for x3270 and submitting a fix, but it might be a while before I get a chance to. You could also report this issue to them to see if they can fix it instead.

[pmattes]

I made the necessary change to the Homebrew formula for x3270. (Fun learning their rules!)

I'm not sure how long it will be before the published packages are updated, but hopefully soon.

[kevinkuhner]

Thank you @pmattes !